Recent Changes - Search: 
 Welcome to the Cisco Academy for Vision Impaired Linux Wiki.

PmWiki

edit SideBar

Main /

TheBasicsOfEncryption

Introduction

This page contains an overview of encryption and its uses. It will give you background information to use technology like SSL and SSH effectively.

Why encrypt?

The traditional reason for encrypting text is to send information that you only want the recipient to read. Today, on the Internet, you encrypt your data to keep people with militias intent from reading information you are exchanging with the server. For example, if you are banking online, then you do not want a third party snooping on what you are doing.

What is encryption?

Encryption is a way of scrambling data such that to then read that data, you need special knowledge usually a key. Remember the times you made up your own codes in school? If your friends knew the code, they could understand what you are saying. If they did not know the code, too bad for them. They were out of the gang. This is a form of symmetric encryption. If you want to tell your new girlfriend the code, then you will have to do this face-to-face or to perhaps send her a letter. The problem with either of these approaches is that someone could overhear what you are saying or could intercept the letter and the entire school would know your great secret code.

Some pesky terms

Before we go any further, we must define a few terms so that the rest of this page is comprehendible.

TermMeaning
plaintextThe message that we want to conceal by encrypting.
cypherThe algorithm used to transform the plaintext into something unreadable.
cypher textThe message in its encrypted form.
a keyA very large prime number which comprises the special knowledge that is used for encrypting and or decrypting information specially in public key cryptography also known as asymmetric encryption.

Asymmetric encryption

In asymmetric encryption, the problem of distributing the special knowledge needed to encrypt and decrypt the data is solved. This is done by using public keys and private keys. The public key is with the recipient. The private key stays with the sender. The sender creates both keys. The sender is free to publish the public key everywhere. The private key, as its name suggests remains with the sender. The way this works is that the private key is mathematically associated with the public key. It is computationally almost impossible to derive the private key from the public key. It is this difficulty of computation that gives current public key encryption its strength.

How does all this work in practice?

You and the recipient need to share public keys. Let us suppose that you want to send your super-secret assignment to your CAVI instructor. You would do the following.

  1. Ensure that you have your instructor’s public key.
  2. Encrypt the assignment using your instructor’s public key.
  3. E-mail the assignment to your instructor at the appropriate address.
  4. The instructor would then decrypt the assignment using her private key and grade it.
  5. She would then ensure that she had your public key.
  6. She would follow the steps outlined in points 2 through 3.

Similarly, if you were setting up SSH on your Linux computer, you would generate a key pair and keep the private key on the client computer. The public key would be on the server. You would then use your terminal emulator with the private key file to authenticate to the system.

Signing

You can use public key cryptography to sign documents digitally just like you do on paper. The details of the way this mechanism works is beyond the scope of this article but at a high level, here is what happens. Suppose you want to communicate your acceptance to CAVI's policies.

  1. You will apply a hash function to the message. A hash function reduces your message into a document of a fixed length. This document is called the message digest. Hashing saves a significant amount of time since you are working with smaller amounts of data.
  2. You then sign the message digest and send it and your full message to CAVI.
  3. Your instructors at CAVI will apply the same hash function that you did to the message and then decrypt the message digest using your public key. This should give the same value as your message. If it does, then the signature is valid.

The problem with this is that keys can be stolen and sometimes, two messages can hash to the same fixed length text. This is known as a hash collision. This event is very rare but some hashing algorithms are subject to such problems so have been deprecated.

Digital certificates

A certificate is usually issued by someone to show something. for example, CAVI issues a certificate to you when you pass a course to declare that you have successfully completed that course. A digital certificate is an electronic construct that serves the same purpose. Many times, it is used to show that a public key maps to a particular individual or institution.

References

Name of sourceLink
RSA Security Glossaryhttp://www.rsa.com/glossary/
		||RSA Laboratories||http://www.rsa.com/rsalabs/node.asp?id=2153||
Edit - History - Print - Recent Changes - Search
Page last modified on September 12, 2012, at 11:35 AM