Encryption and Hashing Overview

Question 1

What is PKI?

Answer 1

Public Key Infrastructure (PKI)

Question 2

what is symmetric key encryption algorithm?

Answer 2

Symmetric encryption means that the data is encrypted on one side using a special key, and then encrypted data is sent to another side and that another side decrypts received data using same key. And again.
Main point here is that those keys here on this side and on this side are the same. That’s why this type of encryption is called symmetric encryption.

Question 3

what is the drawback of symmetric encryption?

Answer 3

Any person or any machine that owns this key has ability to decrypt encrypted data and gain access to original data. And that is a drawback of symmetric encryption. And if you want to use it somewhere for encryption of your data, you should take care of key and key should be kept secret and it should not be transferred to any other machines or send to other people.

Question 4

What are some examples of symmetric key encryption algorithms?

Answer 4

DES, 3DES and AES

Question 5

Example of asymmetric key encryption algorithm?

Answer 5

RSA

Question 6

which encryption algorithms are modern and which are obsolete?

Answer 6

DES and 3DES are obselete
RSA and AES are modern

Question 7

why do we need hashing in encryption?

Answer 7

Encryption is usually used for making data unreadable for third party. And of course, this data that is encrypted during transfer over network could be easily changed, compromised or something like that.

And that will lead to situation when receiver will not be able to read original data or will read it with some errors. And that’s where hash comes in.

Question 8

what is hash?

Answer 8

Hash is a fixed length string.

And its length may be 128 bits or 160 bits or 256 bits or something longer.

And this length depends on the algorithm that is used for creation of the hash.

Question 9

Does hashing require a key?

Answer 9

hash functions don’t require any key.

So we take only data, take hash, function and create using this hash function special hash.

Question 10

Explain this diagram about hashing

Answer 10

So what happens here in this diagram, hash function is applied to original data and hash is created.

And after that, data, along with hash are sent over the network to receiver and receiver, receives data and hash separately.

And now receiver takes data applies same hash function as was applied here on this side and creates hash.

And after that this hash and this hash are compared.

And if those hashes match it means for receiver that this data was not changed or was not mutated during transfer over the network.

And that is the purpose of hash.

It verifies integrity of data.

Question 11

In which order does encryption and hashing happen?

Answer 11

Encryption happens before creation of hash

Question 12

examples of hashing algorithms?

Answer 12

MD5, SHA, MAC

Question 13

what is MD5?

Answer 13

MD5 is a hashing algorithm, that creates a fixed length hash of variable length input and output is always 128 bits.

Question 14

what are sha-1, sha-256 and sha-512?

Answer 14

Those numbers are length of the hash.
sha-1 gives a hash of fixed length 160 bits
sha-256 gives hash of fixed length 256 bits
sha-512 gives has of fixed length 512 bits

Question 15

How do you create hash using sha algorithm?

Answer 15

Question 16

what is HMAC ?

Answer 16

HMAC: Data + key = Hash

Question 17

Is HMAC algorithm used alone or in combination with other hash algorithms?

Answer 17

HMAC algorithm may be used standalone, but usually it is used in combination either with MD5 or SHA algorithms.

Question 18

How is HMAC different from other hashing algorithms?

Answer 18

HMAC process adds special secret key into hashing process.
And it means that with Mac algorithm we take not just input data, we also take special secret key or password and utilize it during creation of the hash.

Question 19

How does HMAC provide authentication of the sender of the data?

Answer 19

And with HMAC algorithm, we create hash that is based not just on data but also on secret password or key.

And that means that the other side may create same hash only if it has same secret key, and therefore this algorithm adds additional level of security and it also allows to perform authentication of the sender.

Question 20

What are assymetric keys?

Answer 20

A pair of two keys called private and public
Both keys have same length, but are different keys
Private key is kept secret, only the owner knows the private key
Public key is communicated to the world, available for anyone

Question 21

What can the assymetric keys be used for?

Answer 21

1. Encryption of data - Public key is used for encryption of data, and when the data is received by a receiver, he can decrypt the data using his private key.
2. Hashing using key - The sender who hashes the data signs it using his private key. And the receiver checks the same using the public key

Question 22

Explain encryption using asymmetric keys?

Answer 22

So on this diagram, there is owner of key pair and only this owner knows private key.

Of course, it also knows it’s public key. Public key of this pair can be communicated to anyone in the world.

So let’s suppose that left side wants to send encrypted data to the owner of Private Key.

What does is just following. It takes data and encrypts this data using public key of the owner of this private key. assuming public key was exchanged earlier.

And here we get encrypted data and this encrypted data can be seen by anyone in the world.

But it can only be decrypted by private key. And this private key is owned only by owner of this key pair.

And that means that this encrypted data may be decrypted only by owner of this key pair.

Nobody else could decrypt data.

And if data is successfully sent to the owner of private and public key pair owner could decrypt data using private key.

Question 23

show a diagram of sign and verify signature using asymmetric keys?

Question 24

Exlplain this sign and verify the signature using asymmetric keys?

