quarta-feira, 20 de outubro de 2021

Security 1 - Symmetric and asymmetric cryptography

Message cryptography can be approach by using a symmetric or an asymmetric encryption model.

This are quite different and complementary approaches, in the first one there is a single key that allows to encrypt and decrypt the data in the message to be encrypted.

On the second method there two different keys: a public key and private key. Data encrypted with a private key can be decrypted with any public key. On the other hand data encrypted with a public key can only be decrypted with a private key which is unique.


Symmetric cryptography

  • There is a single key cypher that is shared between all sender and receivers (or for what it matters shared among server and client).
  • The same key cypher is used to encrypt and decrypt the messages.
  • This approach is used to do the actual data exchange on a client server model as it allows better performance.





Asymmetric cryptography

  • A message  cyphered using a public key and can only be deciphered and read by the owner of a private key  
  • A message cyphered using a private key can be deciphered and read by anyone with a public key
  • Public keys are distribute to everyone to whom we want to establish an encrypted communication channel - these would be the clients
  • Private keys are held only by one entity - normally the server
  • Certificates are based on a model of asymmetric key - a private and a public key
  • Asymmetric is slower and normally used for Authentication and Key exchange
  • It is computationally infeasible to compute the private key based on the public key.



  • A sender with a single private key can communicate to various recipients
  • Anyone owning a public certificate that intercepts the message!! -> Man in the middle attack -> Hence the use of certificates to be discussed in next blog entry.



Sem comentários:

Enviar um comentário