CryptographyCryptography CryptographyCryptography

Submitted by Submitted by

Neha mukhiNeha mukhi

What is cryptography? Cryptography is the science of using

mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient.

Symmetric Key Cryptography

Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key (or, less commonly, in which their keys are different, but related in an easily computable way).

Public Key Cryptography

Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption.

PGP• PGP combines some of the best features of both

conventional and public key cryptography. PGP is a hybrid cryptosystem. When a user encrypts plaintext with PGP, PGP first compresses the plaintext. PGP then creates a session key, which is a one-time-only secret key the result is ciphertext. session key is encrypted with public key ciphertext + encrypted session key

LEVEL OF TRUST IN PGP

There are three levels of trust you can assign to someone else’s public key:

• Complete trust • Marginal trust • No trust (or Untrusted) To define another’s key as a trusted introducer, you• Start with a valid key, one that is either signed by you or signed by another trusted introducer and then • Set the level of trust you feel the keys owner is

entitled.

Digital Signature Digital signatures enable the recipient of

information to verify the authenticity of the information’s origin, and also verify that the information is intact. Thus, public key digital signatures provide authentication and data integrity. A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information.

Hash Function A one-way hash function takes variable-length

input, a message of any length and produces a fixed-length output.The hash function ensures that, if the information is changed in any way even by just one bit an entirely different output value is produced. PGP uses a cryptographically strong hash function on the plaintext the user is signing. This generates a fixed-length data item known as a message digest.

Digital certificates Digital certificates are used to thwart attempts to

substitute one person’s key for another. A digital certificate consists of three things: • A public key.• Certificate information. (Identity information

about the user, such as name, user ID, and so on.)

• One or more digital signatures.

What is Passphrase? A passphrase is a longer version of a

password. PGP uses a passphrase to encrypt your private key on your machine. Your private key is encrypted on your disk using a hash of your passphrase as the secret key. You use the passphrase to decrypt and use your private key. A passphrase should be hard for you to forget and difficult for others to guess.

Protect Public keys from Tampering

In a public key cryptosystem, you dont have to protect public keys from exposure. But its important to protect public keys from tampering, to make sure that a public key really belongs to the person to whom it appears to belong. This may be the most important vulnerability of a public key cryptosystem.It is protetcted by introducing users to each other by providing signatures for their public key certificates. This trusted person could be regarded as a Certifying Authority. Any public key certificates bearing the Certifying Authority’s signature could be trusted as truly belonging to the person to whom they appear to belong to.

Compromised Passphrase and Public key cryptography

• Dont use obvious passphrases that can be easily guessed, such as the names of your kids or spouse.

• Use spaces and a combination of numbers and letters in your passphrase. If you make your passphrase a single word, it can be easily guessed by having a computer try all the words in the dictionary until it finds your password. That’s why a passphrase is so much better than a password. A more sophisticated attacker may have his computer scan a book of famous quotations to find your passphrase.

• Be creative. Use an easy to remember but hard to guess passphrase; you can easily construct one by using some creatively nonsensical sayings or obscure literary quotes.

Exposure on Multiuser system

• PGP was originally designed for a single-user PC under your direct physical control. If you run PGP at home on your own PC, your encrypted files are generally safe , unless someone breaks into your house, steals your PC and persuades you to give them your passphrase (or your passphrase is simple enough to guess).

• PGP is not designed to protect your data while it is in plaintext form on a compromised system. Nor can it prevent an intruder from using sophisticated measures to read your private key while it is being used. You will just have to recognize these risks on multiuser systems, and adjust your expectations and behavior accordingly.

Conclusion An expensive and formidable cryptanalytic

attack could possibly be mounted by someone with vast supercomputer resources, such as a government intelligence agency. They might crack your public key by using some new secret mathematical breakthrough.There can be no absolute security guarantees in practical cryptographic implementations. Still, some optimism seems justified. The public key algorithms, message digest algorithms, and block ciphers used in PGP. Method explained is simple to understand and easy to Debug.

Thank Thank youyou

Thank Thank youyou

QueriesQueriesQueriesQueries