Cryptography: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
(Created page with "=Subjects= * Public Key Security")
 
No edit summary
 
(19 intermediate revisions by the same user not shown)
Line 1: Line 1:
=External=
* Block Layer Encryption Article https://web.archive.org/web/20150917051251/http://www.markus-gattol.name/ws/dm-crypt_luks.html
=To Process=
* https://docs.aws.amazon.com/kms/latest/developerguide/crypto-intro.html
=Subjects=
=Subjects=


* [[Public Key Security#Overview|Public Key Security]]
* [[Public Key Security#Overview|Public Key Security]], [[Public_Key_Security#Asymmetric_Cryptography|Asymmetric Cryptography]]
* [[Symmetric Cryptography]]
 
=Overview=
 
'''Encryption''' is the process of taking data (''cleartext'') and a key and producing data (''ciphertext'') meaningless to a third-party who does not know the key. '''Decryption''' is the inverse process - that of taking ciphertext and a key and producing cleartext.
 
There are two major types of encryption: '''symmetric''' (also known as ''secret key encryption'') and '''asymmetric''' (or ''public key cryptography''). In [[Symmetric_Cryptography|symmetric cryptography]], the same secret key is used to both encrypt and decrypt the data. Keeping the key private is critical to keeping data confidential. [[Public_Key_Security#Asymmetric_Cryptography|Asymmetric cryptography]] uses a public/private key pair to encrypt data. Data encrypted with one key is decrypted with the other. A user first generates a public/private key pair. Then it publishes the public key in a trusted database parties can access. A user who wishes to communicate securely with that user encrypts the data using the retrieved public key. Only the holder of the private key will be able to decrypt. Keeping the private key confidential is critical to this scheme. Asymmetric algorithms, such as RSA, are generally much slower than symmetric ones - they are not designed to efficiently protect large amounts of data. In practice, asymmetric algorithms are used to exchange smaller secret keys which are used to initialize symmetric algorithms.
 
=HMAC=
 
{{External|https://en.wikipedia.org/wiki/HMAC}}
 
HMAC (hash-based message authentication code) is a message authentication code that involves a cryptographic has function and a secret cryptographic key. It may used to simultaneously verify both the data integrity and the authentication of a message. Any cryptographic has function, such as MD5 or SHA-1, may be used in calculation of the HMAC.
 
A HMAC can be [[Openssl_Operations#Generate_a_HMAC|generated on command-line with OpenSSL]].
 
=<span id='Cryptographic_Hash_Function'></span><span id='Message_Digest'></span>Message Digest, Cryptographic Hash Function=
 
{{External|https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#MessageDigest}}
 
A cryptographically secure message digest takes arbitrary-sized input (a byte array), and generates a fixed-size output, called a ''digest'' or ''hash''. Message digests are used to produce unique and reliable identifiers of data. They are sometimes called "checksums" or the "digital fingerprints" of the data. Changes to just one bit of the message should produce a different digest value.
 
A digest has two properties:
 
* It should be computationally infeasible to find to messages that hash to the same value.
* The digest should not reveal anything about the input that was used to generate it.
 
==MD5==
 
{{Internal|MD5#Overview|MD5}}
 
==SHA-1==
 
{{Internal|SHA-1#Overview|SHA-1}}

Latest revision as of 19:58, 14 December 2018

External

To Process

Subjects

Overview

Encryption is the process of taking data (cleartext) and a key and producing data (ciphertext) meaningless to a third-party who does not know the key. Decryption is the inverse process - that of taking ciphertext and a key and producing cleartext.

There are two major types of encryption: symmetric (also known as secret key encryption) and asymmetric (or public key cryptography). In symmetric cryptography, the same secret key is used to both encrypt and decrypt the data. Keeping the key private is critical to keeping data confidential. Asymmetric cryptography uses a public/private key pair to encrypt data. Data encrypted with one key is decrypted with the other. A user first generates a public/private key pair. Then it publishes the public key in a trusted database parties can access. A user who wishes to communicate securely with that user encrypts the data using the retrieved public key. Only the holder of the private key will be able to decrypt. Keeping the private key confidential is critical to this scheme. Asymmetric algorithms, such as RSA, are generally much slower than symmetric ones - they are not designed to efficiently protect large amounts of data. In practice, asymmetric algorithms are used to exchange smaller secret keys which are used to initialize symmetric algorithms.

HMAC

https://en.wikipedia.org/wiki/HMAC

HMAC (hash-based message authentication code) is a message authentication code that involves a cryptographic has function and a secret cryptographic key. It may used to simultaneously verify both the data integrity and the authentication of a message. Any cryptographic has function, such as MD5 or SHA-1, may be used in calculation of the HMAC.

A HMAC can be generated on command-line with OpenSSL.

Message Digest, Cryptographic Hash Function

https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#MessageDigest

A cryptographically secure message digest takes arbitrary-sized input (a byte array), and generates a fixed-size output, called a digest or hash. Message digests are used to produce unique and reliable identifiers of data. They are sometimes called "checksums" or the "digital fingerprints" of the data. Changes to just one bit of the message should produce a different digest value.

A digest has two properties:

  • It should be computationally infeasible to find to messages that hash to the same value.
  • The digest should not reveal anything about the input that was used to generate it.

MD5

MD5

SHA-1

SHA-1