Before we get into this post, i would like us to have a clear understanding on some basic terminology.
What is Cryptography?
In simple terms, it is the study of securing communications by using mathematical algorithms. Essentially, the goal is to get the message to the intended receiver, without revealing it contents to the third party.
Websites do not store passwords in plain text, they hash it.
What is Encryption and Decryption?
These are the two basic processes involved in cryptography. Encryption is the process by which plain text is converted into cipher text. While, decryption is where the cipher text is converted back to plain text.
A simple example would be the Caesars cipher. In this cipher the characters in a message are shifted or substituted to a certain number of places in the alphabet. An example, “hello” becomes “ifmmp” by a shift of 1, but the same text can be turned into “rovvy” by a shift of 10.
Who wants Bob and Alice to explain encryption?
Symmetric and Asymmetric encryption
Symmetric encryption involves only one secret key to cipher and decipher the message. This secret key mathematical changes the plain text to cipher text. The recipient can only decipher the message using this key.
However, if an unintended recipient manages to get a hold of the key, he or she could easily decrypt the message. As a result, cryptographers developed something called Asymmetric encryption.
An example for symmetric encryption would be “BlowFish encryption” you can try it out here http://sladex.org/blowfish.js/
Asymmetric encryption use two keys instead of one. Those two keys are called the Private key and the Public key, which are unique but related to each other, hence they are called a pair of keys.
The Public Key is made available to everyone through a publicly accessible repository or just sending the key to a user who needs it. On the other hand, the Private Key must remain confidential to its respective owner. Since the key pair is related, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key.
If you use ssh, you can generate these keys by using the command:
For example, if Alice wants to send sensitive data to Bob, and only wants Bob to read it, she will encrypt the data with Bob’s Public Key(which he made public or may have sent to Alice). Only Bob has access to his corresponding Private Key. Even if someone else intercepted the message and the Public key they cannot decipher the context of the message. Therefore, only Bob can decrypt the message into its original form.
Protocols like SSH, OpenPGP, and SSL/TLS use asymmetric cryptography for encryption and digital signatures.
I hope this post gave you a solid understanding of basic cryptography. In my future blog posts, i’ll be covering complex cryptography and the mathematical side of it.