encryption - dwilson2547/wiki_demo GitHub Wiki
Encryption is the process of converting plain, readable data (called plaintext) into an unreadable format (called ciphertext) to protect its confidentiality. Only authorized parties with the correct key can reverse this process (decryption) to access the original data. Encryption is a cornerstone of modern cybersecurity, privacy, and secure communication.
- 1. Core Concepts of Encryption
- 2. Types of Encryption
- 3. How Encryption Works
- 4. Use Cases of Encryption
- 5. Encryption in Practice: TLS/SSL
- 6. Security Considerations
- 7. Encryption vs. Hashing vs. Encoding
- 8. Example Code Snippets
- 9. Common Misconceptions
- Plaintext: The original, readable data (e.g., "Hello, world!").
-
Ciphertext: The encrypted, unreadable data (e.g.,
U2FsdGVkX1+3v8j45tgL9sF3).
- A key is a piece of information used to control the encryption/decryption process.
- The security of encryption depends on keeping the key secret, not the algorithm.
- Encryption algorithms (or ciphers) define how plaintext is transformed into ciphertext.
- Examples: AES, RSA, ChaCha20.
- Uses the same key for both encryption and decryption.
- Fast and efficient, ideal for encrypting large amounts of data.
- Challenge: Securely sharing the key between parties.
| Algorithm | Key Size | Use Case |
|---|---|---|
| AES (Advanced Encryption Standard) | 128, 192, or 256 bits | Encrypting files, databases, and communications (e.g., TLS). |
| ChaCha20 | 256 bits | Mobile and internet protocols (e.g., HTTPS). |
| DES (Data Encryption Standard) | 56 bits | Legacy (insecure for modern use). |
Example:
- Plaintext:
"Hello" - Key:
"mysecretkey123" - Ciphertext (AES):
U2FsdGVkX1+3v8j45tgL9sF3
- Uses a pair of keys:
- Public key: Shared openly, used for encryption.
- Private key: Kept secret, used for decryption.
- Slower than symmetric encryption but solves the key distribution problem.
- Used for secure key exchange, digital signatures, and encrypting small data.
| Algorithm | Key Size | Use Case |
|---|---|---|
| RSA | 1024–4096 bits | Encrypting small data, digital signatures, TLS key exchange. |
| ECC (Elliptic Curve Cryptography) | 256–521 bits | Modern alternative to RSA (smaller keys, same security). |
| Diffie-Hellman | Variable | Secure key exchange over insecure channels. |
Example:
- Plaintext:
"Hello" - Public key:
(e, n) - Private key:
(d, n) - Ciphertext (RSA):
1234567890abcdef...
-
Key Generation: Create a secret key (e.g.,
mysecretkey123). - Encryption: Use the key and AES to convert plaintext to ciphertext.
- Decryption: Use the same key to reverse the process.
- Key Pair Generation: Generate public and private keys.
- Encryption: Use the recipient’s public key to encrypt the plaintext.
- Decryption: Use the recipient’s private key to decrypt the ciphertext.
| Scenario | Encryption Type | Example |
|---|---|---|
| Secure Communication | Symmetric (TLS) + Asymmetric (key exchange) | HTTPS, VPNs. |
| File/Database Encryption | Symmetric | Encrypting files on a hard drive. |
| Digital Signatures | Asymmetric | Verifying software authenticity. |
| End-to-End Encryption | Symmetric + Asymmetric | Messaging apps (e.g., Signal, WhatsApp). |
| Password Storage | Hashing (not encryption) + Salting | Storing passwords securely. |
- TLS (Transport Layer Security) secures internet communications (e.g., HTTPS).
-
How it works:
- Handshake: Client and server agree on a symmetric key using asymmetric encryption (e.g., RSA or Diffie-Hellman).
- Symmetric Encryption: All communication is encrypted using the agreed key (e.g., AES).
- Key Management: Securely store and rotate keys.
- Algorithm Choice: Use modern, secure algorithms (e.g., AES-256, RSA-2048, or ECC).
- Key Length: Longer keys = stronger security (e.g., 256-bit AES is more secure than 128-bit).
- Avoid Deprecated Algorithms: Never use DES, RC4, or SHA-1.
| Technique | Purpose | Reversible? | Example |
|---|---|---|---|
| Encryption | Confidentiality (protect data). | Yes (with key). | AES, RSA. |
| Hashing | Integrity (verify data). | No. | SHA-256, bcrypt. |
| Encoding | Format conversion (no security). | Yes. | Base64, UTF-8. |
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
# Generate a random 256-bit (32-byte) key
key = get_random_bytes(32)
# Encrypt
cipher = AES.new(key, AES.MODE_EAX)
ciphertext, tag = cipher.encrypt_and_digest(b"Hello, world!")
print("Ciphertext:", ciphertext.hex())
# Decrypt
cipher = AES.new(key, AES.MODE_EAX, cipher.nonce)
plaintext = cipher.decrypt_and_verify(ciphertext, tag)
print("Plaintext:", plaintext.decode("utf-8"))from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
# Generate key pair
key = RSA.generate(2048)
private_key = key.export_key()
public_key = key.publickey().export_key()
# Encrypt with public key
cipher = PKCS1_OAEP.new(RSA.import_key(public_key))
ciphertext = cipher.encrypt(b"Hello, world!")
print("Ciphertext:", ciphertext.hex())
# Decrypt with private key
cipher = PKCS1_OAEP.new(RSA.import_key(private_key))
plaintext = cipher.decrypt(ciphertext)
print("Plaintext:", plaintext.decode("utf-8"))- Encryption = Security: Encryption is only as secure as the key management and implementation.
- All Encryption Is Equal: Not all algorithms are secure (e.g., DES is broken).
- Encryption Is Only for Secrets: It’s also used for authentication (e.g., digital signatures) and integrity.
Would you like to dive deeper into a specific algorithm (e.g., AES, RSA), explore how encryption is used in real-world protocols (e.g., HTTPS, Signal), or discuss quantum-resistant encryption?