DR. AJAY KUMAR PATHAK
ASSISTANT PROFESSOR
READ ALL THE NOTES CHAPTER WISE
SUBJECT NAME:- MJ–15 (Th):- INFORMATION SECURITY
FOR B. Sc. IT.
SEM 6 F.Y.U.G.P.
Copyright © by Dr. Ajay kumar pathak
B. Sc. IT. SEMESTER 6 NOTES BASED ON NEP
SUBJECT : MJ–15 (Th): INTRODUCTION TO NETWORK SECURITY
(To be selected by the students from)
Course Learning and Outcomes:- Know about the logics and algorithms needed for computer programming
UNIT 2 (UNIT NAME):- CRYPTOGRAPHY AND ENCRYPTION
Objective: The objective of the course is to enable students to
· The objective of this course is to provide students with a comprehensive understanding of network security concepts and techniques. The course aims to develop students' skills in identifying network vulnerabilities, implementing security measures, and ensuring the confidentiality, integrity, and availability of networked systems.
Learning Outcome:- After completion of this course, a student will be able to–
· Understand the principles and concepts of network security.
· Identify potential security threats and vulnerabilities in networked systems.
· Implement security measures to protect network infrastructure.
· Apply encryption and authentication techniques to secure network communication.
· Analyze and respond to security incidents in networked environments
-: NOTES READ FROM HERE :-
UNIT- 2 :- CRYPTOGRAPHY AND ENCRYPTION
INTRODUCTION TO CRYPTOGRAPHY
AND ENCRYPTION:-
OR
Encryption is the process of
converting readable plain text data into ciphertext and an unreadable format
using an algorithm and an encryption key, while decryption means the reverse
process; only the owner of the decryption key corresponding to it can reverse
the Encryption and return the ciphertext into its plaintext. This means that
Encryption helps protect sensitive data from unauthorized access, which is a
crucial aspect of maintaining good Cyber Hygiene. There are other encryption
algorithms besides symmetric Encryption, whereby a single key is used for
Encryption and decryption. Asymmetric encryption works by having one pair of
keys that enables Encryption using the public key and decryption results using
the private key, all aiding in providing security on data at the transmission
interface.
OR
A process that transforms
information (the plaintext) into a seemingly unintelligible form (the
ciphertext) using a mathematical algorithm and some secret information (the
encryption key). The process of decryption undoes this transformation using a
mathematical algorithm, in conjunction with some secret value (the decryption
key) that reverses the effects of the encryption algorithm. An encryption
algorithm and all its possible keys, plaintexts and ciphertexts is known as a
cryptosystem or cryptographic system.
Figure 4 illustrates the
process.
Cryptography is the general
name given to the art and science of keeping messages secret. It is not the
purpose here to examine in detail any of the mathematical algorithms that are
used in the cryptographic process, but instead to provide a general overview of
the process and its uses.
Modern encryption systems use
mathematical algorithms that are well known and have been exposed to public
testing, relying for security on the keys used. For example, a well-known and
very simple algorithm is the Caesar cipher, which encrypts each letter of the
alphabet by shifting it forward three places. Thus A becomes D, B becomes E, C
becomes F and so on. (A cipher that uses an alphabetic shift for any number of
places is also commonly referred to as a Caesar cipher, although this isn't
strictly correct since the Caesar cipher is technically one in which each
character is replaced by one three places to the right.) I could describe this
mathematically as p + 3 = c, where p is the plaintext and c the ciphertext. For
a more general equation I could write p + x = c where x could take any integer
value up to 25. Selecting different values for x would obviously produce
different values for c, although the basic algorithm of a forward shift is
unchanged. Thus, in this example the value x is the key. (The Caesar cipher is
of course too simple to be used for practical security systems.)
There are two main requirements
for cryptography:-
(1) It should be computationally infeasible to derive the PLAINTEXT
FROM THE CIPHERTEXT without knowledge of the decryption key.
(2) It should be computationally infeasible to derive the CIPHERTEXT
FROM THE PLAINTEXT without knowledge of the encryption key.
Both these conditions should be
satisfied even when the encryption and decryption algorithms themselves are
known.
The reason for the first
condition is obvious, but probably not the second, so I shall briefly explain. This
is often also a requirement for information that is sent ‘in the clear’, that
is, not encrypted. One method of authentication is for the sender and recipient
to share a secret key. The sender uses the key to encrypt a copy of the
message, or a portion of it, which is included with the data transfer and, on
receipt, the recipient uses the key to decrypt the encrypted data. If the
result matches the plaintext message, this provides a reasonable assurance that
it was sent by the other key owner, and thus a check on its authenticity. Of
course, this assumes that the key has not been compromised in any way. Modern
encryption systems are derived from one of two basic systems: symmetric key
(sometimes called shared key) systems, and asymmetric key (often called public
key) systems.
What is a key in
cryptography?:- A cryptographic key is a string of characters used
within an encryption algorithm for altering data so that it appears random.
Like a physical key, it locks (encrypts) data so that only someone with the
right key can unlock (decrypt) it.
Uses of Encryption:- Encryption is used in various technologies around us,
which can be seen in our everyday lives:
1. Emails: Email encryption
prevents unauthorized access to the contents of email messages.
2. Online Transactions: Payment
systems, such as credit card transactions, use encryption to secure financial
information during transmission.
3. Passwords: Passwords are
often stored in an encrypted form to prevent unauthorized access to accounts.
4. Communication: Messaging
platforms, including social media apps, use end-to-end encryption to ensure
private communications between users.
Almost all the activities you
perform online are secured with an encryption algorithm to protect you from
internet theft.
TYPES OF ENCRYPTION
:-
There are two types of
encryption algorithms:- symmetric (also called shared key algorithm) and
asymmetric (also known as public key algorithm).
(1) SYMMETRIC ENCRYPTION:- Also known as
public key cryptography, asymmetric encryption is a relatively new method that
uses two different but related keys to encrypt and decrypt data. One key is
secret and one key is public. The public key is used to encrypt data, and the
private key is used to decrypt (and vice versa). Security of the public key is
not needed because it is publicly available and can be shared over the
internet. A common application of this principle in email security is the
DomainKeys Identified Mail (DKIM) record, which uses public / private key pairs
to authenticate messages and prevent spoofing (spoofing means, a deceptive tactic
where attackers disguise their identity to impersonate a trusted source (like a
person, website, or device) to trick
victims into revealing (close fitting) sensitive information, spreading
malware, or gaining unauthorized access, often using fake emails, websites, IP
addresses, or caller IDs to appear legitimate.). Advanced cryptographic methods like
quantum key distribution are now emerging to further enhance the security of
key exchange beyond traditional asymmetric encryption models.
