source: IEEE |

Do you love sending secret messages? Do you love how Harvard professor Robert Langdon solves the puzzles and reveals the truth? or, do you love how Nazis created the Enigma Machine and caused problems to the Allied powers during the WW2? If answers to the above questions are yes, then I am sure you'd love cryptography.

In this introductory post, we will discuss the basics of Cryptography (mostly in the context of computer science) and in the later posts in this series, we will look into various algorithms in cryptography.

So, without any much delay, let's jump into the fascinating world of secret/secured communications, ciphers, codes and many more.

## Cryptography

Let's say Alice wants to send some message to Bob but she fears that someone might intercept it. She doesn't want that. NO ONE wants that! (remember the Cambridge Analytica fiasco by Facebook?). To achieve the secrecy, Alice encrypts the message and replaces alphabets with numbers and numbers with alphabets in the message.

For e.g., if the message is - "I want 2 sugar cubes in my tea", then it will be encrypted as - "9 23 1 14 20 B 19 21 7 1 18 3 19 2 5 19 9 14 13 25 20 5 1".

Now, if in between Charlie wants to read this message he will not be able to do so as the numbers and a single alphabet won't make sense to him.

Hence, Alice has

*encrypted*the message. She will now explain Bob to replace numbers with alphabets and vice-versa. Bob, then will apply the reverse procedure and will be able to read the message. Thus, Bob has**the message.***decrypted*
The mechanism of converting numbers to alphabets and vice-versa is called the

*key*of the process. Thus, to encrypt a message we need a key and to decrypt it also, we need a key.
If I put in simple words,

*Cryptography is the science of keeping a message secret.*

## Terminology

Some commonly used terms in cryptography are described below -**Plaintext**- message which is in the human readable form and needs to be encrypted. The process of disguising a message is encryption. An encrypted message is a*ciphertext*. The process of turning ciphertext back into plaintext is decryption.**Cipher (or Cypher) -**an algorithm for performing encryption or decryption**Cryptosystem -**an implementation of cryptographic techniques and their accompanying infrastructure to provide information security services. A cryptosystem is also referred to as a cipher system.

**Symmetric Algorithm -**This is the simplest kind of encryption that involves only one secret key to cipher and decipher information. t uses a secret key that can either be a number, a word or a string of random letters. It is blended with the plain text of a message to change the content in a particular way. The sender and the recipient should know the secret key that is used to encrypt and decrypt all the messages.

source: ssl2buy |

**Asymmetric Algorithm -**It uses two keys to encrypt a plain text. Secret keys are exchanged over the Internet or a large network. It ensures that malicious persons do not misuse the keys.

source: ssl2buy |

## The concept of Public and Private Keys

Public and Private key pair helps to encrypt information that ensures data is protected during transmission.

Public key uses asymmetric algorithms that convert messages into an unreadable format. A person who has a public key can encrypt the message intended for a specific receiver. The receiver with the private key can only decode the message, which is encrypted by the public key. The key is available via the publicly accessible directory.

The private key is a secret key that is used to decrypt the message and the party knows it that exchange message. In the traditional method, a secret key is shared within communicators to enable encryption and decryption of the message, but if the key is lost, the system becomes void. To avoid this weakness, PKI (public key infrastructure) came into force where a public key is used along with the private key. PKI enables internet users to exchange information in a secure way through the use of a public and private key.

## Digital Signatures

As per Wikipedia, "A digital signature is a mathematical scheme for presenting the authenticity of digital messages or documents. A valid digital signature gives a recipient reason to believe that the message was created by a known sender (authentication), that the sender cannot deny having sent the message (non-repudiation), and that the message was not altered in transit (integrity)".

#### Applying the signature

- Using a mathematical algorithm, a hash of the document is created. This hash is specific to this particular document; even the slightest change would result in a different hash.

source: globalsign |

- Now, this hash is encrypted using the private key and combined with the public key to form a digital signature and appended to the document. Now, this digital signature is distributed.

source:globalsign |

#### Verifying the signature

- If the document is opened by any digital signature-capable program, it automatically uses the signer's public key to decrypt the document hash.
- The program calculates a new hash for the document. If this new hash matches the decrypted hash from Step 1, the program knows the document has not been altered.

source: globalsign |

The program also validates that the public key used in the signature belongs to the signer and displays the signer's name.

## Conclusion

In this post, we discussed the basics of cryptography, common terminologies, and concepts of digital signature and keys. I hope you enjoyed this post. In the upcoming posts, we will look into various algorithms that are used in cryptography and their implementation using code. You can also follow me on Twitter. Happy learning!! 😊

Really helpful down to the ground, happy to read such a useful post. I got a lot of information through it and I will surely keep it in my mind. Keep sharing. What does a information security auditor do

ReplyDelete