Cryptography Eleborate

Most people have a vague idea how symmetrical encryption works: A message is made unreadable with the help of a key, e.g., a number unknown to outsiders. Only those who know the key are able to make the text readable again. Thus, it is important to make the key only available to those who should have access to the message. Passwords and “your personal secret code" work with methods of this type. As encryption and decryption work with the same key, we call these methods symmetrical.

An important problem of symmetrical encryption methods is: If one cannot send the message to the recipient without fearing it may be intercepted (that’s the reason why we encrypt it in the first place), how do we get the key undetected to the recipient? (This is called the “key exchange” problem.) Of course: One can meet ahead of time and agree on a key for every day of the coming year. Or one can send the keys for the next 100 e-mail messages in a letter. But these are complicated ways, and the administration and secret storage of all these keys is then another problem.

In the 1970s, mathematicians discovered the possibility of asymmetrical cryptography:

	a)	Encryption and decryption are done with the help of a key pair, not a single key.
	b)	One key of the key pair encrypts the message, which can only be decrypted by the other key of the key pair, and by no other key. (As we use different keys for encryption and decryption, we call this method asymmetrical.)
	c)	That also works in reverse: What the second key has encrypted can only be decrypted by the first.
	d)	Interestingly enough, one cannot decrypt the message with the key that encrypted it, one needs the other key.
	e)	One cannot compute one key from the knowledge of the other. (For all practical purposes, that is true. Theoretically it is possible; and cryptographers will tell you things such as: Provided one could use all the computing power of the whole planet, one would need the time equivalent to the age of the universe (or so) to compute the other key, given the mathematical algorithms known today. But even if they were mistaken, and it took only half the age of the universe or a hundredth of that time--for all practical purposes there is no way to get the other key from the knowledge of the first.)

This opens up the following possibility: I generate such a key pair for myself. I send one of the keys (which will be my "public" key from now on) to everyone who wants to send me an encrypted message. Whoever wants to send me a message, uses this key for the encryption. I can send this key openly through the Internet or on postcards. I can also deposit this key at a publicly accessible place, e.g. on a "key server" on the Internet, with the instruction: "Hi, this is my public key. Whoever wants to send me a secret message, please use this key." But I keep the other key of the key pair strictly to myself, STRICTLY TO MYSELF. This is my "private" or "secret" key.

When someone wants to send me a secret message, he (she) uses my public key for encryption and sends it to me; as only the owner of the secret key is able to decrypt it, only I can read it; it does not matter that my public key is public knowledge. People who have never seen me or met me or whom I do not know can send me such a message, because a secret key exchange is not necessary. They just have to get my public key somehow. (Caution: Not even the sender of such a message is able to decrypt it; the sender may want to make a copy for himself *before* the encryption takes place.) This way, the problem of the key exchange is solved.

Asymmetric cryptography also opens the possibility of signing messages cryptographically or, as it is sometimes called, "electronically" or “digitally”:

Usually, when we get an email, we trust that the person named as the sender actually sent the e-mail. But any hacker worth his money is able to forge the sender's e-mail address. Asymmetric encryption enables us to do the following:

	a)	in plain text,
	b)	encrypted, and this time encrypted with my "secret" (!) key. (Just as a reminder: The encrypted form of this message can only be decrypted with my public key.)

To check if this message is from me, people have to take my public key and decrypt the encrypted message with it. If

	a)	the decrypted message is the same as the plain text message, both messages have to be from me, because only the owner of my secret key (and that is I) has the means to encrypt something that can be read with my public key. Thus, the sender of the message is authenticated.
	b)	If it had been encrypted by another key, a "decryption" with my public key would only result in gibberish. The message is not authenticated.

Thus, a hacker can send a message to my bank, saying, "Please transfer $100,000.00" to John Smith (John Smith being the hacker, of course). But (unless the hacker has been able to hack my secret key beforehand), the hacker would not be able to encrypt this message in a way that, decrypted with my public key, it says the same.

	a)	One writes a message.
	b)	One encrypts this message with one's own private key.
	c)	One takes the results of (a) and (b), combines them in one message, and encrypts the resulting package with the public key of the recipient.
	d)	This is sent to the recipient
	e)	The recipient decrypts the message with his/her secret key and gets (a) and (b)
	f)	The recipient uses the public key of the sender, decrypts (b) and checks if (a) and (b) are the same. If yes,
	g)	Bingo!

If you want to know what you are doing while using public-key cryptography, you do not have to know more than discussed in 1. through 4. The computer reliably does the rest. However, some details are worth mentioning:

There are a number of asymmetrical or public-key encryption methods (which are based on mathematically closely related principles). There are

	•	RSA (named after Rivest, Shamir, Adleman, the inventors -- or discoverers?),
	•	DH (Diffie-Hellman),
	•	ElGamal;
	•	there are some more.

