Cryptography - MacKittipat/note-developer GitHub Wiki

Cipher

• An algorithm for performing encryption or decryption

Encryption

• Encryption is used when data needs to be protected so those without the decryption keys cannot access the original data.
• There are 2 types of Encryption :
  • Symmetric Key Encryption : The same key is used to encrypt and decrypt data
    • DES (Data Encryption Standard) : Outdated. Don't use it.
    • AES-256 (Advanced Encryption System)
  • Asymmetric Key Encryption : One key is used to encrypt data and a different key is used to decrypt the data.
    • RSA (Rivest Shamir Adleman)
    • DH (Diffie–Hellman Key Exchange)
    • DSA (Digital Signature Algorithm)
    • ECC (Elliptical Curve Cryptography)

Hash

• One-way process where data is transformed into a fixed length alphanumeric string
• The result of hash is digest
• Commonly used to verify the integrity of data, commonly referred to as a checksum
• Example :
  • SHA-256 (Secure Hash Algorithm 256-bit)

Hash-based Message Authentication Code (HMAC)

• HMAC is a type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. HMAC makes it possible to confirm the integrity and authenticity of a data
• Use Symmetric Key
• Example :
  • HMAC-SHA256 (Hash-Based Message Authentication Code with SHA-256)

Digital Signature

• Commonly used for verify integrity, authenticity and non-repudiation of data
• A digital signature is information that is attached to data to assure the recipients of the data that it has not been altered and has originated from the signer of the message. Digital signatures perform an equivalent function to a handwritten signature on a paper document.
• Use Asymmetric Key

Encoding

• Commonly used when data cannot be transferred in its original format between systems or applications
• Reversible process and data can be encoded to a new format and decoded to its original format
• Encoding is not used to protect or secure data because it is easy to reverse
• Example :
  • Base64 Encoding : encoding binary data into ASCII text format
  • URL Encoding : encodes special characters in a website’s URL

Concepts

• Integrity
  • Can the recipient be confident that the message has not been modified?
  • Message has not been tampered
• Authenticity
  • Can the recipient be confident that the message originates from the sender?
  • Origin can be identified
• Non-Repudiation
  • Non-repudiation refers to the ability to prove that a particular party performed a specific action or transaction.
  • Prevents an sender from repudiating that he is the origin of a message (Sender cannot deny that they sent the message)
  • Non-repudiation of sender ensures that someone sending a message should not be able to deny later that they have sent it.
  • Non-repudiation of receiver means that the receiver of a message should not be able to deny that they have received it.

Reference

• https://www.packetlabs.net/posts/encryption-encoding-and-hashing/
• https://cloud.google.com/kms/docs/digital-signatures
• https://www.trentonsystems.com/en-us/resource-hub/blog/symmetric-vs-asymmetric-encryption#:~:text=Examples%20of%20asymmetric%20encryption%20include,Elliptical%20Curve%20Cryptography%20(ECC)
• https://preyproject.com/blog/types-of-encryption-symmetric-or-asymmetric-rsa-or-aes
• https://www.ibm.com/docs/en/cics-ts/5.6?topic=protection-digital-signatures
• https://maxwelldulin.com/BlogPost/Digital-Signatures-HMACs-and-Hashing
• https://frontegg.com/blog/hmac