Certificates and Security, Part 2

Published on March 17, 2023 at 2:36 pm by LEW

Introduction

In the last post we talked about encryption. Specifically we addressed symmetrical and asymmetrical encryption, along with PGP public/private keys. But we did not really get into the math, which can be quite complicated.

In this post I wanted to take a look at the math involved. This will of course be at a fairly high level, as it can get fairy complicated fairy quickly. And the main purpose is to demonstrate a method to the madness, not garner a degree in mathematics.

RSA Encryption

Ron Rivest, Adi Shamir, and Leonard Adleman developed the RSA asymmetrical encryption technique that relies on public and private keys. So we need to discuss creating the keys. Remember these steps are simplified, and I will be using somewhat standard notation.

  1. Start by picking two large prime numbers, which we will call p and q.
  2. Now we find the product of p and q, which we call n (p * q = n).
  3. Now we need to find the Carmichael function for n or  ʎ(n). This should be equal to the least common multiple of p-1 and q-1.
  4. Next we need to find a coprime of ʎ(n), which we call e, such that 1 < e < ʎ(n).
  5. We then need to determine the modular congruence of d, such that 1 = (e * d) mod ʎ(n).

After all this we can say that d is our private key and e is our public key. Easy, right? And we have not even talked about how the keys are used to encrypt/decrypt messages (more math stuff).

AES Encryption

Advanced Encryption Standard (AES) is a symmetrical block cypher. This cipher works on blocks of data, putting them through several transformations. Since this is a symmetrical cipher, the same key is used to encrypt as well as decrypt. To grossly oversimplify;

  1. A round key is created from the cipher key.
  2. Each byte of the block matrix is combined with the rounded cipher using bitwise xor.
  3. This is followed up by multiple rounds of subbite operations, row shifts, and mixcolumns.

Needless to say the output is well scrambled.

Key Size

Not counting any flaws in the various encryption algorithms (and there are many of them out there, and they all probably have some flaws or weaknesses) the larger the encryption key the longer it takes to crack it via brute force. This is where you hear terms like 128 bit or 256 bit encryption. However there is a trade off between size and computational power needed.

When people talk about key sizes of 256 or less they are usually referring to symmetrical encryption. If people talk about bit sizes in the thousands (like 2048 for example) they are usually talking about asymmetrical encryption.

Both types of encryption are used in today’s networking environment.

Conclusion

In this post we had a brief discussion about a couple of common cryptographic suits. This was mainly to reinforce that there is some method behind all the madness.

In the next post we will walk through a standard secure communication session between a browser and a server. In this way we will have a better understanding of what types of security are used when and why they are used.

Certificates and Security, Part 1

Certificates and Security, Part 2

SharePin It!

Add New Comment

Your email address will not be published. Required fields are marked *