Saturday 24 June 2017

Securely transferring data

At a very high level there are two types of encryption (to my understanding):
  • Symmetric - One Private Key 
  • Asymmetric - One Private key and One Public Key 
Symmetric encryption 
  • uses the same key to encrypt and decrypt data 
  • it's computationally simple Compared to Asymmetric encryption/decryption 
  • if the key is ever compromised well then it's useless. 
Asymmetric encryption
  • uses a key pair: a private and public key 
  • you generate both a public key and private key at the same time, they are bound to each other. 
  • anything you encrypt using the public key can be decrypted with the private key and vice versa. 
  • it's Computationally heavy 
Now to get the best of both worlds you and the party you wish to securely communicate with must:
  1. create an asymmetric key pair(Private and Public keys) 
  2. exchange public keys. 
  3. Each create your own unique symmetric key. 
  4. encrypt your key using the other parties public key. 
  5. exchange the encrypted symmetric keys 
  6. use your private keys to decrypt the received symmetric keys. 
now each party can create a message and encrypt it using their partners symmetric key,
fire the message over at which point the receiving party uses the same symmetric key to decrypt the message. basically you securely exchanged Symmetric keys. now does this sound confusing? cause it sure did to me the first 6 times I read it, which is why I made this pretty picture to makes sense of what's going on



So now you can see that you used the Asymmetric key's to securely exchange Symmetric keys to make communicating with larger messages possible.

Another important facet of Cryptography is the Initialization vector (IV), now the IV is used to ensure that the same message looks different each time it's encrypted.