Asymmetric encryption presents
a much stronger option for ensuring the security of information transmitted
over the internet. Websites are secured using Secure Socket Layer (SSL) or
Transport Layer Security (TLS) certificates. A query to a web server sends back
a copy of the digital certificate, and a public key can be extracted from that
certificate, while the private key stays private.
Advantages of
Symmetric Key Cryptography:-
(1) Speed and efficiency:- Symmetric key+ algorithms are better
suited for encrypting large volumes of data or for use in real-time
communication scenarios as they are faster and less resource-intensive than asymmetric
cryptography. SKC algorithms do not involve algebraically mathematical
operations.
(2) Scalability:- Because symmetric key algorithms have relatively
low computational overhead, they scale well with the number of users and the
amount of data being encrypted.
(3) Simplicity:- Symmetric encryption protocols are often more
straightforward to implement and understand than asymmetric key methods, and
this would go a long way in attracting developers and users.
Disadvantages and
Limitations of Symmetric Key Cryptography:-
(1) Key management and distribution:- Both the sender and the
receiver in the SKC of a message need to have the same key, and the key should
not be seen by a third party. In case the key is somehow captured or
compromised by a third party, the security of the encrypted data is also lost.
(2) Non-repudiation:- Non-repudiation refers to the ability to
prove that a specific party has sent a message. In SKC, since the same key is
used for encryption and decryption, it is impossible to find out which party
created a particular cipher text.
Popular symmetric
encryption algorithms / Common Types of Symmetric Encryption Algorithms:-
(i) Advanced Encryption Standard (AES):- It has support for three-length keys: 128 bits, 192
bits, or 256 bits, the most commonly used one is a 128-bit key. It includes
secure communication, data encryption in storage devices, digital rights
management (DRM), and so on.
(ii) Data Encryption Standard (DES):- Data Encryption Standard (DES) In DES, the 64-bit
blocks of plaintext are encrypted using a 56-bit key. This weakness caused by
the small key size led to the development of a more secure algorithm, called
AES (Advanced Encryption Standard) .
(iii) Triple Data Encryption Algorithm (Triple
DES):- The development of the Triple DES,
also called Triple-DES or TDEA, was triggered by the weak security resulting
from the small key size in the DES. Triple DES denotes a method of three times
applying the DES algorithm sequentially (encrypt-decrypt-encrypt) on every
plaintext block.
(iv) Blowfish and Twofish:- Blowfish, developed in the 1990s, was a fast,
flexible algorithm with variable key lengths from 32 to 448 bits. It became
popular due to its free availability and lack of patents, making it attractive
for commercial and open-source projects. Twofish, its successor and an AES
finalist, offers key lengths of up to 256 bits and remains strong and
efficient, though it ultimately lost to AES in standardization. Both algorithms
are still used in niche systems.
(v) International Data Encryption Algorithm
(IDEA):- IDEA was developed in the early
1990s and became known for its use in Pretty Good Privacy (PGP) for email
encryption. It relies on a 128-bit key and provides strong resistance to
cryptanalysis. However, IDEA is slower than AES and has licensing restrictions,
limiting widespread adoption. While still secure, its practical use has
declined in favor of AES and other modern algorithms.
(2) ASYMMETRIC ENCRYPTION:- There are two sides in an encrypted communication: the
sender, who encrypts the data, and the recipient, who decrypts it. As the name
implies, asymmetric encryption is different on each side; the sender and the
recipient use two different keys. Asymmetric encryption, also known as public
key encryption, uses a public key-private key pairing: data encrypted with the
public key can only be decrypted with the private key.
TLS (Transport Layer Security)
(or SSL (Secure Sockets Layer )), the protocol that makes HTTPS possible,
relies partially on asymmetric encryption. A client will obtain a website's
public key from that website's TLS certificate (or SSL certificate) and use
that to initiate secure communication. The website keeps the private key
secret.
Advantages of Asymmetric Encryption:-
(1) In-Transit Security:- Symmetric encryption only works with a single key used
for encryption and decryption. With the right strategy, this is a perfectly
stable and secure way to manage database or server encryption. Having a single
key, however, is a liability when sending data between multiple parties.
Asymmetric encryption is much more suitable for public internet data sharing.
(2) Document Authentication:- Public and private key pairs are necessary for
creating security signatures that allow users to authenticate documents. This
additional layer of security assures that the sender is who they say they are
and that the message has not been tampered with.
(3) Flexibility:- Asymmetric encryption is flexible and can be used for a wide range of
applications, including secure email communication, online banking
transactions, and secure access to networks and systems, as long as the private
key secret is maintained.
Disadvantages
Asymmetric Encryption:-
(1) Speed:-
Asymmetric encryption is complex and, therefore, slow. It’s not the best
solution for bulk encryption–which means it isn’t the best solution for
encrypting servers, hard drives, databases, etc.
(2) Complexity and Adoption:- To be useful, all parties must use the same form of
encryption to share messages. In many cases, this isn’t a problem. For example,
all the major internet browsers and providers utilize HTTPS, which means that
they have adopted certificate authorities and tools to ensure that HTTPS is
seamlessly integrated such that users never have to do a thing. The same is
true for email–almost all email providers will use some form of TLS (Transport
Layer Security).
Asymmetric encryption
algorithms:-
(1) RSA or Rivest–Shamir–Adleman:- Considered a
staple of asymmetric encryption. Designed by the engineers that gave it its
name in 1977, RSA uses the factorization of the product of two prime numbers to
deliver encryption of 1024-bits and up to 2048-bit key length. According to
research conducted in 2010, you would need 1500 years of computational power to
crack its smaller 768-bit version!
However, this means that it is
a slower encryption algorithm. Since it requires two different keys of
incredible length, the encryption, and decryption process is slow, but the
level of security it provides for sensitive information is incomparable.
With RSA, it is possible to
encrypt, decrypt, sign, or verify data. Encryption and verification will use
the RSA public key while decryption and signing are done via the private key.
Typically, RSA is much slower than symmetric key encryption algorithms, so it should
only be used to encrypt small amounts of data. This is generally not a problem
because almost all RSA encryption is done as a “digital envelope”. This means
bulk data is encrypted using a symmetric algorithm (such as AES or RC5) and the
symmetric key is then RSA-encrypted using the recipient’s public key. The
recipient can then decrypt using the private key to obtain the symmetric key
and decrypt the bulk data.
(2) DSA:- DSA
stands for “Digital Signature Algorithm”. This algorithm can only compute and verify
digital signatures. It cannot encrypt or perform key exchange. When DSA is
computing a signature, it is not encrypting the digest of the data to sign. It
is computing a pair of numbers (called r and s) using the private key, the
digest, and a random value. The math works out that using the public key, r,
and the digest, it is possible to also compute s. If the s from the signature
matches the s the verifier computes, the signature verifies.
