Skip to main content
Skip table of contents

Introduction to Cryptography

Cryptography is the practice of secure communication between two parties in the presence of adversaries.

The history of cryptography is as old as the history of man. There has always been a need for securing messages between two communicating parties. While in the past, the methods used have been based on simple mathematics like letter substitution, shifting; more modern techniques make use of complex mathematical algorithms.

The advent of computing machinery has led to a more widespread need for secure communication between parties. Thus in a more modern sense, cryptography is the study of protocols used to overcome the influence of adversaries. Cryptography is strongly related to the various aspects of information security such as confidentiality, integrity, availability and non-repudiation. A system that facilitates the implementation of a cryptographic protocol is often referred to as a cryptosystem.

Symmetric Cryptography

If within a cryptosystem, the key used for encryption and decryption is the same, the system is referred to as a symmetric cryptosystem and the study of such as system is referred to as symmetric cryptography. There are several symmetric cryptosystems in use today and these are the easiest to understand and implement.

The disadvantage of symmetric crypto systems is the key management of symmetric keys. In order to begin communication, the parties need to exchange the data necessary for establishing a secure key management process. This can be difficult if parties are dispersed over large geographic areas. Thus a person in Europe may have difficulty exchanging information securely with a person in the Americas as it would be difficult to create a secure channel between the two parties to exchange the required information. The solutions to key management are often insecure and expensive and subject to attack by adversaries. Methods employed include the use of secure post (subject to interception), the use of secure couriers (subject to compromise). Another disadvantage of symmetric cryptography is the difficulty in using them for multi-party communication. If the private key in one party is compromised, the entire system is compromised. It can also be difficult to have an awareness if the private key has compromised and by which party. Commonly used symmetric cryptography algorithms are AES (Advanced Encryption Standard), DES (Data Encryption Standard).

Asymmetric Cryptography

Asymmetric cryptography is a form of cryptography where keys come in pairs. One key performs the forward function while the other key performs the reverse function. Thus the reason the cryptography is asymmetric is because it cannot be reversed; that is the forward key cannot be used for the reverse function and vice versa. Asymmetric cryptography is based on the mathematical concept of one-way functions or functions that are not mathematically reversible. An analogy for asymmetric cryptography is a door that has two keys; one to lock it and the other one to unlock it. Thus is it possible to create many public copies of the key to lock the door while keeping only one key to unlock it. It is for the reason that one key can be made public that this crypto system is also known as Public Key Cryptography and a system implementing public key cryptography is a Public Key Crypto System (PKCS), since users typically create a matching key pair, and make one public while keeping the other secret. A simple example of a cryptographic system that makes use of asymmetric cryptography is for encryption. Users can send secret messages by encrypting a message with the recipient's public key. In this case, only the intended recipient can decrypt the message, since only that user should have access to the required secret key. The key to successful use of asymmetric encryption is a key management system, which implements a Public Key Infrastructure. Without this, it is difficult to establish the reliability of public keys, or even to conveniently find suitable ones.

Public Key Certificates

A public key certificate is a digital document that binds a public key to an identity using a digital signature. The creation of public key certificates is performed by trusted entities that verify the identity of the public key certificate requestor and subsequently sign the public key thus rendering the certificate. Public key certificates are also referred to as digital certificates, X.509 certificates or simply certificates.

Hardware Security Module (HSM)

A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. 

An HSM is trusted because it:

  • Is built on top of specialized hardware. The hardware is well-tested and certified in special laboratories. 

  • Has a security-focused OS.

  • Has limited access via a network interface that is strictly controlled by internal rules.

  • Actively hides and protects cryptographic material and operations.

An HSM has special hardware that uses a physical process to create a good source of randomness (entropy) that in turn is used to generate good quality and “perfectly” random keys.

An HSM can have very good performance. While cryptography performed on an ordinary server typically achieves a performance of a few hundred signatures per second, some HSMs can do thousands of signatures per second. It performs a small number of tasks, but does so very efficiently because it’s designed and optimized for such tasks.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close