Answer 24

And owner of Private Key first takes data and creates hash of this data.

And here we could use any hash function that we have discussed before, either MD5 or Sha.

And here owner encrypts this hash using its private key recap that private key is only available for owner.

Nobody else knows this key and after that encrypted hash along with data are sent to another party.

And this another party must be sure that data was sent from the owner of Private Key.

And that’s why it verifies hash in the following way.

It takes data using the same hash function. It creates a hash and decrypts hash that was sent by the owner of Private Key using its public key.

And after that compares those two hashes and if there is a match, this side could be sure that this data was sent only by this party by owner of Private Key because nobody else could create an encrypted hash that could be decrypted by this public key.

Question 25

If those hashes matched, we could be sure that this data was sent exactly by owner of Private Key. What is this process called?

Answer 25

This process is called data signature.

Question 26

what is RSA?

Answer 26

Rivest, Shamir, Adleman It is a public key cryptosystem And RSA is not just a simple protocol. It is actually public key cryptosystem.

Question 27

What can the RSA public key cryptosystem used for?

Answer 27

1. you could create a new keys, private and public. 2. You can create keys of different lengths, you can perform encryption, you can perform decryption, 3. you can sign data and so on.

Question 28

what are the key lengths possible in RSA?

Answer 28

Lengths of RSA Keys is between 1024 and 4096 bits, but primarily 2048 bits are used.

Question 29

when generating new keys, can you just generate private key or just generate a public key?

Answer 29

when you generate a key pair, both keys are generated and you can not regenerate, for example, only public key and leave private key intact. Always key pair is generated as a single entity.

Question 30

What is the most popular key lengths for public and private keys?

Answer 30

2048 bits

Question 31

what is PKI or public key infrastructure?

Answer 31

PKI is public key infrastructure, and PKI is actually a set of different protocols, algorithms, entities and certificates that allows you to perform communication based on certificates , based on trust. And using those trust relations. You could perform encryption of data. You can perform authentication of the server you are communicating with and so on.

Question 32

What are the different elements in PKI?

Answer 32

CA - Certificate Authority

Question 33

What is the role of a CA or Certificate Authority?

Answer 33

Role of certification authority is to either sign certificates or delegate trust to other entities. And those other entities are called intermediate CAs.

Question 34

What is the role of intermediate CAs?

Answer 34

Usually then main responsibility of intermediate CAs is the signature of new certificates that are issued for other entities, for example, for your website.

Question 35

Examples where certificate can be used for?

Answer 35

You can use certificate for SSL encryption, SSL and TLS encryption and secure your website. Or you can use certificate to build VPN virtual private network and send data over VPN tunnel securely and so on.

Question 36

What is the most important information stored in any certificate?

Answer 36

public key of the owner of the certificate

Question 37

Does every entity in the Public Key Infrastructure (PKI) have its own public key?

Answer 37

Yes, every entity in the PKI has its own public key. eg. CA has its own Public key, intermediate CA has its own public key

Question 38

In general , why do we need CAs, and intermediate CAs ? I know they sign certs, but why to sign ?

Answer 38

The goal of Public Key Infrastructure is to make sure that the public key of every entity in the infrastructure is trusted by all other entities in the infrastructure. And for this we need CAs and intermediate CAs.

Question 39

what is PKI and what is RSA?

Answer 39

PKI is public key infrastructure and what is RSA. RSA is a Cryptosystem that is based on asymmetric keys.

Question 40

what is a certificate?

Answer 40

Certificate is digital entity. It is simply a file with some data. Certificate usually includes the below details: 1. Information about the owner of the certificate - like Company name, company address, website and so on. 1.1. Sometime it also includes the serial number of the certificate 2. Information about the entity that signed this certificate - like information about the Certificate authority, or the intermediate CA that has signed this certificate 3. Signature - signature is the encrypted hash, and it is encrypted using the private key. And this signature is what is included in every certificate 3.1 If the certificate was issued by any CA or intermediate CA, that signature is made by that authority 4.

Question 41

How do we build the chain of trust?

Answer 41

1. Based on signatures we can build the chain of trust. 2. If we trust a CA, and if we see a certificate signed by that CA, we can be sure that this certificate is also trusted and we can trust the owner of this certificate.

Question 42

What is the most common thing included in all certificates?

Answer 42

public key of the owner of the certificate

Question 43

what is a self signed certificate?

Answer 43

That is a certificate that is signed by its owner itself And in such case, the signature is made using private key of the owner of certificate and most important information that is stored in each certificate, as we have discussed in the previous lecture, is public key.

Question 44

Will you find the private key of the owner in a certificate?

Answer 44

ou will not find private key because private key must always be kept secret. And of course it is not available in certificate.

Question 45

what is contained in a certificate briefly?

Answer 45

Information about owner of the certificate information about the issuer of the certificate signature that is usually made by the issuer of the certificate Public key of the owner

Question 46

what is the main goal of certificates?

Answer 46

The main goal of certificate is to store public key and based on certificates we can build chains of trust.