Before performing any DSA
operation, a fixed set of domain parameters must be set or generated. These
parameters define a cyclic multiplicative group of order q in a finite field of
p elements. The generator of this group is called g. The commonly used language
of “key generation” in the context of DSA also means domain parameter
generation.
(3) ECC (Elliptic Curve Cryptography):-(
Elliptic Curve Cryptography (ECC) is a
modern approach to public-key cryptography based on the algebraic structure of
elliptic curves over finite fields. It is widely considered a more efficient
alternative to older systems like RSA because it provides the same level of
security with much smaller key sizes. For example, a 256-bit ECC key offers
security comparable to a 3072-bit RSA key.) This
method was originally pitched in 1985 by Neal Koblitz and Victor S. Miller,
only to be implemented years later in 2004. ECC uses a fairly difficult mathematical
operation based on elliptic curves on a finite field, in what is called the
Elliptic-curve Diffie–Hellman.
With ECC you have a curve,
defined by a math function, a starting point (A), and an ending point (Z) in
the curve. The key is that to get to Z, you have done a series of “hops”, or
multiplications that resulted in Z. This amount of hops is the private key.
Even if you have the starting
and ending point (public key), and the curve, it is nearly impossible to crack
the private key. This is because ECC is what is called a “trapdoor”, or a
mathematical operation that is easy and quick to complete, but extremely difficult
to reverse.
ECC, or ECDH, a mathematical
formula is of such strength that it can match a 1024-bit key system with
security with a 164-bit key. In its highest setting, 512-bits, ECC can achieve
a comparable level of security of a 15360-bit RSA key!
To paint a picture, RSA
2048-bit keys are the banking standard, yet 521-bit ECC delivers the equivalent
of a 15360-bit RSA key.
Considering the aforementioned
facts, ECC is considered the future of encryption. It’s asymmetric, yet it is
able to provide a security level of 256 bits at a maximum key length of 521
bits, which ensures fast encryption speeds with a high complexity of decryption
to ensure sensitive data stays safe.
ECC is also extremely
attractive for mobile, where processing power is low and data transfers are
high.
(4) Diffie-Hellman:- With Diffie-Hellman, two parties each use their own
private key together with the other party’s public key to arrive at a common
value called a shared secret. The private keys and shared secret itself never
have to take on the risk of being transmitted. Only the public keys need to be
transmitted and the shared secret is protected by the difficulty of the
discrete log problem. Generally, a digest of the shared secret is then used as
a symmetric key for encrypting messages or as input to any other key derivation
scheme.
(5) ElGamal:- This algorithm is based on the difficulty of computing discrete
logarithms. It is often used for digital signatures and key exchange. ElGamal
encryption is also used in conjunction with other cryptographic techniques to
enhance security.
INTRODUCTION TO CRYPTOGRAPHY
:- (One of the oldest and simplest cryptographic techniques is the Caesar
Cipher, which was used by Julius Caesar to send secret military messages., Encryption
→ Converting Plain Text into Cipher Text ,
Decryption → Converting Cipher Text back into Plain Text ) Cryptography,
a word with Greek origins, means “secret writing.” Cryptography is the science
of using mathematics to encrypt and decrypt data. Cryptography enables you to
store sensitive information or transmit it across insecure networks (like the
Internet) so that it cannot be read by anyone except the intended recipient. Cryptography
is the technique of securing information by converting it into an unreadable
form so that only authorized users can access and understand it.
By the CRYPTOGRAPHY, we can
protect / Ensures secure communication in the presence of opponents. Protects
sensitive data from unauthorized access, Maintains confidentiality, integrity,
authentication, and non-repudiation, Converts plaintext into ciphertext using
encryption techniques, Plays a vital role in online transactions, digital
security, and data protection
How Cryptography
Works:- Consider two parties: Ajay
(Sender) and Anshu (Receiver).
Ajay wants to send a secure
message m to Anshu.
Process Overview:-The original message (plaintext) is converted into an
unreadable format using an encryption algorithm and a key k., The encrypted message is called
ciphertext. The receiver uses the same
or a related key to decrypt the ciphertext back into readable form.
EXAMPLE WITH CODE:-
Understanding Caesar
Cipher, Caesar Cipher works by shifting
each letter of the alphabet by a fixed number (called Key or Shift value).
For example:
·
If Key = 3
·
A becomes D
·
B becomes E
·
C becomes F
…and so on.
After Z, it wraps around back to A.
PROBLEM STATEMENT
Convert the word:
CRYPTOGRAPH
Using Caesar Cipher
with:
Key = 3
Step-by-Step Encryption
Algorithm
Algorithm: Caesar Cipher
Encryption
1.
Start
2.
Input the plain text
3.
Input the key (shift value)
4.
For each character in the plain text:
ü
Check if it is an alphabet letter
ü
Find its position in the alphabet (A = 0, B = 1,
… Z = 25)
ü
Add the key value
ü
Take modulo 26 to stay within alphabet range
ü
Convert back to a letter
5.
Combine all shifted letters
6.
Output the cipher text
7.
Stop
Detailed Example:
Encrypting "CRYPTOGRAPH"
Alphabet positions:-
A=0, B=1, C=2, D=3, ... Z=25
|
Letter |
Position |
+3 |
New
Position |
Encrypted
Letter |
|
C |
2 |
2+3=5 |
5 |
F |
|
R |
17 |
17+3=20 |
20 |
U |
|
Y |
24 |
24+3=27 % 26 = 1 |
1 |
B |
|
P |
15 |
15+3=18 |
18 |
S |
|
T |
19 |
19+3=22 |
22 |
W |
|
O |
14 |
14+3=17 |
17 |
R |
|
G |
6 |
6+3=9 |
9 |
J |
|
R |
17 |
17+3=20 |
20 |
U |
|
A |
0 |
0+3=3 |
3 |
D |
|
P |
15 |
15+3=18 |
18 |
S |
|
H |
7 |
7+3=10 |
10 |
K |
Final Encrypted Output:-
CRYPTOGRAPH → FUBSWRJUDSK
Decryption Algorithm
(Reverse Process):-
To get the original word back:-
1.
Start
2.
Input the cipher text
3.
Use the same key (3)
4.
For each letter:
ü
Subtract the key
ü
Take modulo 26 if needed
ü
Convert back to alphabet
5.
Output the original plain text
6.
Stop
FORMULA:-
Encryption:
E(x) = (x + k) % 26
Decryption:-
D(x) = (x - k) % 26
WHY MODULO 26 IS USED?:-
Because there are 26 letters in
the English alphabet.
For example:-
ü Y (24) + 3 = 27
ü 27 % 26 = 1
ü 1 = B
So after Z, counting starts
again from A.
