cryptographic applications

Three cryptographic applications

Encryption
Digital signature
Non repudiation and message integrity

Encryption- Requiring the use of a key to unlock data is called encryption. The key can be a secret key used symmetrically or it can be one of a public key pair used asymmetrically. The longer the key the less likely it is that a brute force attack on encrypted data will be successful.
Public key pairs include a private and a public key. When sending a public key encrypted message the sender encrypts the message with the recipient’s public key. The resulting message can now only be decrypted using recipient’s private key.

Public key cryptography is very secure but very costly in terms of computer resources. As a result it is often combined with secret key cryptography. For example a sender can use public key encryption to encrypt a secret key to be used for bulk encryption purposes. Both participants could use a single secret key or they could use a single key to generate some other set of keys to use for their communication. The exchange of secret key uses the very secure public key encryption while the bulk encryption of remainder of the communication could use some other encryption method.

As eavesdropper could capture the encrypted communication and thereby attempt to break the encryption. However by using very long secret keys using them only for one communication session and not reusing them, this method can be made quite secure.

Digital signature- If the sender encrypted data using sender’s own private key, the resulting message could be decrypted by anyone who had the sender’s public key. This process can’t be considered a way to protect the message from anyone since anyone with access to sender’s public key can decrypt it. However it does offer a method of signing a document digitally.

Encrypting a message in this way will ensure that it can only have come from a person whose public key will decrypt it – however it also ensures that every such message must be decrypted. As mentioned since public key encryption uses lots of resources this becomes impractical. Also there is the problem of keeping track of and certifying public keys.

A better option for digital signatures is to use a digest function to summarize the contents of a particular message in a smaller more manageable chunk of data. This chunk can then be encrypted using sender’s private key and appended to the message. The recipient can then use the same digest function on received message and use the sender’s public key to decrypt the digest included by the sender. If the two digest results matches, then the message has been certified as signed. If it doesn’t match, the message cannot be certified as signed.

Non repudiation and message integrity- There are two by-products of the use of digital signatures. Non repudiation is a cryptographic term describing the situation when the originator of a message cannot deny having sent it. Normal electronic mail is deniable, since it is relatively easily forged and modified. Email that has been digitally signed however is non repudiable. If the digital signature checks out properly the owner of the signature is the only entity capable of having signed the message.

The other important by-product of digital signatures is a guarantee of message integrity. If a message has been digitally signed and transmitted, verifying the signature also verifies that the message has been received, unchanged from the source. A signed message that has been intercepted, modified and forwarded onto its original destination will not produce a verified signature. The ability to verify a digital signature also confirms that the signed message was delivered intact and unchanged. Furthermore the person signing cannot later deny having sent it.