Overview
3 areas of cryptographic standard:
encryption standard
- Data Encryption Standard (obsolete)
- Triple DES
- Advanced Encryption Standard (AES)
- RSA
- OpenPGP
- CipherSaber
hash standard
- MD5
- SHA-1
- SHA-2
- HMAC
- PBKDF2
digital signature standard
- Digital Signature Algorithm (DSA)
- RSA
- Elliptic
Symmetric-key algorithm
Use the same cryptographic keys for both encryption and decryption.
The keys represent a shared secret between two parties, and maintain a private information link.
This requirement that both parties have access to the secret key is one of the main drawbacks.
Public-key cryptography
The public key is used:
- encrypt plaintext
- verify a digital signature
private key is used:
- decrypt ciphertext
- create a digital signature.
Encryption standard
RSA Vs. AES
RSA is very computationally expensive by comparison with AES. It involves mathematics with very large numbers, whilst AES can be implemented with relatively simple bit operations.
RSA is a public-key encryption algorithm (asymmetric), while AES is a symmetric key algorithm. Often a cryptosystem will use both algorithms.
A good compromise is to use RSA to encrypt the symmetric key that is then used in AES encryption of the larger data.
GitHub
uses RSA encryption.
hash standard
MD5
The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, or 32 digit Hex.
d -> 8277e0910d750195b448797616e091ad
good morning -> 2b849500e4585dab4196ec9a415edf8f
SHA-1
SHA-1 produces a 160-bit (20-byte) hash value, or 40 digit Hex.
For more
About MD5, SHA-1 and other, refer to [Design] Cryptographic Hash, MD5 and Digital Signature
digital signature standard
A valid digital signature gives a recipient confidence that the message was created by a known sender.
commonly used for software distribution, financial transactions
To create a digital signature, signing software (such as an email program) creates a one-way hash of the data to be signed. The private key is then used to encrypt the hash.
The reason for encrypting the hash instead of entire message is that a hash function can convert an arbitrary input into a fixed length value, which is usually much shorter.
Other party validate the integrity of the data by using the signer’s public key to decrypt the hash.
Note: you can choose to ‘ Add digital signature to this message ’ in Microsoft Office.