In practical public-key cryptography, symmetrical and asymmetrical methods are used in combination. It works like this:

	a)	Alice wants to send a secret message to Bob. Alice chooses a symmetrical encryption method, e.g, AES, a symmetrical encryption method, with a key length of 128 bits.
	b)	Alice's Computer has a random number generator that generates the AES key of 128 bits.
	c)	Alice encrypts her message using the AES encryption algorithm with the key generated by her computer She uses this key only for this one time.
	d)	Alice encrypts the AES key (and the information that she used AES) with Bob's asymmetrical public key (e.g., an RSA key with a length of 1024 bits).
	e)	Alice puts the AES encrypted message and the asymmetrically encrypted message with the AES key in a data packet and sends it to Bob.
	f)	Bob uses his asymmetrical secret key to get the 128-bit AES key that Alice had used for the message.
	g)	Bob uses the 128-bit AES key to decrypt Alice's original message.

	a)	DES (meanwhile, 2005, outdated and insecure: It takes 3 hours to crack a DES message)
	b)	RC4 (with a 40-bit key: insecure. There is a screensaver by Schneier on the Internet that you can freely download that cracks other people's RC4 messages for you while you are on your coffee break. It takes a total computing time of about a week or so to crack this key)
	c)	Triple-DES
	d)	AES (another name for this method is "Rijndael") with different key lengths, e.g., AES- 128, AES-192, AES-256
	e)	Blowfish
	f)	Twofish
	g)	CAST5
	h)	IDEA (there is a patent on IDEA, which is the reason why it is not used very often)

The methods from Triple-DES on (including Triple-DES) are considered safe at this time.

The longer a key, the safer it is, i.e., the more computing power and time one needs to crack the encryption. Symmetrical and asymmetrical keys have very different key lengths to provide the same amount of security:

Equivalence: A symmetrical key of 128 bits corresponds to roughly an asymmetrical key of 2304 bits key length.

Thus, if someone claims that a key length of 256 is safe (or unsafe), one has to clarify if it is the key of a symmetrical or asymmetrical method.

Hash functions condense a message of any length into a definite single number of fixed length. Sometimes this resulting hash number is called a "message digest." The idea is that knowing the hash number does not give anyone any hint regarding the original message and that a slightly modified message, e.g., by adding just a blank space anywhere in the text, will result in a totally different hash number. Whoever has the hash number has no way (within a reasonable amount of time) to find a reasonable message that corresponds to this number, but whoever has the original message can compute the corresponding hash value easily. If two people want to know if two messages they have are the same, they can, instead of comparing the messages themselves, calculate the hash numbers of these messages: if the hash numbers are the same, it is very, very, very unlikely that the messages are different.

In practical applications, the above-mentioned cryptographic signatures use such a hash number.

	a)	MD (stands for Message Digest) in the variants MD 2, MD4, MD 5 (all these are meanwhile not considered a hundred per cent safe any more), but MD-5 is frequently used.
	b)	SHA (Secure Hash Algorithm), in the versions SHA, SHA-1, SHA-2 256, SHA-2 384, SHA-2 512 (SHA and SHA-1 are also not considered 100% safe any more)
	c)	RIPEMD-160 (developed by the European Union).
	d)	There may be others

As far as I know, there are currently two camps which, although they use the same encryption methods, use different implementations: the PGP standard und the X.509 certificate standard.

PGP stands for "Pretty Good Privacy". The developers of PGP had a sense of mission and made the PGP programs publicly accessible from the very beginning (also outside the U.S.), as they felt that everyone had the right to privacy. Non-commercial users could even download the PGP programs for free and only commercial users had to license them. One of the key figures was Phil Zimmermann, who propagated this standard in the 1990s. He got into a long and expensive legal struggle with the US federal government. The US government was of the opinion that encryption was of high military importance, and that someone who distributes encryption methods, especially outside the U.S., is to be treated like an illegal arms dealer. The U.S. government finally dropped the charges against Phil Zimmermann, but only after Phil had incurred high costs for his legal defense. He became a hero of the privacy movement.

From the very beginning, PGP developers published the source code of the core encryption software and have not claimed a copyright for it. (However, specific applications that use this basic encryption software are copyrighted.) This has led to a "PGP community", and other programs were developed that use the same encryption standard and that, at least theoretically, can all exchange secret messages with each other (There can be incompatibilities with certain methods due to minor variations). Such other programs are, among others, OpenPGP and GPG (also called GnuPG). The commercial version of PGP has changed hands a number of times and is owned today by the PGP Corporation. Their newest version is PGP 9.0. Private users can use a slightly limited version for free (download it from www.PGP.com); those who want full functionality or are commercial users have to buy the program. GPG and OpenPGP are available in public license, i.e., one can use these programs commercially or non-commercially without charge.

X.509 is a standard of the computer industry. A X.509 certificate basically is a public key that is guaranteed by a certificate authority, i.e., certificate authorities issue these certificates and guarantee that the certificate's owner (to be more exact: the owner of the corresponding private key) is really the one the certificate says he/she is. Internet browsers (Microsoft's Internet Explorer, Netscape, and others), some e-mail-programs, and other programs can work with these certificates. The certificates use the same encryption methods as PGP, but the data formats are different. Programs that work with PGP keys cannot (i.e., not without a special "translation") work with X.509 certificates and vice versa. PGP 9.0, however, is able to use X.509 certificates; this is one of its new features.

PGP and X.509 standards are in competition in the field of e-mails and messaging; it is not clear at the moment which one (or none or both?) will prevail in the end.

This application uses the PGP standard. It should be capable of exchanging messages with the other PGP programs (e.g., GPG, OpenPGP, PGP 9.0 and its previous versions), but this has not been extensively tested. This application uses the GPG-Program as its encryption/decryption core. As far as I know, it contains no component that is copyright protected for commercial or non-commercial use.

Bruce Schneier: Applied Cryptography. Protocols, Algorithm, and Source Code in C (2nd ed). New York: Wiley, 1996 (about US-$ 60) is a wonderful and not too difficult to read introduction (in fact, more than just an introduction).