Crypto Essentials lies in encryption. Encryption is critical to network computer communication, secure storage, and a host of other security aspects to computing, including the Internet of Things (IoT).
Encryption technology has been in use since before we had computers; it was commonly used even when we utilized mainframes that used magnetic core memory. It becomes crypto essentials to consider several ways to use and execute encryption. This article presents the basics of the latest technology.
The RSA public-key encryption system derives its initials from Ron Rivest, Adi Shamir, and Leonard Adleman, who described the system back in 1977. It is based on the mathematical problem of factoring numbers based on two large prime numbers.
A digital signature uses encryption to sign some clear text that can be decrypted and verified. The signature is based on the cleartext that often provides additional information that can now be authentic. Anyone with a copy of the public key can authenticate the digital signature. You may use a crypto investor login to experience it.
One use for digital signatures is to implement digital certificates used in critical public infrastructures (PKI). Another use for this asymmetrical key system is to create a shared secret key using two sets of private/public key pairs. The trick is that each side only needs access to its private key and the other side’s public key. These public keys can even be exchanged as part of a protocol like the Diffie-Hellman algorithm. Of course, it is more involved than just swapping the public keys. But it can make sure that both sides are the only ones able to generate the shared key. Asymmetrical systems are helpful but with a high computational overhead compared to symmetrical methods that employ a single key. Usually, the two systems are combined, with the asymmetrical keys being used to generate or authenticate a shared secret key used for symmetrical encryption and decryption that is usually faster.
Public Key Infrastructure (PKI) is based on a certificate authority (CA) hierarchy that signs certificates and considered crypto essentials. A registration authority (RA) is an entity that can verify the identity of a subscriber before a CA generates a signed certificate. In addition, an entity can utilize a validation authority (VA) that can be used to verify a certificate by keeping track of valid and revoked certificates.
An application like a web browser can utilize one or more root CAs. This allows it to authenticate certificates that have been created using any of the CAs within these CA trees. Most operating systems like Windows, IOS, and Android are delivered with a collection of root CAs. Additional CAs can be added to this list.
Client applications can verify a certificate by first looking at the certificate’s expiration date, looking at the CA that signed the certificate, and finally checking with a VA to ensure the certificate has not been revoked. Some minor system implementations have a CA, RA, and VA on the same server, but typically they are distributed among different servers. Thus, a CA can have multiple RA and VA servers associated with them. A CA hierarchy is generally used because the root CA must be kept secure, or everything falls apart.
Certificates typically include an expiration date. Certificates can be renewed with the same public key. A single year is a typical duration for a certificate. The reason is that a VA is needed to maintain valid and revoked certificate lists. The latter is used to determine certificates that have been cancelled before their expiration date. Many applications do not assume that a certificate can be revoked. Likewise, most root CA certificates have very long durations.
Secure socket layer (SSL) communication use pubic keys to create an encrypted data link. SSL support can be implemented using self-signed certificates. Still, typically servers use a certificate obtained from a PKI system. This is especially true for sites where monetary exchanges are involved. In general, the SSL protocol starts by having participants exchange certificates, so they each have the other’s public key. If a PKI system is used, the participants can also be verified; otherwise, only an encrypted link can be guaranteed. Thus, it is one-sided, with a web browser authenticating a web server—not the other way around—although an IoT device and an IoT server may want to establish in both directions.
Blockchains, another Crypto Essentials, are distributed, write-once databases that can be used for various applications, from auditing to cryptocurrencies. At any point in time, a node’s database may contain a collection of transactions that have insufficient votes associated with them. Typically the nodes will have slightly different database states, but the growing collection will be consistent within the group. Unlike a conventional relational database, the blockchain system does not have atomic operations.
The use of encryption allows many applications to operate securely, but this necessitates several assumptions and requirements. Many systems require systems like PKI to work securely with proper protection of secrets. Significant problems can arise if this is not the problem.