# Cryptography

## Table of Contents

- Introduction
- Types of Cryptography
- Ciphers
- Key Exchange
- Hashing
- Digital Signatures
- Digital Certificates and Certificate Revocation (OCSP and CRL)
- PGP
- Perfect Forward Secrecy
- Resources

## Introduction

- Cryptology is the scientific study of Cryptography and Cryptanalysis.
- Cryptography is the practice and study of techniques for secure communication in the presence of third parties called adversaries.
- Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown.
- 7 Cryptography Concepts EVERY Developer Should Know
- Security Pitfalls in Cryptography
- Why Cryptography Is Harder Than It Looks

## Types of Cryptography

## Ciphers

### Feistel

- Feistel Cipher
- Modes of Operation
- EXTRA BITS: Feistel Modes of Operation Code
- Securing Stream Ciphers (HMAC)

### AES

- AES: Advanced Encryption Standard
- Block size: 128 bits
- Key size: 128, 192 or 256 bits
- No. of rounds: 10, 12 and 14 rounds for 128, 192 and 256 bits key size respectively)
- SP Networks
- Rinjdael algorithm (the base of AES)
- AES Explained
- 128 Bit or 256 Bit Encryption?
- In depth working of AES (Hindi)

### DES, 2DES, 3DES

- DES: Data Encryption Standard
- Block size: 64 bits
- Key size: 56 bits (64 bits in reality)
- The 64 bit key is made of eight chunks of eight bits each. The eighth bit in each chunk is a parity bit (and is thus discarded).
**So, the actual key length is 64 - 8 = 56.**

- The 64 bit key is made of eight chunks of eight bits each. The eighth bit in each chunk is a parity bit (and is thus discarded).
- No. of rounds: 16
- Prerequisite
- Hindi
- English
- http://wesecure.net/learn/index.html

### Blowfish

- Block size: 64 bits (Twofish has a block size of 128 bits.)
- Key size: 32 to 448 bits (The default is 128 bits.)
- No. of rounds: 16
- Blowfish Explained

### RC5

- RC: Rivest/Ron’s Cipher
- Block size: 32, 64 or 128 bits
- Key size: 0 to 2040 bits
- No. of rounds: 0 to 255

## Key Exchange

### Diffie-Hellman

- Key exchange algorithm
- End to End Encryption (E2EE)
- Secret Key Exchange (Diffie-Hellman)
- Diffie-Hellman - the Mathematics bit
- Key Exchange Problems (includes explanation on RSA)
- Elliptic Curves
- Elliptic Curve Back Door
- ‘Ephemeral’ means ‘something that is short lasting’.
- ECDH = Elliptic Curve Diffie-Hellman
- ECDH in SSH
- Perfect Forward Secrecy (FS or PFS)

## Hashing

### SHA

- Secure Hashing Algorithm
- SHA
- SHA1 Problems

## Digital Signatures

- Help in establishing message integrity, i.e., proving that a particular person/origin sent the data.
- Message Authentication Codes (MACs) are symmetric key protocols, while Digital Signatures are asymmetric/public key protocols.
- What are Digital Signatures?
- Digital Signatures: What They Are & How They Work
- Digital Signatures

## Digital Certificates and Certificate Revocation (OCSP and CRL)

- SSL/TLS Certificates
- Compressing Certificates in TLS
- Certificate Revocation Techniques (CRL, OCSP, OCSP Stapling)
- Shared vs Private SSL/TLS Certificates
- The SSL Certificate Issuer Field is a Lie (Credits)
- No More Extended Validation Certificate Overhead from Chrome 106
- Revocation checking and Google Chrome CRLSet
- Revocation Doesn’t Work
- The Impact of SSL Certificate Revocation on Web Performance
- A no-bull technical guide to EV HTTPS
- PKI information and X.509 certificate extensions

## PGP

- PGP: Pretty Good Privacy
- OpenPGP
- Standard for PGP software

- GPG/GnuPG: GNU Privacy Guard
- Tool to use PGP
- GNU: GNU’s Not Unix

- Provides
- Authentication (using the Web of Trust - importing the receiver’s public key into the sender’s key ring)
- Confidentiality (using a combo of symmetric/conventional and asymmetric key cryptography)

- Used for signing, encrypting and decrypting e-mails, files, directories, disks, etc.
- It uses the decentralized ‘Web of Trust’ to verify the identity of users. (Key rings and graphs)
- Intro to PGP
- PGP and GPG difference
- PGP and the Web of Trust
- A Pretty Good Introduction to Pretty Good Privacy
- End-to-End Encryption in the Browser Impossible?
- OpenPGP, PGP, and GPG: What is the Difference?
- Security basics with GPG, OpenSSH, OpenSSL and Keybase
- Creating the Perfect GPG Keypair
- Does OpenPGP key expiration add to security?
- Very good answer for understanding expiry date shenanigans of subkeys and the secret (private) key, and about the revocation certificate.

- How To Use GPG to Encrypt and Sign Messages
- Digitally Signing and Encrypting Messages
- Guidelines for strong passwords
- Why should one not use the same asymmetric key for encryption as they do for signing?
- Exercise: Sending an Encrypted and Signed e-mail

## Perfect Forward Secrecy

- PFS or FS: Perfect Forward Secrecy
- Wikipedia: Perfect Forward Secrecy
- Perfect Forward Secrecy (PFS) in TLS
- The Heartbleed Bug
- The Logjam TLS attack: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice (weakdh.org)
- More about TLS