(IN HINDI ) ( ONLY FOR HINDI MEDIUM STUDENTS)
Cryptography को Convert करने का Algorithm (Hindi में आसान भाषा में)
सबसे
पहले समझते हैं
कि Cryptography
क्या होता है।
Cryptography एक ऐसी प्रक्रिया
है जिसमें हम
अपने साधारण संदेश (Plain Text) को एक
गुप्त संदेश (Cipher Text) में बदल
देते हैं ताकि
कोई तीसरा व्यक्ति
उसे पढ़ न
सके। जब हम गुप्त
संदेश को वापस
सामान्य संदेश में बदलते
हैं, उसे Decryption कहते हैं।
Cryptography में सबसे आसान
और प्रसिद्ध तकनीक
है Caesar Cipher,
जिसे Julius Caesar ने
उपयोग किया था।
Caesar Cipher Algorithm (Encryption के लिए)
मान
लीजिए हमें “CRYPTOGRAPH” शब्द
को गुप्त बनाना
है।
स्टेप-बाय-स्टेप
Algorithm
Step 1: Plain Text
(साधारण संदेश) लें।
Plain Text = CRYPTOGRAPH
Step 2: एक Key (Shift value) तय करें।
मान लेते हैं
Key = 3
Step 3: हर अक्षर
को Alphabet में 3 स्थान आगे
बढ़ाएँ।
FORMULA:-
Encrypted Letter = (Original Letter
+ Key) % 26
(क्योंकि
English में 26 अक्षर होते हैं)
Example: CRYPTOGRAPH को Encrypt करना
|
Original
Letter |
Shift
3 आगे |
Encrypted
Letter |
|
C |
D E F |
F |
|
R |
S T U |
U |
|
Y |
Z A B |
B |
|
P |
Q R S |
S |
|
T |
U V W |
W |
|
O |
P Q R |
R |
|
G |
H I J |
J |
|
R |
S T U |
U |
|
A |
B C D |
D |
|
P |
Q R S |
S |
|
H |
I J K |
K |
Final Encrypted Word:-
CRYPTOGRAPH →
FUBSWRJUDSK
Decryption Algorithm
(वापस Original में बदलना)
Step 1: Cipher Text लें।
Cipher Text = FUBSWRJUDSK
Step 2: वही Key (3) लें।
Step 3: हर अक्षर को 3 स्थान पीछे करें।
Formula:-
Decrypted Letter = (Encrypted
Letter - Key) % 26
Result:- FUBSWRJUDSK
→ CRYPTOGRAPH
पूरा
Algorithm:-
Algorithm: Caesar Cipher Encryption:-
1.
Start
2.
Plain text input करें
3.
Key (shift value) input करें
4.
हर अक्षर के लिए:
ü
Alphabet में
उसकी position निकालें
ü
उसमें
key जोड़ें
ü
Result को
26 से mod करें
ü
नया
अक्षर बनाएं
5.
सभी अक्षरों को जोड़कर
Cipher text बनाएं
6.
Stop
CRYPTOGRAPHIC ALGORITHMS AND
TECHNIQUES:-
CRYPTOGRAPHIC ALGORITHMS :- Cryptography
involves the practice of encrypting and decrypting information to ensure it is
kept private and secure from unintended parties. Cryptography was first used in
about 1900 BC in Ancient Egypt with substituted hieroglyphics to secure
communication. A cryptographic algorithm is the mathematical equation used to
scramble (struggle) the plain text and make it unreadable. They are used for
data encryption, authentication and digital signatures.
Before exploring the algorithms
themselves, it’s important to grasp several foundational concepts that underpin
cryptographic processes:
Plaintext (Cleartext):- Unencrypted data in its original, readable form.
Ciphertext:- The encrypted form of data, which is unintelligible
without the appropriate decryption key.
Algorithm:- A step-by-step procedure used to encrypt and decrypt
data.
Cryptanalysis: The practice of
breaking cryptographic systems and uncovering encrypted information without
access to the key.
THE FOUR PRIMARY
TYPES OF CRYPTOGRAPHIC ALGORITHMS TECHNIQUES:-
(1) Symmetric encryption
(2) Asymmetric encryption
(3) Hashing algorithms
(4) Digital Signatures
(1) SYMMETRIC ENCRYPTION:- Symmetric encryption is one of the most basic yet
effective methods of securing data. In symmetric encryption, both the sender
and the recipient use the same secret key to encrypt and decrypt the data. The
main advantage of this approach is its speed and efficiency, making it suitable
for encrypting large amounts of data. However, the significant challenge lies
in securely sharing the secret key. If an unauthorized party intercepts the
key, the entire communication is compromised.
Types of Symmetric
Algorithms:-
(a) Substitution Ciphers:- These algorithms replace each character of the
plaintext with a corresponding character in the ciphertext. For example, the
ROT13 cipher shifts each letter of the alphabet 13 positions forward,
transforming “HELLO” into “URYYB”.
(b) Transposition Ciphers: Rather than altering the characters
themselves, transposition ciphers rearrange the characters of the plaintext
according to a specific pattern. For instance, the phrase “HELLO WORLD” could
be rearranged as “HLOOLELWRD” based on a predetermined order.
Example of Symmetric
Encryption:-
ANSHU and DEEPAK agree on a cipher and a secret key.
ANSHU encrypts a message using
this shared key.
ANSHU sends the encrypted
message (ciphertext) to DEEPAK.
DEEPAK decrypts the message
using the same key.
(EXAMPLE IN HINDI (
ONLY FOR HINDI MEDIUM STUDENTS) :-
Symmetric
encryption ek aisa cryptographic
algorithm hai jisme same key (secret
key) ka use karke data ko encrypt (lock) aur decrypt (unlock) kiya jata
hai.
Means:-
(a) Ek secret key hoti hai,
(b) Sender aur Receiver dono ke paas same key honi chahiye
(c ) Isi
key se message ko encode aur decode kiya jata hai
(d) Isliye ise Secret Key
Encryption bhi bolte hain.
EXAMPLE OF HASH
ALGORITHMS FOR HINDI OR ENGLISH MEDIUM STUDENTS:-
Real Life Example
(Simple Understanding):-
Imagine:-
(a)
You put a letter in a box.
(b)
You close that box with a lock.
(c
) The receiver also has the same key.
(d
) He opens the box with the same key.
Here:-
(a)
Lock = Encryption Algorithm
(b)
Key = Secret Key
(c
) Letter = Plaintext (original message)
Technical
Terms:-
|
Term |
Meaning |
|
Plaintext |
Original message |
|
Ciphertext |
Encrypted
message |
|
Key |
Secret password |
|
Encryption |
Plaintext →
Ciphertext |
|
Decryption |
Ciphertext →
Plaintext |
Step-by-Step Example (Simple
Mathematical Method):-
Suppose:-
Plaintext = HELLO
Secret Key = 3
Here we will use a simple
character shifting method (Caesar style shift).
Each
letter will be shifted 3 positions forward.
