## Cryptosystem Functions

**Privacy/confidentiality**: Ensuring that no one can read the message except the intended receiver.**Authentication**: The process of proving one's identity.**Integrity**: Assuring the receiver that the received message has not been altered in any way from the original.**Non-repudiation**: A mechanism to prove that the sender really sent this message.**Key exchange**: The method by which crypto keys are shared between sender and receiver.

## Cryptosystem Algorithms

Each cryptosystem defines three algorithms:

**key(s) generation**- key size (length)
- expiration date
**encryption****decryption**

**Deterministic algorithm**

- given a particular input it will always produce the same output
- the underlying machine will always be passing through the same sequence of states

**Block cipher**

- deterministic algorithm operating on fixed-length groups of bits, called
*blocks*. - consists of two paired algorithms, one for
*encryption*, E, and the other for*decryption*, D. - Both algorithms accept two inputs: an
*input**block*of size n bits and a*key*of size k bits; and both yield an n-bit*output*block. - The decryption algorithm D is defined to be the inverse function of encryption

## Cryptosystem types

**Symmetric Encryption (Secret Key Cryptography)**- Uses a
__single__*key*for both encryption and decryption - Sender uses the key to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key to decrypt the message and recover the plaintext.
- Key must be known to both the sender and the receiver; key is the
*secret* - Applications which use this type of encryption to securely store data can use user-supplied password as a key (or key gets generated from a password)
- Same key/password is used to encrypt and decrypt content, which is helpful from a usability standpoint.
- The biggest difficulty with this approach is the distribution of the key
- Used for:
- privacy/confidentiality
- Types:
- stream ciphers
- block ciphers
- Algorithms:
**Advanced Encryption Standard**(**AES**, Rijndael; NIST 2001)- variant of the Rijndael block cipher
- Rijndael is a family of ciphers with different key and block sizes.
- For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 (
**AES256**) bits. - Examples:
*Ansible Vault*uses AES256

- ...

**Asymmetric****Encryption**(Public Key**Cryptography**)- Uses
__one key for encryption and another for decryption__ - Used for:
- authentication
- non-repudiation
- key exchange
- Algorithms:
- RSA (Rivest, Shamir and Adleman) (PKCS#1)
- Diffie–Hellman key exchange protocol
- PGP
- GPG (GnuPG)
- SSL/TLS
- SSH
- ...

**Hash Functions (Message Digests, One-way Encryption)**- Use a mathematical transformation to irreversibly "encrypt" information, providing a digital fingerprint
- Use no key
- Fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered
- Used for:
- message integrity. Examples:
- ensure the integrity of a file; provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered by an intruder or virus
- encrypt passwords
- Algorithms:
- Message Digest (MD) algorithms
- byte-oriented algorithms that produce a 128-bit hash value from an arbitrary-length message
- Algorithms:
- MD2
- MD4
- MD5
- weaknesses in the algorithm were demonstrated
- Secure Hash Algorithm (SHA)
- SHA-1
- produces a 160-bit hash value
- deprecated by NIST
- SHA-2
- SHA-1 plus
- SHA-224
- SHA-256
- produces a 256-bit (32-byte) hash value, typically rendered as a hexadecimal number, 64 digits long
- SHA-384
- SHA-512
- SHA-3
- Keccak

## Resources:

http://www.keylength.com/

emc - PKCS

MD5, SHA1, SHA224, SHA256, SHA384, SHA512 and RIPEMD160 hash generator

Advanced Encryption Standard - Wikipedia

MD5, SHA1, SHA224, SHA256, SHA384, SHA512 and RIPEMD160 hash generator

Advanced Encryption Standard - Wikipedia