Saturday, December 8, 2018

Common Cryptographic Concepts and Terminology

  • Trusted third party
  • Public key infrastructure
  • The story of Bob and Alice
A trusted third party is necessary for a hybrid cryptosystem for secure key exchange. In an environment such as the Internet, it is difficult to trust the entity we are communicating with so we have to rely on SSL or Secure Socket Layer to communicate on the web. Some example include GeoTrust and VeriSign, they provide trusted services and are considered a trusted third party. 


Encryption uses keys and there are two types of encryption. Symmetric and Asymmetric.

Symmetric encryption which uses a single key for encryption and decryption. Some example of symmetric cryptography include AES, 3DES, and Twofish

Asymmetric encryption uses a pair of keys for encryption and decryption. To encrypt it uses a public key and to decrypt it uses a private key. The public key is shared for everyone to see as it is public. When using a public key we must be able to trust that it came from a trusted entity. So when completing a transaction on the internet we rely on a certificate to provide proof of identity. 

How this works is, Bob, trusted the Trusted Third Party and Alice also trusted the Trusted Third Party so Bob and Alice can trust each other. Tying into this is a Public Key Infrastructure. Public Key Infrastructure is a framework used to generate, manage, distribute, store, and revoke a digital certificate. Public Key Infrastructure uses a trusted third party to authenticate entities by using a certificate to authenticate each entity. 

Some example asymmetric encryption include RSA (Rivest-Shamir-Adleman), DSA (Digital Signature Algorithm), Diffie-Hellman key exchange, and Elliptic curve cryptography


Post a Comment