Step 1: Convert Plaintext Into
Numbers
A = 0
B = 1
C = 2
-----
----
Z = 25
Write HELLO in numbers:
H = 7
E = 4
L = 11
L = 11
O = 14
Step 2: Apply Encryption
Formula
Formula:-
Ciphertext = (Plaintext + Key) mod 26
Key = 3
Now apply it to each letter:
H → (7 + 3) = 10 → K
E → (4 + 3) = 7 → H
L → (11 + 3) = 14 → O
L → (11 + 3) = 14 → O
O → (14 + 3) = 17 → R
Encrypted
Message Obtained (Ciphertext)
KHOOR
Now
if a hacker sees it, he will get "KHOOR", not the original message.
Step
3: Decryption Process
Now
the receiver has the same key (3).
Formula:-
Plaintext
= (Ciphertext − Key) mod 26
K
→ (10 − 3) = 7 → H
H
→ (7 − 3) = 4 → E
O
→ (14 − 3) = 11 → L
O
→ (14 − 3) = 11 → L
R
→ (17 − 3) = 14 → O
Result:-
HELLO, The message has been received back.
EXAMPLE OF HASH ALGORITHMS FOR HINDI MEDIUM STUDENTS:-
Real Life Example
(Simple Understanding):-
Sochiye:-
(a) Aap ek box me letter daalte ho.
(b) Aap us box ko ek taale (lock) se band kar dete ho.
(c ) Receiver
ke paas bhi same chabi (key) hai.
(d ) Wo usi chabi se box kholta hai.
Yaha per:-
(a) Lock
= Encryption Algorithm
(b) Key
= Secret Key
(c
) Letter = Plaintext (original
message)
Technical Terms:-
|
Term |
Meaning |
|
Plaintext |
Original message |
|
Ciphertext |
Encrypted
message |
|
Key |
Secret password |
|
Encryption |
Plaintext → Ciphertext |
|
Decryption |
Ciphertext →
Plaintext |
Step-by-Step Example (Simple Mathematical Method):-
Suppose:-
Plaintext = HELLO
Secret Key = 3
Yaha hum simple character shifting method use karenge
(Caesar style shift).
Har letter ko 3 position aage shift karenge.
Step 1: Plaintext Ko Number Me Convert Kare
A = 0
B = 1
C = 2
---
---
Z = 25
HELLO ko numbers me likhen:
H = 7
E = 4
L = 11
L = 11
O = 14
Formula:-
Ciphertext = (Plaintext + Key) mod 26
Key = 3
Ab har letter par apply karte hain:
H → (7 + 3) = 10 → K
E → (4 + 3) = 7 → H
L → (11 + 3) = 14 → O
L → (11 + 3) = 14 → O
O → (14 + 3) = 17 → R
Encrypted Message Mila (Ciphertext)
KHOOR
Ab agar koi hacker dekhega to usko "KHOOR"
milega, asli message nahi milega.
Ab receiver ke paas same key (3) hai.
Formula:-
Plaintext = (Ciphertext − Key) mod 26
K → (10 − 3) = 7 → H
H → (7 − 3) = 4 → E
O → (14 − 3) = 11 → L
O → (14 − 3) = 11 → L
R → (17 − 3) = 14 → O
Result:- HELLO,
Message wapas mil gaya hai.
(2) ASYMMETRIC ENCRYPTION:- Asymmetric encryption solves the key distribution
problem inherent in symmetric encryption by using two distinct keys:-
a public key and a private key. The public key is shared openly
and used to encrypt messages, while the private key is kept secret and used to
decrypt them. This approach ensures that even if a malicious actor intercepts
the public key, they cannot decrypt the message without access to the
corresponding private key.
Example of Asymmetric
Encryption in Practice:-
DEEPAK generates a
public-private key pair.
DEEPAK shares the public key
with ANSHU.
ANSHU encrypts her message
using DEEPAK’S public key.
DEEPAK decrypts the message
using his private key.
EXAMPLE OF HASH
ALGORITHMS FOR HINDI OR ENGLISH MEDIUM STUDENTS:-
Asymmetric Encryption (Public
Key Cryptography)
Asymmetric Encryption is a
cryptographic algorithm in which two different keys are used:
(1) Public Key – can be shared
with everyone
(2) Private Key – kept secret
(only with the owner)
Therefore, it is also called
Public Key Cryptography.
Simple Definition:- Asymmetric Encryption is a technique in which:
(1) Public Key is used to
encrypt the data
(2) Private Key is used to
decrypt the data
And both keys are
mathematically related, but it is practically impossible to derive the private
key from the public key.
Asymmetric Encryption
Working (Step by Step Example)
Real Life Example
(Message Sending):-
Suppose:-
Ram wants to send a secret message to Shyam,
Shyam has 2 keys:
(1) Public Key
and
(2) Private Key
Step 1: Key Generation:-
Shyam
uses an algorithm (like RSA) on his computer to:
ü
Generate a Public
Key
ü
Generate a
Private Key
He
gives the public key to everyone.
He
keeps the private key secret.
Step 2: Encryption:-
Ram
encrypts the message using Shyam’s Public Key.
Message:-
HELLO
After
encryption, it may look something like:-
XJ92KQ7L
Now
it is unreadable.
Step
3: Decryption:- Shyam decrypts the encrypted message using his Private Key.
Result:-
HELLO
EXAMPLE HOW TO CHANGE
ASYMMETRIC ENCRYPTION IN SYMMETRIC
( ONLY FOR HINDI
MEDIUM STUDENTS)
Asymmetric Encryption (Public
Key Cryptography)
Asymmetric Encryption ek
cryptographic algorithm hai jisme do alag-alag keys use hoti hain:
(1) Public Key – sabke saath share ki ja sakti hai
(2) Private Key – secret rakhi jaati hai (sirf owner ke paas)
Isliye ise Public Key
Cryptography bhi kehte hain.
Simple Definition:- Asymmetric
Encryption ek aisi technique hai jisme:
(1) Data ko encrypt karne ke liye Public Key use hoti hai
(2) Data ko decrypt karne ke liye Private Key use hoti hai
Aur dono keys mathematically
related hoti hain, lekin public key se private key nikalna practically
impossible hota hai.
Asymmetric Encryption Ka
Working (Step by Step Example)
Real Life Example (Message
Sending):-
Maan lo:- Ram ko Shyam ko
secret message bhejna hai, Shyam ke
paas 2 keys hain:
(1) Public Key and (2) Private Key
Step 1: Key Generation:-
Shyam
apne computer me algorithm (jaise RSA) use karke:
ü
Ek Public Key
generate karta hai
ü
Ek Private Key
generate karta hai
Public
key sabko de deta hai.
Private key secret rakhta hai.
