Cryptography refers to the practices involved in making a secure way of communication between a sender and a receiver. The word ‘Communication’ can be understood as transfer of data from one person to the other.
Imagine you are trying to send a message to your friend. You wrote it in a paper and now you have a third person who agrees to send the message to your friend’s address. Wouldn’t that be considered risking your confidentiality as it’s possible that the messenger can easily read your message ? Doesn’t that require some solution? A solution by which any intercept won’t be able to read your message easily? Well this is what cryptography is all about, but of course, its a term used in the online world.
There is one solution you can think for the problem in the second paragraph. And that is, you can use a box, and lock the message up using a key. And now you send this to your friend through a messenger. Now it becomes impossible for him to read the message !
But how will your friend be able to unlock the box? Well of course you need to send him the key you used at the first place to the friend too. Now lets try to see how this happens in the online world.
First you write your message. Then this message is encrypted using a unique encryption key.( Encryption means transforming a message into some meaningless set of strings and numbers and other characters. Whereas decryption means changing this encrypted message into the original message )
Now you send your message and the encryption key through 2 different channels to your friend. So when he receives both, he can use the key to decrypt the message and read it. This is called symmetric cryptography.
Notice how encryption is very similar to locking the message in a box. As both of them are almost useless without a key.
Alright so we just saw how you can resist some one from reading the message or data you are sending to someone by sending the encrypted message and the encryption key from 2 different channels.
But what if an intercept is keeping a track of you and now manages to intercept the key too. Just like he got his hand on the encrypted message itself i.e on both the channels. What’s stopping him from reading your message now ?
Well that’s the problem with symmetric cryptography.
In this, everyone, instead of having just one key for encryption and decryption, generates 2 keys. If one key encrypts something, only the other can decrypt it, and if the other encrypts something only the first one can decrypt it. They are mathematically generated in that way. A public key is actually derived from a private key. And it is also made sure, while generating them, that the public key cannot be used to derive the private key.
They choose one of them and make it public online, and the other is kept with them. The one that is kept with them is called the private key and the other one, is called the public key.
Now if Ben wants to send a message to Binod, he can first encrypt the message with Binod’s public key, which any one can access. This will ensure that no one can decrypt the message. As the only thing that can do so is Binod’s private key which is of course with Binod himself.
Hence first you need to encrypt the message with the public key of the person you want to send the message, send the message, and when the person gets the message, he/she decrypts it with their private key. And if someone wants to send you a message, they will follow the same.
This is called asymmetric cryptography. And is way more secure than symmetric cryptography.
Alright here’s a question for you, what if Harry wants to send a message to Mike and instead of encrypting it with Mike’s Public key, he uses his own private key ?
Digital Signatures – From Private to Public
Till now we have seen the best way to ensure security and and confidentiality of a message is by going public to private.
In the question asked earlier, we see Harry encrypting the message with his private key. As many might have guessed, it is now possible for an intruder to see the message as everyone has an access Harry’s public key. Hence this is not a very secure way right ?
That is absolutely correct, it is not reliable for confidentiality of the message at all.
But there is one way you can use this. Of course not for communication, but for something else. Now you need to change your perspective a little bit.
Now if Harry encrypts the data with his private key and Mike receives this data along with the actual message, and if decrypting this data with Harry’s public key gives that actual message Mike received, won’t that be obvious that it was Harry who encrypted the message, and not someone else? Wouldn’t that actually confirm that this message came from Harry himself ?
This is why we call this specific encryption a Digital Signature as can be used for verification purposes.
Now probably must be thinking there are two problems, first, how can we still secure the encrypted message as an intruder must be having Harry’s public key ? And second, the message is itself in the package. Well Here’s the solution.
- We Hash out the original message, send it in the package, and tell the receiver what hashing algorithm we used. And the receiver can verify by hashing the decrypted message and seeing if its the same as the hash we sent. NOTE: HASHING IS DIFFERENT FROM ENCRYPTING, AS HASHING CANNOT BE REVERSED.
- The above method would still not help as the encrypted message, encrypted by sender’s private key is still out there. So the best thing we can do is to apply the normal public to private method (original asymmetric cryptography) on the entire package. Hence giving us double protection. So now the receiver must first decrypt it with his own private key, getting 2 kind of data, a hash and the encryption. Then he do the verification process as discussed above.
In this article, we saw what the main purpose of cryptography. We also saw 2 main types of cryptography :
- Symmetric cryptography
- Asymmetric cryptography
We also saw two uses of Asymmetric cryptography
- Private to public method
- Signatures (Public to private method)
We also learnt how we can apply private to public method on top of signatures in order to make your privacy even more strong.
Cryptography is used literally everywhere today. From makin SSH connection Whatsapp and every chatting software you see (I HOPE SO).
This is also used to transfer any simple kind of data from one place to the other, besides chats and messages.
Here is something you might refer to for extra reading about signatures.