1 / 9

Basic Cryptography Concepts

Understanding Modern Encryption

Exploring symmetric and asymmetric encryption with real-world applications

šŸ” Symmetric Encryption

AES and shared key systems

šŸ”‘ Asymmetric Encryption

Public-private key pairs

šŸŒ Real-World Examples

SSH, PKI, and TLS/SSL

What is Cryptography?

Basic Encryption Process

šŸ“„ Plaintext
"Hello World"
šŸ”
šŸ”‘ Key
Secret Key
ā†’
šŸ”’ Ciphertext
"X7#$mK9@1z"
šŸ”“
šŸ“„ Plaintext
"Hello World"

Confidentiality

Ensuring data is only readable by authorized parties

Integrity

Verifying data hasn't been tampered with

Authentication

Confirming the identity of communicating parties

Symmetric Encryption

One Key for Both Encryption and Decryption

Symmetric Encryption Diagram

šŸ‘¤ Alice
šŸ”‘ K
Shared Key
šŸ“¤
šŸ” Encrypted
E(K, message)
Secure Channel
šŸ“„
šŸ‘¤ Bob
šŸ”‘ K
Same Key

Both parties must have the same secret key

āœ… Advantages

ā€¢ Fast encryption/decryption
ā€¢ Low computational overhead
ā€¢ Efficient for large data

āŒ Challenges

ā€¢ Key distribution problem
ā€¢ Key management complexity
ā€¢ Scalability issues

AES (Advanced Encryption Standard)

The Gold Standard of Symmetric Encryption

AES Block Cipher Process

šŸ“„ Input
128-bit block
"Hello World....."
+
šŸ”‘ Key
128/192/256-bit
AES Key
ā†’
āš™ļø Rounds
10/12/14 rounds
SubBytes, ShiftRows, MixColumns
ā†’
šŸ”’ Output
128-bit block
Encrypted data

Key Sizes

ā€¢ AES-128: 128-bit key
ā€¢ AES-192: 192-bit key
ā€¢ AES-256: 256-bit key

Applications

ā€¢ File encryption
ā€¢ Database encryption
ā€¢ VPN tunnels
ā€¢ WiFi security (WPA2/3)

Security

ā€¢ NIST approved
ā€¢ Quantum resistant (larger keys)
ā€¢ No known practical attacks

Asymmetric Encryption

Public-Private Key Pairs

Asymmetric Encryption Process

šŸ‘¤ Alice
šŸ”“ Public
šŸ” Private
šŸ“¤
šŸŒ Public Directory
šŸ”“ Alice's Public Key
Anyone can access
šŸ“„
šŸ‘¤ Bob
Encrypts with
šŸ”“ Alice's Public
šŸ”’ Encrypted Message
Only Alice can decrypt
šŸ“¤
šŸ‘¤ Alice
Decrypts with
šŸ” Private Key
Advantages
Disadvantages
ā€¢ No key distribution problem
ā€¢ Scalable
ā€¢ Digital signatures
ā€¢ Key exchange
ā€¢ Slower than symmetric
ā€¢ Higher computational cost
ā€¢ Larger key sizes needed

Diffie-Hellman Key Exchange

Securely Sharing Keys Over Insecure Channels

The Color Mixing Analogy

šŸŽØ Public Color
Yellow
(Known to everyone)
šŸ‘¤ Alice
šŸ”“ Red (secret)
šŸŸ” + šŸ”“ = šŸŸ 
Sends Orange
āŸ·
šŸ‘¤ Bob
šŸ”µ Blue (secret)
šŸŸ” + šŸ”µ = šŸŸ¢
Sends Green
šŸ‘¤ Alice
šŸŸ¢ + šŸ”“ = šŸŸ¤
Final shared color
šŸ¤
šŸ‘¤ Bob
šŸŸ  + šŸ”µ = šŸŸ¤
Same shared color!
Mathematical Formula:
g^(aƗb) mod p = g^(bƗa) mod p

TLS/SSL in Action

Hybrid Encryption System

TLS Handshake Process

1. Client Hello

Supported protocols

2. Server Hello

Certificate + chosen protocol

3. Key Exchange

Diffie-Hellman or RSA

4. Secure Channel

AES symmetric encryption

šŸŒ Browser
RSA Public
Encrypts session key
šŸ”
šŸ“” Server
RSA Private
Decrypts session key
ā†’
šŸ”„ Both
AES Session Key
Fast symmetric encryption

Why Hybrid?

Combines the key distribution advantages of asymmetric encryption with the speed of symmetric encryption

Real-World Usage

ā€¢ HTTPS websites
ā€¢ Email encryption
ā€¢ VPN connections
ā€¢ API security

SSH (Secure Shell)

Secure Remote Access

SSH Connection Process

1. Connection

Client connects to server

2. Key Exchange

Diffie-Hellman protocol

3. Authentication

Password or key-based

4. Encrypted Session

AES symmetric encryption

šŸ’» Client
Private Key
~/.ssh/id_rsa
šŸ”
šŸ”’ SSH Protocol
Encrypted tunnel
Port 22
šŸ”“
šŸ–„ļø Server
Public Key
~/.ssh/authorized_keys

SSH Key Authentication

ā€¢ Generate public/private key pair
ā€¢ Install public key on server
ā€¢ Use private key for authentication
ā€¢ No password needed

Security Benefits

ā€¢ Encrypted communication
ā€¢ Strong authentication
ā€¢ Port forwarding/tunneling
ā€¢ File transfer (SCP/SFTP)

PKI (Public Key Infrastructure)

Trust and Certificate Management

Root CA

šŸ›ļø Trusted Authority

ā¬‡ļø

Intermediate CA

šŸ”— Chain of Trust

ā¬‡ļø

End Entity

šŸ“„ Digital Certificate

Digital Certificates

ā€¢ Bind public keys to identities
ā€¢ Signed by trusted CA
ā€¢ Include validity periods
ā€¢ Enable trust verification

PKI Applications

ā€¢ HTTPS/TLS certificates
ā€¢ Email signing (S/MIME)
ā€¢ Code signing
ā€¢ VPN authentication
ā€¢ Smart card authentication

Certificate Lifecycle

ā€¢ Generation
ā€¢ Distribution
ā€¢ Validation
ā€¢ Revocation
ā€¢ Renewal