DEV Community

Goutom Roy
Goutom Roy

Posted on • Edited on

Encryption

Asymmetric Cryptography

It also known as public key algorithm. Lets assume Bob and Alice wants to transfer encrypted message
to each other.

Step 1

  • Bob and Alice both generates a pair of public and private key in their own computer.
  • Bob and Alice both exchanges their public key to each other or store that public key to any public place so that anyone can have it.

Properties of each pair of Public and Private key:

  • They are generated by any Asymmetric Cryptography algorithm.
  • They are mathematically connected.
  • By the public key you can't generate associated private key.
  • Public key is public, anyone can have it who wants to connect and share messages.
  • Public key is used to encrypt message using RSA algorithm.
  • Private key is used to decrypt the message using the RSA algorithm.
  • If a message is encrypted by the public key then only it can be decrypted by the associated private key. If you use any other private key to decrypt the message then decryption will fail, thus authentication is checked.

Step 2

Bob wants to send a message to Alice., he encrypts the message with Alicse's public key and then sends it to Alice.

Step 3

Alice receives the encrypted message from Bob. Then he uses his private key to decrypted the message which was encrypted by his public key by BOB.

Step 4

Now Alice wants to reply the message to Bob. Now Alice encrypt his message with Bob's public key and sends it.

Step 5

Bob receive the encrypted message and decrypts it using his private key.

Symmetric Cryptography

Step 1

A private is generated which is shared only between Bob and Alice. This private key is used to encrypt and decrypt message.

Step 2

Bob wants to send message to Alice. Bob encrypts the message before sending the message with that shared private key.

Step 3

Alice receive encrypted message and decrypts it with that shared private key.

Digital Signature & Certificate

This serves three purposes :

Authentication

It gives the reason to receiver to believe that received message was created and sent by the claimed sender.

No Repudiation

If a message was sent with digital signature, then sender can't deny later on that he/she didn't sent the message.

Integrity

It ensures that message was not altered in transit, receiver can verify it.

Digital Signature uses Asymmetric Cryptography algorithms. it doesn't encrypts the message.

Lets assume that Bob wants to send a message to Alice with digital signature to identify himself that it was sent by him.

Alt Text

Step 1: Bob creates a pair of public and private key. Put his public key to any shared/public places.

Step 2: Bob generates a digest from his message using a hash algorithm.

Step 3: Bob encrypts that digest with his private key and generates a encrypted text which is called Digital Signature.

Step 4: Bob sends message with digital signature and his public key(or a download link of his public key).

Step 5: Alice receive the message and a digital signature.

Step 6: Now Alice wants to verify that received message was really sent by Bob. Alice uses Bob's public key to decrypt the digital signature. If decryption fails, then Alice is sure that it was not sent by Bob, thus authentication is checked. Anytime, later on Bob never can repudiate that this was not sent by him because that digital signature is only decrypted by his public key.

Step 7: After successful authentication, Alice wants to check the integrity of the received message. Successful decryption will produce a digest(generated by Bob with his private key). Alice generates a digest from received message using same hash algorithm as Bob. If message was not changed in transit then these two digest should match. Thus data integrity is checked.

Fall of Signature & Rise of Certificate

Firstly we are not sure that whether the received public key is really owned by the sender or not. There is no one to verify this issue. Here Digital Certificate comes into play. Now sender sends a Digital Certificate issues by CA instead of sender defined public key.

Digital Certificates is standard of security for establishing an encrypted link between a server and a client.

Purposes
  • It verifies the identity of the server owner and server owner really owns the public key(attached in certificate), means whether its really the google.com who is sending me search results. Authentication process uses Asymmetric(public key) Cryptography mechanisms.
  • Exchanges encrypted data between the server and clients. This process uses Symmetric(shared private key) Cryptography mechanisms.
Properties of Digital Certificate
  • Issued by authorized(by government) or trusted(by users) authorities.
    When I browse google.com, browser gets following certificate:
    Alt Text

  • Certificate owners name, public key, algorithm, expiration date.

  • Issuer name, fingerprints(digital signature), algorithm.

When go to CA authorities to get a certificate, they provide us a certificate and a private key.

SSL Certificate

Browser uses certificate's digital signature/fingerprint of issuer(CA) and sends it to Issuer server to verify.

Purposes

  • Its identifies server.
  • Creates a encrypted session to exchange encrypted data between client and server.

Issuer server also has its own SSL certificate. Browser encrypts signature/fingerprint of my webserver's certificate using issuer server Public key.

Top comments (0)