Criptography

Reference num. 2498 Views: 1198

Throughout history, cryptography has been dealing with the problem of how to conceal a message from other groups of people. Cryptography or encryption is the process of converting readable text (plaintext) into unreadable text (ciphertext), which is very difficult or even impossible to read without the proper key. Decryption is the process of turning the unintelligible ciphertext back to plaintext.

In modern electronic commerce, cryptography is used for many security services (e.g. to ensure that the contents of the original document were not modified with time or in transmission), not just for ensuring data confidentiality. It is used for digital signatures, time stamping, digital money payments, and in numerous other areas of the Internet.

  • Symmetric cryptography

At first only Symmetric cryptography was used, in which the same key is used for encryption and decryption. In that case the problem occures how to safely deliver the key to the user who wants to read our message. Because of that the asymmetric cryptography, which solves this problem, has established. Initially, only symmetric cryptography was employed, where the same keys are used for both encryption and decryption. The drawback of this is key management: how to securely deliver the key to every user who wants to read our message. This has led to the advent of asymmetric cryptography, where this problem has been resolved.

  • Asymmetric cryptography

Asymmetric cryptography requires a pair of keys, one of which is public and one of which is private. If data is encrypted using one of the keys, it can be decrypted only with the corresponding key. Such keys are called asymmetric key pairs

Asymmetric cryptography is much slower than symmetric, so a hybrid approach is used in practice. In the case of e-mail, the entire message is encrypted using a random symmetric key and then the key itself is encrypted using the recipient’s public key.

Using asymmetric cryptography in the public key infrastructure provides message integrity, confidentiality and non-repudiation and verification of the sender’s identity. If the message is encrypted with the recipient’s public key, only the recipient will be able to decrypt it using their private key. The opposite is true in digital signatures, where the sender signs their message with their private key and the recipient can use their public key to verify if the message really was signed by the sender and if it was not modified during transmission.