Cryptography

Cryptography is the process of converting between readable text, called plaintext, and an unreadable form, called ciphertext.

This occurs as follows:

The sender converts the plaintext message to ciphertext. This part of the process is called encryption (sometimes encipherment ).
The ciphertext is transmitted to the receiver.
The receiver converts the ciphertext message back to its plaintext form. This part of the process is called decryption (sometimes decipherment ).

The conversion involves a sequence of mathematical operations that change the appearance of the message during transmission but do not affect the content. Cryptographic techniques can ensure confidentiality and protect messages against unauthorized viewing (eavesdropping), because an encrypted message is not understandable. Digital signatures, which provide an assurance of message integrity, use encryption techniques. See Digital signatures in SSL/TLS for more information.

Cryptographic techniques involve a general algorithm, made specific by the use of keys. There are two classes of algorithm:

Those that require both parties to use the same secret key. Algorithms that use a shared key are known as symmetric algorithms. Figure 1 illustrates symmetric key cryptography.
Those that use one key for encryption and a different key for decryption. One of these must be kept secret but the other can be public. Algorithms that use public and private key pairs are known as asymmetric algorithms. Figure 2 illustrates asymmetric key cryptography, which is also known as public key cryptography.

The encryption and decryption algorithms used can be public but the shared secret key and the private key must be kept secret.

This diagram shows plaintext encrypted to ciphertext with a shared secret key. Because the cryptography is symmetric, the ciphertext is decrypted using the same secret key. — Figure 1. Symmetric key cryptography

This diagram shows plaintext encrypted to ciphertext with the receiver's public key. The recipient decrypts the ciphertext with the receiver's private key. — Figure 2. Asymmetric key cryptography

Figure 2 shows plaintext encrypted with the receiver's public key and decrypted with the receiver's private key. Only the intended receiver holds the private key for decrypting the ciphertext. Note that the sender can also encrypt messages with a private key, which allows anyone that holds the sender's public key to decrypt the message, with the assurance that the message must have come from the sender.

With asymmetric algorithms, messages are encrypted with either the public or the private key but can be decrypted only with the other key. Only the private key is secret, the public key can be known by anyone. With symmetric algorithms, the shared key must be known only to the two parties. This is called the key distribution problem. Asymmetric algorithms are slower but have the advantage that there is no key distribution problem.

Other terminology associated with cryptography is:

Strength

The strength of encryption is determined by the key size. Asymmetric algorithms require large keys, for example:

1024 bits

Low-strength asymmetric key

2048 bits

Medium-strength asymmetric key

4096 bits

High-strength asymmetric key

Symmetric keys are smaller: 256 bit keys give you strong encryption.

Block cipher algorithm

These algorithms encrypt data by blocks. For example, the RC2 algorithm from RSA Data Security Inc. uses blocks 8 bytes long. Block algorithms are typically slower than stream algorithms.

Stream cipher algorithm

These algorithms operate on each byte of data. Stream algorithms are typically faster than block algorithms.