Step 2: Encryption:-
Ram, Shyam ki Public Key se
message encrypt karta hai.
Message:- HELLO
Encrypt hone ke baad kuch aisa
ban sakta hai:- XJ92KQ7L, Ab ye unreadable
hai.
Step 3: Decryption:- Shyam apni
Private Key se encrypted message ko decrypt karta hai.
Result:- HELLO
EXAMPLE OF HASH
ALGORITHMS FOR HINDI OR ENGLISH MEDIUM STUDENTS:-
(NOTE:- We are using small
numbers only for understanding. In real life, RSA uses very large prime numbers
of 2048-bit or 4096-bit.)
Algorithm:- RSA
Asymmetric encryption is mainly
based on mathematics (prime numbers).
Example (Simplified RSA
Concept):-
STEP 1:- Choose Two Prime
Numbers:-
p = 3, q = 11
STEP 2:- Calculate n, Formula:-
n = p × q
So, n = 3 × 11
n = 33
This n will be used in both the
public key and the private key.
STEP 3: Calculate φ(n) (Phi
Function)
In RSA, there is an important
value:-
φ(n) = (p - 1)(q - 1)
So,
φ(n) = (3 - 1)(11 - 1)
φ(n) = 2 × 10
φ(n) = 20
STEP 4: Choose e for the Public
Key
Condition:-
(1) e < φ(n)
(2) e and φ(n) should be
co-prime (GCD = 1)
(NOTE:- Greatest Common
Divisor. It represents the largest positive integer that divides two or more
integers without leaving a remainder. Also known as the Highest Common Factor
(HCF) or Greatest Common Factor (GCF), it is commonly used to simplify
fractions and in number theory.)
Here:- φ(n) = 20
We choose e = 3.
Check:-
GCD(3, 20) = 1 ✔
Therefore, it is valid.
PUBLIC KEY:-
Public Key = (e, n)
Public Key = (3, 33)
This can be shared with
everyone.
STEP 5: Find d for the Private
Key
Condition:- (d × e) mod φ(n) =
1
That means:- (d × 3) mod 20 = 1
Now we find d:-
Try values:-
3 × 7 = 21
21 mod 20 = 1 ✔
So, d = 7
Private Key:-
Private Key = (d, n)
Private Key = (7, 33)
This is kept secret.
STEP 6: Encryption Process
Formula:- Ciphertext = (Message
^ e) mod n
Suppose message = 4
Public key = (3, 33)
So,
Ciphertext = (4 ^ 3) mod 33
Ciphertext = 64 mod 33
33 × 1 = 33
64 - 33 = 31
So, Ciphertext = 31
Encrypted message = 31
STEP 7: Decryption Process
Formula:- Message = (Ciphertext
^ d) mod n
Private key = (7, 33)
So,
Message = (31 ^ 7) mod 33
31 mod 33 = 31
31² = 961
961 mod 33:-
33 × 29 = 957
961 - 957 = 4
So:
31² mod 33 = 4
Now break the powers:
31⁷ = 31^ (2×3 + 1)
After mathematical
simplification, the result:
Message = 4
The original message is
obtained back.
FINAL SUMMARY REPORT FOR EASY UNDERSTANDING :-
|
Step |
Value |
|
p |
3 |
|
q |
11 |
|
n |
33 |
|
φ(n) |
20 |
|
e |
3 |
|
d |
7 |
|
Public Key |
(3, 33) |
|
Private Key |
(7, 33) |
EXAMPLE OF MATHEMATICAL
EXAMPLE (SIMPLE UNDERSTANDING)
(NOTE:- Hum chhote numbers use kar rahe hain sirf
samajhne ke liye. Real life me RSA me 2048-bit ya 4096-bit ke bahut bade prime
numbers use hote hain.)
Algorithm:- RSA
Asymmetric encryption mainly
mathematics (prime numbers) par based hota hai.
Example (Simplified RSA
Concept):-
STEP 1: Do Prime Numbers Choose Karo :- p = 3, q = 11
STEP 2: n Calculate Karo, Formula:-
n = p × q
So, n = 3 × 11, n = 33,
Ye n public key aur private key dono me use hoga.
STEP 3: φ(n) (Phi Function)
Calculate Karo
RSA me ek important value hoti
hai:-
φ(n) = (p - 1)(q - 1)
So,
φ(n) = (3 - 1)(11 - 1)
φ(n) = 2 × 10
φ(n) = 20
STEP 4: Public Key ka e Choose
Karo
Condition:-
(1) e < φ(n)
(2) e aur φ(n) co-prime hone chahiye (GCD = 1)
(NOTE:- Greatest Common
Divisor. It represents the largest positive integer that divides two or more
integers without leaving a remainder. Also known as the Highest Common Factor
(HCF) or Greatest Common Factor (GCF), it is commonly used to simplify
fractions and in number theory. )
Yaha:- φ(n) = 20
Hum e = 3 choose karte hain.
Check karo:
GCD(3, 20) = 1 ✔,
Isliye valid hai.
Public Key = (e, n)
Public Key = (3, 33)
Ye sabko batayi ja sakti hai.
STEP 5: Private Key ka d Find Karo
Condition:- (d × e) mod φ(n) = 1
Yani:- (d × 3) mod 20 = 1
Ab d find karte hain:-
Try values:-
3 × 7 = 21
21 mod 20 = 1 ✔
So, d = 7
Private Key:- Private Key = (d, n), Private Key = (7, 33)
Ye secret rakhi jaati hai.
STEP 6: Encryption Process
Formula:- Ciphertext = (Message ^ e) mod n
Maan lo message = 4
Public key = (3, 33)
So,
Ciphertext = (4 ^ 3)
mod 33
Ciphertext = 64 mod 33
33 × 1 = 33
64 - 33 = 31
So, Ciphertext = 31
Encrypted message = 31
STEP 7: Decryption Process
Formula:- Message = (Ciphertext ^ d)
mod n
Private key = (7, 33)
So, Message = (31 ^ 7) mod 33
31 mod 33 = 31
31² = 961
961 mod 33:-
33 × 29 = 957
961 - 957 = 4
Toh:
31² mod 33 = 4
Ab powers break karte hain:
31⁷ = 31^ (2×3
+1)
Mathematical simplification ke baad result:
Message = 4, Original
message wapas mil gaya.
FINAL SUMMARY REPORT FOR EASY UNDERSTANDING :-
|
Step |
Value |
|
p |
3 |
|
q |
11 |
|
n |
33 |
|
φ(n) |
20 |
|
e |
3 |
|
d |
7 |
|
Public Key |
(3, 33) |
|
Private Key |
(7, 33) |
(3) HASH-FUNCTION / HASHING ALGORITHMS :- No key is used in this algorithm, but a fixed-length
value (It is also known as a hash or digest, small digest or “hash value”) is
calculated from the plaintext, which makes it impossible for the contents of
the plaintext to be recovered. Hash functions are often used by computer
systems to encrypt passwords.
