Friday, November 21, 2008

Cryptography

Cryptography is the practice and study of hiding information. In cryptography, encryption is the process of transforming information to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information. In many contexts, the word encryption also implicitly refers to the reverse process, decryption, to make the encrypted information readable again.

Cryptography has been around for centuries, used mainly to secure communication between Governments or military officials. For cryptography to work, both the sending and receiving party must use the same process to encode and decode the data. The keys used for cryptography must be guarded closely, because anyone who has the key has the ability to decrypt the data. Keys are usually not sent via the medium they are meant to protect. Transmission of the keys usually would be done via a telephone conversation, the postal system or some other physical means, such as CD or Floopy.

The key is a piece of information that controls the operation of a cryptographic algorithm. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa during decryption. Keys are also used in other cryptographic algorithms, such as digital signature schemes and message authentication codes.

There are two main types of encryption: asymmetric encryption (also called public-key encryption) and symmetric encryption.

A cryptographic system that uses two keys -- a public key known to everyone and a private or secret key known only to the recipient of the message. When A wants to send a secure message to B, he uses B's public key to encrypt the message. B then uses his private key to decrypt it.
An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key.

Public-key systems, such as Pretty Good Privacy (PGP), are becoming popular for transmitting information via the Internet. They are extremely secure and relatively simple to use. The only difficulty with public-key systems is that you need to know the recipient's public key to encrypt a message for him.

Pretty Good Privacy (PGP) is one of the most common ways to protect messages on the Internet because it is effective, easy to use, and free. PGP is based on the public-key method, which uses two keys -- one is a public key that you disseminate to anyone from whom you want to receive a message. The other is a private key that you use to decrypt messages that you receive. To encrypt a message using PGP, you need the PGP encryption package, which is available for free from a number of sources.

A public key infrastructure (PKI) is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA. This is carried out by software at a CA, possibly under human supervision, together with other coordinated software at distributed locations. For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgeable in public key certificates issued by the CA.

PKI arrangements enable computer users without prior contact to be authenticated to each other, and to use the public key information in their public key certificates to encrypt messages to each other. In general, a PKI consists of client software, server software, hardware (e.g., smart cards), legal contracts and assurances, and operational procedures. A signer's public key certificate may also be used by a third-party to verify the digital signature of a message, which was made using the signer's private key.

In general, a PKI enables the parties in a dialogue to establish confidentiality, message integrity and user authentication without having to exchange any secret information in advance, or even any prior contact. The validity of a PKI between the communicating parties is, however, limited by practical problems such as uncertain certificate revocation, CA conditions for certificate issuance and reliance, variability of regulations and evidentiary laws by jurisdiction, and trust. These problems, which are significant for the initial contact, tend to be less important as the communication progresses in time (including the use of other communication channels) and the parties have opportunities to develop trust on their identities and keys.

1 comment:

Jimmy Jarred said...

I find this article very informative. I read about this scheme many times but always find difficult to understand. With the help of the information you have provided I got a basic idea. Thanks !!
digital signature