This is an old revision of the document!
Table of Contents
Cryptography Fundamentals
This document introduces the fundamental concepts of cryptography.
—
Introduction
When systems communicate over a network, there are three main security goals:
* Confidentiality * Integrity * Authenticity
Cryptography helps achieve these goals.
—
Security Goals
Confidentiality
Only authorized parties can read the data.
Example:
Alice sends a password to Bob. Alice ---- Internet ---- Bob ^ Attacker
Without protection, the attacker can read the password.
Solution:
Encryption
—
Integrity
Data must not be modified during transmission.
Example:
Original: Transfer $100 Modified: Transfer $10000
Solution:
Digital Signatures
—
Authenticity
Verify who actually sent the data.
Example:
Someone claims to be your bank.
How do you know it is really your bank?
Solution:
Digital Signatures Certificates
—
What Is Cryptography?
Cryptography is the practice of protecting information.
Main categories:
Cryptography │ ├── Encryption │ └── Digital Signatures
—
What Is A Key?
A key is a value used by cryptographic algorithms.
Think of it like a house key:
With key -> Open the door Without key -> Cannot open the door
—
Encryption
Encryption protects:
Confidentiality
Goal:
Prevent unauthorized parties from reading data.
Process:
Plain Text
↓
Encrypt
↓
Cipher Text
↓
Decrypt
↓
Plain Text
Example:
Hello World
↓
A83D91F22C...
Only someone with the correct key can recover the original message.
—
Types of Cryptography
There are two major cryptographic models:
Cryptography │ ├── Symmetric Cryptography │ └── Asymmetric Cryptography
—
Encryption vs Digital Signature
A common misconception is that encryption and digital signatures work the same way.
In reality:
| Capability | Symmetric | Asymmetric |
|---|---|---|
| Encryption | Yes | Yes |
| Digital Signature | No | Yes |
Explanation:
* Encryption can use either Symmetric or Asymmetric cryptography. * Digital Signatures require a Public Key and a Private Key, so they use Asymmetric cryptography.
—
Symmetric Cryptography
Definition
Symmetric cryptography uses:
ONE SECRET KEY
for both encryption and decryption.
—
Workflow
Secret Key
↓
Encrypt
↓
Cipher Text
↓
Decrypt
↓
Plain Text
Example:
Encrypt("Hello", secret_key)
Decrypt(ciphertext, secret_key)
—
Advantages
* Fast * Efficient * Easy to implement
—
Disadvantages
The secret key must be shared securely.
If the key is stolen:
Attacker can decrypt everything.
—
Common Algorithms
* AES * ChaCha20 * DES (legacy)
—
Asymmetric Cryptography
Definition
Asymmetric cryptography uses:
TWO KEYS Public Key Private Key
The keys are mathematically related.
—
Public Key
Public key can be shared freely.
Examples:
* Websites * Certificates * API documentation
Anyone may know the public key.
—
Private Key
Private key must remain secret.
Only the owner should possess it.
If leaked:
Security is compromised.
—
Asymmetric Encryption
Purpose
Provides:
Confidentiality
—
Workflow
Public Key -> Encrypt Private Key -> Decrypt
—
Example
Alice owns:
Public Key Private Key
Bob wants to send a secret message.
Bob:
Encrypt(message, Alice Public Key)
Alice:
Decrypt(ciphertext, Alice Private Key)
—
Result
Anyone can encrypt. Only Alice can decrypt.
—
Digital Signatures
Digital signatures provide:
* Integrity * Authenticity
—
Purpose
Answer two questions:
Who sent this? Was this modified?
—
Workflow
Private Key -> Sign Public Key -> Verify
—
Example
Server signs a document.
Document
↓
Sign with Private Key
↓
Signed Document
Verification:
Signed Document
↓
Verify with Public Key
↓
Valid / Invalid
—
Result
Only the owner can sign. Everyone can verify.
—
Encryption vs Digital Signature
Encryption
Goal:
Hide data
Question answered:
Can someone read this?
Examples:
AES ChaCha20 RSA Encryption
Workflows:
Symmetric:
Secret Key -> Encrypt Secret Key -> Decrypt
Asymmetric:
Public Key -> Encrypt Private Key -> Decrypt
—
Digital Signature
Goal:
Verify authenticity Detect tampering
Questions answered:
Who sent this? Was this modified?
Workflow:
Private Key -> Sign Public Key -> Verify
Examples:
JWT RS256 JWT ES256 SSH Key Authentication TLS Certificates Git Commit Signing Code Signing
—
Real-World Examples
| Technology | Encryption | Digital Signature |
|---|---|---|
| HTTPS/TLS | AES, ChaCha20 | RSA, ECDSA, Ed25519 |
| SSH | AES, ChaCha20 | RSA, Ed25519 |
| JWT HS256 | HMAC (shared secret) | No |
| JWT RS256 | No | RSA Signature |
| JWT ES256 | No | ECDSA Signature |
| PGP/GPG | Yes | Yes |
—
Important Note About JWT
JWT signatures are often confused with digital signatures.
JWT HS256:
Shared Secret -> Sign Shared Secret -> Verify
Uses HMAC and a shared secret.
JWT RS256:
Private Key -> Sign Public Key -> Verify
Uses a true digital signature.
—
Quick Summary
| Capability | Symmetric | Asymmetric |
|---|---|---|
| Encryption | Yes | Yes |
| Digital Signature | No | Yes |
Encryption = Hide data = Confidentiality # Digital Signature Verify sender + Detect tampering ================ Authenticity + Integrity # Symmetric One Secret Key # Asymmetric Public Key + Private Key # Encryption Symmetric OR Asymmetric # Digital Signature Asymmetric