Hashing is not intended (projected)
for encryption or decryption but instead (in its place) serves to verify data
integrity. Even the slightest change to the input will result in a completely
different hash, making it a crucial tool for ensuring data integrity.
Use for Hashing
function:-
(a) Password Storage:- Instead of storing plaintext passwords,
systems store hashes. When a user inputs their password, the system compares
the hash of the entered password to the stored hash. If they match, the
password is correct.
(b) File Integrity:- After downloading a file, a user can
verify its integrity by comparing the file’s hash to a known, trusted hash
provided by the source.
Hash Algorithms are:-
(1) SHA-256 (Secure Hash Algorithm): One of the most secure and
widely used hash functions, generating a 256-bit hash.
(2) MD5 (Message Digest Algorithm): Produces a 128-bit hash but is
vulnerable (weak) to collision attacks, where two different inputs produce the
same hash, making it less secure for modern use.
EXAMPLE OF HASH
ALGORITHMS FOR HINDI OR ENGLISH MEDIUM STUDENTS:-
A Hash Function is a special mathematical function that takes
input data of any size and converts it into a fixed-size output. This output is
called a Hash Value, Digest, or Message Digest.
No matter whether the input is 5 characters long or a 5 GB file — the output
will always be of the same length.
Simple Definition:- A Hash
Function is a one-way function which:-
ü It
does not encrypt the data
ü It
converts data into a fixed-size code
ü Reverse
(getting back the original data) is practically impossible
Real Life Example:- Imagine
you have a book., If I create one unique short code for the entire book,
like:- Original Book → "My Network Security
Notes"
Hash Output → 5F4DCC3B5AA765D61D8327DEB882CF99
If even a single letter in the book is changed, the
hash will completely change.
Important Properties of
Cryptographic Hash Function:-
(1) Fixed Length Output:- Whether the input is small or large, the output will
be of fixed length.
(2) Deterministic:- Same input → Same output (always)
(3) One-Way Function:- It is not possible to retrieve the original data from
the hash.
(4) Avalanche Effect:- 1 bit change in input → Output completely different
(5) Collision Resistant:- It is very difficult for two different inputs to
produce the same hash.
Step-by-Step Easy Example
(Conceptual):- Suppose there is a simple hashing formula:-
Hash = Sum of ASCII values mod 100
Step 1: Input:- Input = "ABC"
Step 2: ASCII Values:-
A = 65, B = 66, C = 67
Step 3: Sum
65 + 66 + 67 = 198
Step 4: mod 100
198 mod 100 = 98
Hash Value = 98
ASCII:-
A=65, B=66, D=68
Sum:- 65 + 66 + 68 = 199
mod 100:-
199 mod 100 = 99
See, only one letter changed, the hash changed from 98 to 99.
This is just a simple example. Real cryptographic hash algorithms are very
complex.
(1) Password Storage:- When you enter a password:-
Example:- Password: Ajay123
The system does not store the password.
It stores:- Code:- SHA-256(Ajay123) = Some long hash value
At login time:- The user will enter the password, The
system will generate its hash,
It will compare it with the stored hash, If match → Login successful
Code:- Original File Hash = ABC123XYZ
After download:- You generate the hash yourself, Compare it,
If match → File is safe
If different → File is corrupted or tampered
(3) Digital Signature:- In digital signature:-
First, the hash of the message is created,
Then the hash is encrypted using the private key.
EXAMPLE OF HASH
ALGORITHMS FOR HINDI MEDIUM STUDENTS ONLY:-
Hash Function / Hashing
Algorithm (Cryptographic Algorithms):- Hash Function ek special mathematical
function hota hai jo kisi bhi size ke input data ko lekar usko fixed-size
output me convert karta hai. Is output ko Hash Value, Digest, ya Message Digest
kaha jata hai.
Input chahe 5 character ka ho
ya 5 GB ka file ho — output hamesha same length ka hoga.
Simple Definition:- Hash Function ek one-way function hota hai
jo:-
ü Data ko encrypt nahi karta
ü Data ko fixed-size code me convert karta hai
ü Reverse (original data wapas lana) practically
impossible hota hai
Real Life Example:- Socho aap
ke paas ek book hai., Agar main puri
book ka ek unique short code bana du,
jaise:- Original Book →
"My Network Security Notes"
Hash Output →
5F4DCC3B5AA765D61D8327DEB882CF99
Agar book me ek bhi letter
change kar diya jaye, to hash completely change ho jayega.
Important Properties of
Cryptographic Hash Function:-
(1) Fixed Length Output:- Chahe input chhota ho ya bada, output fixed length ka
hoga.
(2) Deterministic:- Same input → Same output (hamesha)
(3) One-Way Function:- Hash se original data wapas nikalna possible nahi
hota.
(4) Avalanche Effect:- Input me 1 bit change → Output completely different
(5) Collision Resistant:- Do alag inputs ka same hash milna bahut mushkil hota
hai.
Step-by-Step Easy Example
(Conceptual):- Man lo ek simple hashing formula hai:-
Hash = Sum of ASCII values mod
100
Step 1: Input:- Input =
"ABC"
Step 2: ASCII Values:-
A = 65, B = 66, C = 67
Step 3: Sum
65 + 66 + 67 = 198
Step 4: mod 100
198 mod 100 = 98
Hash Value = 98
AGAR INPUT CHANGE KARE:- INPUT =
"ABD"
ASCII:-
A=65, B=66, D=68
Sum:- 65 + 66 + 68 = 199
mod 100:-
199 mod 100 = 99
Dekho sirf ek letter change
hua, hash 98 se 99 ho gaya.
Ye sirf simple example hai.
Real cryptographic hash algorithms bahut complex hote hain.
HASHING KA USE KAHAN HOTA HAI?
(1) Password Storage:- Jab aap password enter karte ho:-
Example:- Password: Ajay123
System password ko store nahi
karta.
Woh store karta hai:- Code:- SHA-256(Ajay123)
= Some long hash value
Login ke time:- User password
enter karega, System uska hash
banayega,
Compare karega stored hash se, Agar match → Login successful
(2) Data Integrity Check:- File download karte waqt website hash
provide karti hai:
Code:- Original File Hash =
ABC123XYZ
Download ke baad:- Aap khud
hash generate karo, Compare karo ,
Agar match → File safe hai
Agar different → File corrupted
ya tampered
(3) Digital Signature:- Digital signature me:- Pehle message ka
hash banaya jata hai,
Phir hash ko private key se
encrypt kiya jata hai.
(4) DIGITAL
SIGNATURES:-
A Digital Signature is a
specific type of Electronic Signature (e-Signature). Digital Signatures provide
a type of digital ID which is unique to the person who is signing a document.
