Understanding Encryption, Signing and Verification

Encryption is the process of encoding message in order to ensure that the message is accessed only by the authorized people.

Why we need encryption?

When two parties are communicating, it is essential to ensure that a middle man should not read the message. So we need a way to encode the message which can be accessed only by the authorized people.

IS encryption is enough for a communication between two parties?

By encrypting, we ensure that the message is accessed only by the authorized party. But there is no way to ensure that the message a party receive, is sent by the party that we trust. So there should be a way to ensure authenticity of the message. For that, digital signatures are used in computer communication.

Let’s see about encryption and signing in detail.

There are two types of encryption.

1. Symmetric Encryption
2. Asymmetric Encryption.

Symmetric Encryption

This is a simplest encryption method, where same key is used for encrypting the message into cipher text and decrypting the cipher text into the original message.

Symmetric encryption

The sender and the recipient should know the secret key that is used to encrypt and decrypt all the messages. Blowfish, AES, RC4, DES, RC5, and RC6 are examples of symmetric encryption. The most widely used symmetric algorithm is AES-128, AES-192, and AES-256.

Typically, with a symmetric key, you can exchange the key with another trusted participant; usually you produce a unique key for each pair of participants. You can be assured that any messages that you exchange, which are encrypted in a specific key, between the participants can only be deciphered by the other participant that has that key. In this way, the key must be kept secret to each participant.

For an example, when Alice sends message to Bob, Alice will encrypt the message with the keyAB and send the key with message to Bob. So Bob can decrypt the message using the key.

Similarly, when Alice sends message to Charles, Alice will encrypt the message with another key ‘keyAC’ and sends the cipher text and the key. Then Charles will decrypt the cipher text using the key sent by Alice.

What are the disadvantages of Symmetric encryption?

• Server A should have separate key for encryption for each device in communication with server A. If there are n devices in commication, then each device should store (n-1)keys in their private repository. So this is huge overhead to manage.
• The biggest problem with symmetric key encryption is that you need to have a way to get the key to the party with whom you are sharing data.Incase a B compromised with C and get the key used for communication between A and B, the C also can decrypt the message.
• Possibility of man-in-the-middle attack. Because the secret keys are exchanged between the devices over the network. If a third party steels the secret key , the he can decrypt the cipher text and also encrypt the message.

What are the advantages of Symmetric encryption?

• When it uses a secure algorithm, symmetric key encryption can be extemely secure. By increasing the key length, we can minimize the brute force attack and make the symmetric encryption more secured.
• Encrypting and decrypting the message is relatively fast and easy

Asymmetric Encryption

Unlike symmetric encryption, here we use different keys for encryption and decryption. Asymmetrical encryption is also known as public key cryptography.

Secret keys are exchanged over the Internet or a large network. So in Symmetric encryption, if someone gets the secret key, he can decrypt the message. But asymmetric encryption ensures that malicious person do not misuse the key.

In asymmetric encryption, there are two key pairs..

1. Public key
2. Private key

Private key is owned by an owner. It is secret to him. Assume Bob has a private key. For each private key there is a public key. Any one can have anyone’s public key. So Bob can send his public key to his friends Alice, John, etc. This public key is publically available to everyone.

A message that is encrypted using a public key can only be decrypted using its private key. Public key need not to be secure since it is publically available. So it can be passed over the Internet.

When A sends message to B, A will encrypt the message with the public key of B. So B can decrypt it by using its private key.

What are the advantages of Asymmetric encryption?

• Unlike Symmetric encryption, Server A needs to store only its privete key in the private repository even though there are n devices in the network. In symmetric encryption, it needs to store (n-1) keys in the private repository.
• In asymmetric or public key, cryptography there is no need for exchanging keys, thus eliminating the key distribution problem.

What are the disadvantages of Asymmetric encryption?

• A disadvantage of using public-key cryptography for encryption is speed:there are popular secret-key encryption methods which are significantly faster than any currently available public-key encryption method.

Signing and Verification

In most of the documents, we include signatures.

Why we include signatures?

Signatures help to authenticate document. By including signature, others can verify that the document is sent by me and all the information in the document is approved and obliged by me.

In computer communication also ,we need a way to validate the message sent by the other parties. Here also signatures cab be used. By including digital signatures in the message that we sent to another party, the other party can validate that this message is sent by me.

As mentioned in asymmetric encryption, There are two key pairs. Public key and private key

Private key is owned by the owner. So we can use private key as a way for signing.

• When Bob wants to send a message to Alice, Bob can encrypt the meaasge with its private key.
• Now Bob sends the message to Alice over the network.
• Alice already has Bob’s public key. So she can decrypt the message using Bob’s public key and validate that the message is sent by Bob. Because, private key of Bo is unique to Bob and no one can’t own that key.

How signing process happens?

• When Bob wants to sends a message to Alice, he take the message and hash the message
• The Bob will encrypt the message with his private key.
• Then Bob will combine the original message and hashed message and encrypt that using the public key of Alice.
• Now Bob sends the message to Alice

How Verification process happens?

• Now Alice receives the message.
• Alice will decrypt the entire message using its private key.
• Inside the message, there are two components: Original message, and hashed text which is encrypted by Bob’s private key.
• Then Alice will hash the original message using the hashing algorithm used by Bob. Now Alice has the hashed text of the original message. N
• Then Alice will decrypt the hashed text sent by Bob using the public key of Bob and compare it with the original message hashed by Alice. Now Alice can verify that the message is sent by Bob.

To ensure the network communication to be secured, it is necessary to have an encryption method. It can be symmetric or asymmetric.

References

[1] https://www.ssl2buy.com/wiki/symmetric-vs-asymmetric-encryption-what-are-differences

[2] http://www.uobabylon.edu.iq/eprints/paper_1_2264_649.pdf

[3]https://www.ibm.com/support/knowledgecenter/en/SSB23S_1.1.0.14/gtps7/s7symm.html