Cryptography

Hiral Patel
@gisacouncil
Introduction
Crypto means “secret” and cryptography means “art of writing
data into secret text”.
Cryptography provides confidentiality, integrity, authentication
and non-repudiation for sensitive information while it is stored
(at rest), travelling across a network( in transit/in motion), and
existing in memory (in use/ in processing).
Terminology related to Cryptography
1. Plaintext
Plaintext refers to the original, unencrypted data that is readable
by humans or computers. It is the input to an encryption
algorithm before any transformation has been applied.
Example:
Message: "Hello, how are you?"
Password stored as plaintext: "mypassword123"
2. Cyphertext
Ciphertext is the result of applying an encryption algorithm to
plaintext. It is unreadable or scrambled data, which requires a
decryption key to convert it back into the original readable form.
Example:
Plaintext message: "Hello, how are you?"
After encryption: "Jk91Loxz98&%@!"
3. Encryption
Encryption is the process of converting plaintext or data into a ciphertext
using an algorithm and a key. This process makes the original data
unreadable to anyone who doesn't have the corresponding decryption key.

Data can be encrypted "at rest," when it is stored, or "in transit," while it is
being transmitted somewhere else.

Example
4. Decryption
Decryption, on the other hand, is the process of converting the ciphertext back
into its original plaintext form using the appropriate decryption key. Decryption
reverses the encryption process, allowing authorized parties to access and read
the original data.

5. Confidentiality
Confidentiality in information security refers to the practice of ensuring that
sensitive data is accessible only to authorized individuals, and preventing
unauthorized parties from accessing or disclosing that information. It is one of
the core principles of the CIA triad (Confidentiality, Integrity, and Availability),
which forms the foundation of information security.

6. Integrity
Integrity in information security refers to the assurance that
data remains accurate, complete, and unaltered during storage,
transmission, or processing. It ensures that information
is trustworthy and has not been tampered with by unauthorized
individuals or systems.
 7. Authentication
Authentication in information security refers to the process of verifying the identity
of a user, device, or system before granting access to resources or services. It
ensures that only legitimate users or entities are allowed to access data, applications,
or systems, protecting them from unauthorized access. Authentication Factors:
Methods used to authenticate a user.
These are generally classified into three categories:
• Something You Know: A password, PIN, or answer to a security question.
• Something You Have: A physical object like a smart card, security token, or mobile device.
• Something You Are: Biometric information such as a fingerprint, facial recognition, or iris scan.

8. Non-Repudiation
Non-repudiation is an essential concept in information security that ensures the
sender of a message, the signer of a document, or the originator of a transaction
cannot later deny their involvement in the communication or action. It provides proof
of the origin and integrity of the message or transaction, thereby preventing someone
from denying that they participated.
Types of Encryptions
There are Mainly 2 types of Encryptions

1. Private or secret key encryption also called Symmetric

key encryption
2. Public key encryption also called Asymmetric key encryption
1. Private key/Symmetric key Encryption
In Symmetric key encryption, the same key is used for both encryption and
decryption. So it is faster and less expensive but the challenge is to share the
same key securely between two parties. AES, DES, 3DES, Blowfish are some of
the example of symmetric key encryption
2. Public key encryption/Asymmetric key encryption
In this type of Encryption, two different types of keys are used, one is public key and
second is private key. Public key is available in public domain to everyone and
private key is private to specific person. Message encrypted by private key can be
decrypted by corresponding public key. It is slower and more expensive algorithm
then symmetric key algorithm. But there is no challenge of sharing the key
between two parties. RSA, Diffie-Hellman key exchange, Elliptic curve cryptography
are the example of Asymmetric encryption.

In this mechanism 4 keys can

take part in whole process.

Sender’s public key

Sender’s Private key
Receiver’s Public key
Receiver’s Private key
Hashing
Hashing is a cryptographic technique used to transform input data of any size into
a fixed-size string of characters, known as a hash value or hash code. The process
of hashing involves applying a hash function to the input data, which produces a
unique representation of that data. Hashing is irreversible encryption

If Mr. A want to confirm the integrity of the message not confidentiality then Mr. A
will use hash function upon data and create a message digest. Then that message
digest will be encrypted by using Mr. A’s private key. Mr. A will share that Data +
encrypted Message digest with Mr. B. Now Mr. B will first decrypt the encrypted
message digest with Mr. A’s public key and will get the original message digest. Mr.
B then will apply the hash function on data and will create a message digest on
his/her end and then will compare both message digests created by at B’s end
and supplied by Mr. A. If both are matching then Mr. B can confirm that the
message is not being altered by anyone and can confirm the integrity of the
message.
Hashing
Digital Signature
Digital signature is the process to attach a digital code to the document to
verify its content and sender’s identity. As an paper document, we take the
signature of a person to verify that the document is shared by that person and
validate the message from him. Same way, this can also be verified for
electronic document using digital signature. Hashing technique is used to
create a digital code. Digital signatures use public key cryptography
(asymmetric encryption), which involves two keys:

Private Key: Known only to the signer, used to create the signature.
Public Key: Available to anyone, used to verify the signature.
Digital Signature
Digital Signature
Steps in Creating a Digital Signature:

Hashing: The original document or message is passed through a hash

function, which generates a fixed-size unique output (called a hash or
message digest). This digest represents the content.
Signing: The message digest is encrypted using the sender’s private key,
creating the digital signature.
Sending: The digital signature and the original document are sent to the
recipient.
Digital Signature
Steps in Verifying a Digital Signature:

Hashing the Received Document:

The recipient hashes the received document using the same hash function.

Decrypting the Signature:

The recipient uses the sender's public key to decrypt the digital signature,
which reveals the original hash value.

Comparing the Hashes:

The recipient compares the hash from the decrypted signature with the
hash of the received document. If they match, the signature is valid, and
the document is authentic and untampered.
 Confidentiality
Encrypt the message using receiver’s public key and decrypt by using receiver’s private key

Create the Message digest/ Hash of the message

Confidentiality, Authentication, Integrity, Non-Repudiation

For Confidentiality: message to be encrypted using receiver’s public key

For Authentication/Non-Repudiation, Integrity:
1. Create the hash/message digest of the message
2. Encrypt the hash/message digest using sender’s private key
 Thank You
I hope it was useful

Follow me on LinkedIn for more content

CONTACT INFO
+91 960-110-3255
HIRALAPATEL