It's been 3 weeks that I started developing WarShield, a file encryption CLI. So I wanted to tell you everything important I know today about cryptography.

Keys (passwords) in cryptography

In case you want to encrypt your data, it's good to be able to decrypt it too: that's why you use a key, more commonly named as password.

Keys in cryptography are grouped in two categories:

Symmetric-key cryptography

Public-key cryptography, also called as asymmetric-key cryptography

Symmetric-key cryptography algorithms uses only one key to encrypt and decrypt a value, unlike public-key cryptography algorithms that uses a "public key" to encrypt and a "private key" to decrypt.



Image credits: SSL2Buy

Those keys must be exactly the same length as required by the encryption algorithm. For instance, an algorithm like AES-256-GCM require a 128 bit key (32 characters), GCM being the "mode of operation" that define how the algorithm works to provide additional informations like authenticity.

But don't worry, you don't need to have 32 characters passwords, event though it would be secure. You can (and must) hash your keys to provide a secure and well sized key.

Random and authenticity

If you encrypt multiple values with the same key, the outputs would leak some informations about your key. Which you don't want for security reasons. A great way to secure your encrypted values is to make them fully random. And here you have: the Initialization Vector.

Initialization Vector (IV)

This technique is basically a way to mix your key with another value, best being a random value.

It's size depends on the defined encrypting algorithm mode of operation and must be given manually. It's not generated by the algorithm.

Authentication and integrity

Maybe you heard about MD5 algorithm to check if your downloaded file contain all the wanted data? Well, it's called integrity. It ensure that your data is exactly the one you want.

Authentication involve integrity and make sure that your data has been encrypted by a specific entity (for instance, a computer). It's a way to ensure the non-repudiation of data, in clear, it's mean to be sure that the data isn't falsified. An authentification value is called a Tag or a MAC (Message Authentication Code).

The most used integrity algorithms are SHA1 and MD5. For authentication algorithms it's HMAC, checksum and CMAC. There is bunch of others algorithms but here's the main ones.



Image credits: Wikipedia

And... That's it! There is nothing more to say about the basics of cryptography. Sure I could talk about different encryption algorithms but I find it useless in this case.

I will learn more and more about cryptography, improve my projects and maybe my own security. Hope that you learned too about cryptography 😄