Welcome to the Cisco Academy for Vision Impaired Linux Wiki. |
Main /
TheBasicsOfEncryptionIntroductionThis page contains an overview of encryption and its uses. It will give you background information to use technology like SSL and SSH effectively. Why encrypt?The traditional reason for encrypting text is to send information that you only want the recipient to read. Today, on the Internet, you encrypt your data to keep people with militias intent from reading information you are exchanging with the server. For example, if you are banking online, then you do not want a third party snooping on what you are doing. What is encryption?Encryption is a way of scrambling data such that to then read that data, you need special knowledge usually a key. Remember the times you made up your own codes in school? If your friends knew the code, they could understand what you are saying. If they did not know the code, too bad for them. They were out of the gang. This is a form of symmetric encryption. If you want to tell your new girlfriend the code, then you will have to do this face-to-face or to perhaps send her a letter. The problem with either of these approaches is that someone could overhear what you are saying or could intercept the letter and the entire school would know your great secret code. Some pesky termsBefore we go any further, we must define a few terms so that the rest of this page is comprehendible.
Asymmetric encryptionIn asymmetric encryption, the problem of distributing the special knowledge needed to encrypt and decrypt the data is solved. This is done by using public keys and private keys. The public key is with the recipient. The private key stays with the sender. The sender creates both keys. The sender is free to publish the public key everywhere. The private key, as its name suggests remains with the sender. The way this works is that the private key is mathematically associated with the public key. It is computationally almost impossible to derive the private key from the public key. It is this difficulty of computation that gives current public key encryption its strength. How does all this work in practice?You and the recipient need to share public keys. Let us suppose that you want to send your super-secret assignment to your CAVI instructor. You would do the following.
Similarly, if you were setting up SSH on your Linux computer, you would generate a key pair and keep the private key on the client computer. The public key would be on the server. You would then use your terminal emulator with the private key file to authenticate to the system. SigningYou can use public key cryptography to sign documents digitally just like you do on paper. The details of the way this mechanism works is beyond the scope of this article but at a high level, here is what happens. Suppose you want to communicate your acceptance to CAVI's policies.
The problem with this is that keys can be stolen and sometimes, two messages can hash to the same fixed length text. This is known as a hash collision. This event is very rare but some hashing algorithms are subject to such problems so have been deprecated. Digital certificatesA certificate is usually issued by someone to show something. for example, CAVI issues a certificate to you when you pass a course to declare that you have successfully completed that course. A digital certificate is an electronic construct that serves the same purpose. Many times, it is used to show that a public key maps to a particular individual or institution. References
||RSA Laboratories||http://www.rsa.com/rsalabs/node.asp?id=2153|| |