Cryptography
External
- Block Layer Encryption Article https://web.archive.org/web/20150917051251/http://www.markus-gattol.name/ws/dm-crypt_luks.html
To Process
Subjects
Overview
Encryption is the process of taking data (cleartext) and a key and producing data (ciphertext) meaningless to a third-party who does not know the key. Decryption is the inverse process - that of taking ciphertext and a key and producing cleartext.
There are two major types of encryption: symmetric (also known as secret key encryption) and asymmetric (or public key cryptography). In symmetric cryptography, the same secret key is used to both encrypt and decrypt the data. Keeping the key private is critical to keeping data confidential. Asymmetric cryptography uses a public/private key pair to encrypt data. Data encrypted with one key is decrypted with the other. A user first generates a public/private key pair. Then it publishes the public key in a trusted database parties can access. A user who wishes to communicate securely with that user encrypts the data using the retrieved public key. Only the holder of the private key will be able to decrypt. Keeping the private key confidential is critical to this scheme. Asymmetric algorithms, such as RSA, are generally much slower than symmetric ones - they are not designed to efficiently protect large amounts of data. In practice, asymmetric algorithms are used to exchange smaller secret keys which are used to initialize symmetric algorithms.
HMAC
HMAC (hash-based message authentication code) is a message authentication code that involves a cryptographic has function and a secret cryptographic key. It may used to simultaneously verify both the data integrity and the authentication of a message. Any cryptographic has function, such as MD5 or SHA-1, may be used in calculation of the HMAC.
A HMAC can be generated on command-line with OpenSSL.
Message Digest, Cryptographic Hash Function
A cryptographically secure message digest takes arbitrary-sized input (a byte array), and generates a fixed-size output, called a digest or hash. Message digests are used to produce unique and reliable identifiers of data. They are sometimes called "checksums" or the "digital fingerprints" of the data. Changes to just one bit of the message should produce a different digest value.
A digest has two properties:
- It should be computationally infeasible to find to messages that hash to the same value.
- The digest should not reveal anything about the input that was used to generate it.