A digital signature is a
cryptographic technique used to verify the authenticity, integrity, and
non-repudiation of a digital message or document. It ensures that the message
was created by a known sender and that it has not been altered during
transmission. To do this, Digital Signatures use Public Key Infrastructure
(PKI), Digital Certificates and Qualified Timestamps to guarantee the highest
level of security and legal acceptance worldwide.
How does it work?:-
A digital signature for an
electronic message is created by using a form of cryptography and is equivalent
to a personal signature on a written document. The digital signature on a
message provides a unique electronic binding of the identity of the signer to
the origin of the message. A digital signature provides proof of the message
origin and a method to verify the integrity of the message. A digital
certificate owner combines the data to be signed with their private key, and
then transforms the data with an algorithm. The recipient of the message uses
the corresponding certificate public key to decrypt the signature. The public
key decryption also verifies the integrity of the signed message and verifies
the sender as the source. Only the organization with the private key can create
the digital signature. However, anyone that has access to the corresponding
public key can verify the digital signature.
Example:-
Suppose a university sends a
digital mark sheet., The university signs it digitally.
If anyone modifies the marks, the signature becomes invalid
The steps of the
digital signature process are as follows:-
1. The sender computes a message digest (with an
algorithm such as RSA or SHA1) and then encrypts the digest with their private
key, which forms the digital signature. Multiple signatures and signature
formats can be attached to a message, each referencing different (or even
overlapping) parts of the message.
2. The sender transmits the digital signature with the
message.
3. The receiver decrypts the digital signature with the
public key of the sender, thus regenerating the message digest.
4. The receiver computes a message digest from the
message data that was received, and verifies that the two digests are the same.
If these digests match, the message is both intact and authentic.
What are the ADVANTAGES
of digital signatures?
(1) Security:- Security capabilities are embedded in digital signatures to ensure a
legal document isn't altered and signatures are legitimate. Security features
include asymmetric cryptography, personal identification numbers (PINs),
checksums and cyclic redundancy checks (CRCs), as well as CA (Certificate
Authority )and trust service provider (TSP) validation.
(2) Timestamping:- This provides the date and time of a digital signature
and is useful when timing is critical, such as for stock trades, lottery ticket
issuance and legal proceedings.
(3) Globally accepted and legally compliant:- The public key
infrastructure (PKI) standard ensures vendor-generated keys are made and stored
securely. With digital signatures becoming an international standard, more
countries are accepting them as legally binding.
(4) Time savings:- Digital signatures simplify the time-consuming
processes of physical document signing, storage and exchange, letting
businesses quickly access and sign documents.
(5) Cost savings:- Organizations can go
paperless and save money previously spent on the physical resources, time,
personnel and office space used to manage and transport documents.
WHAT IS A DIGITAL
CERTIFICATE?:- Digital certificates, also
known as identity certificates or public key certificates, are a form of
electronic password using the public key infrastructure (PKI) that allows
individuals and organizations to exchange data over the internet in a secure
manner.
Creating a valid Digital Signature
using PKI requires a Digital Certificate. Sometimes known as a Public Key
Certificate or Digital ID, a Digital Certificate is an electronic document used
in Public Key Cryptography to verify an identity, such as a person signing a
document.
Public Key Cryptography - also
known as Public Key Encryption - works with cryptographic key pairs: Private
Keys and Public Keys. These key pairs are used to encrypt and decrypt data.
Once data is encrypted by one of the keys, it can only be decrypted by its key
pair.
A Digital Certificate binds an
identity to a key pair.
In other words, a Digital
Certificate acts like a form of electronic identification for the person
signing the agreement. Usually Digital Certificates are issued by a trusted
third party called a Certificate Authority (CA) who holds the Public Key.
A digital certificate contains
the following identifiable information:
ü User’s name
ü Company or department of user
ü IP (internet protocol) address or serial number of
device
ü Copy of the public key from a certificate holder
ü Duration of time the certificate is valid for
ü Domain certificate is authorized to represent
Components of A
Digital Certificate:-
(1) Public Key:- There is a pair of keys when it comes to a digital
certificate. One of those keys is a public key. This key is used when the
system encodes or encrypts the data or message that is intended to be sent to
the certificate holder.
(2) Private Key:- The private key is with the user who will receive the
message or data. When the user enters this key, the data will be decoded or
decrypted and will be readable as per human understanding. The digital
certificate landscape relies on the security of this private key.
(3) Certificate Authority (CA):- A CA is an authoritative organisation that is responsible
for certifying entities by validating their identities for a digital
certificate. The CA conducts a strict digital certificate authentication
procedure before allotting the certificate to any entity to keep the legitimacy
of the security tool.
(4) Registration Authority (RA):- Registration authority is the middleman between the
user and the CA. It is deemed responsible for verifying the identity of the
entity or individual applying for the certificate. Then, the process is passed
on to the CA.
(5) Certificate Database:- A certificate database is a storage system of all the
digital certificates in order to manage and administer them. This database
includes a record of all the issued certificates, public keys associated with
those certificates, all the relevant metadata, etc. This is essential in the
validation process, ensuring the authenticity of certificates.
Types of Digital
Certificates:-
(1) TLS/SSL certificate;- A TLS/SSL (Transport Layer Security / Secure Sockets
Layer) certificate sits on a server— such as an application, mail, or web
server—to ensure communication with its clients is private and encrypted. The
certificate provides authentication for the server to send and receive
encrypted messages to clients. The existence of a TLS/SSL certificate is
signified by the Hypertext Transfer Protocol Secure (HTTPS) designation at the
start of a Uniform Resource Locator (URL) or web address.
It comes in three forms:-
(a) Domain validated:- A domain validated certificate is a quick
validation method that is acceptable for any website. It is cheap to obtain and
can be issued in a matter of minutes.
(b) Organization validated:- This provides light business
authentication and is ideal for organizations selling products online through
e-commerce.
( c ) Extended validation:- This offers full business authentication,
which is required by larger organizations or any business dealing with highly
sensitive information. It is typically used by businesses in the financial
industry and offers the highest level of authentication, security, and trust.
(d) Code signing certificate:- A code signing certificate is used
to confirm the authenticity of software or files downloaded through the
internet. The developer or publisher signs the software to confirm that it is
genuine to users that download it. This is useful for software providers that
make their programs available on third-party sites to prove that files have not
been tampered with.
(e) Client certificate:- A
client certificate is a digital ID that identifies an individual user to
another user or machine, or one machine to another. A common example of this is
email, where a sender signs a communication digitally and its signature is
verified by the recipient. Client certificates can also be used to help users access
protected databases.
THE END UNIT 2 (CRYPTOGRAPHY
AND ENCRYPTION)
No comments:
Post a Comment
PLEASE DO LEAVE YOUR COMMENTS