Encryption and Digital Certificate

  • Encryption is used to secure the plain text (information) in the form of ciphertext (mixed text). Ciphertext is the product of this is an encryption algorithm for the product.
  • This form of encryption is done usually for transmitting data over internet or the network. This encryption is done to secure the information that is transmitted from one system to another system. 
  • When the ciphertext is received at the another end of the transmission in the network. It is decrypted using the key. The decryption algorithm and key produce the plaintext again. 

Condition for transmission of data using 

  • The decrypted data should only be accessed by the receiver using the algorithm for encryption of the data transferred. 
  • This text can be decrypted only using a key that is used during encryption.Therefore, the receiver must be certain of who sent the ciphertext. This is to acknowledge that the receiver is not an authorized person. 
  • The ciphertext should not be modified during the process of transmission. Otherwise the security key would not work. If the ciphertext is modified then there might occur accidental corruption of data during transmission.

Encryption Methods

The encryption principle is simple, sender uses encryption to encrypt plain text into ciphertext and receiver uses the decryption key to decrypt the data/information. However, the encryption key is not always the same for both sender and receiver. Hence, here are some encryption methods;

Symmetric encryption

  • In symmetric encryption, the key of sender and receiver is same. Both uses same encryption key which should not be shared in public. However, the encryption algorithm must be shared in public. 

There needs to be a secure way to provide the encryption key for the sender and receiver. 

Asymmetric Encryption

  • In asymmetric encryption, the key between sender and receiver is different. One key is for encryption and another key for decryption. Only one of these is secret. 
  • The condition for the secure communication between sender and receiver is different than the symmetrical encryption. A public key is shared by the receiver to the sender. Through that public key, the message of the sender is encrypted. Hence, there is a matching private key for the public key that is sent to the sender. 
  • In the asymmetric encryption, the process starts with the receiver providing the key to the sender. 
  • In the circumstance, where there is both way communication, both networks need to have a private and public key. 

Note:

  •  The encryption algorithm should be complex
  • The encryption key must be large in number. 

This is to ensure maximum security. Otherwise, there is high risk that the encryption could be broken easily. 

Digital Signature

Digital Signature

Just like handwritten signatures, digital Signature is to authenticate that the document/ information that is transmitted is send by the claimed sender. 

It helps in verifying that the information shared is from the claimed sender. It acts as a proof that the document is not forged because the digital signature system is tremendously difficult to breach during transmission. Therefore, sender cannot deny having the message sent. 

Process for Making a Digital Signature in document

  • Using a hashing algorithm/ software, a sender’s document is hashed to create a digest. 
  • Digest: a computer generated number that is used to identify the document. The process for hashing the algorithm is one way. Therefore, with the digest number, one cannot identify what the document is about.

However, with the document, you can generate the same digest using the same software. For example, a commonly used hashing algorithm is SHA256. 

  • The software uses complex mathematical calculation to create the digest. This is a one way process, therefore it cannot be reversed. Therefore, one cannot know about what is in the document by just the digest. 
  • The digest is then encrypted using a private key from an asymmetric encryption system to ensure the digest number is within the sender and the receiver.
  • The public key is shared with the receiver. This key can be shared in a public domain such as the web or the internet to fetch. 
  • With the public key, the document is then decrypted for the digest value. 
  • The document is then again put in the same hashing algorithm (SHA256) to check if the hashing value matches with the given value. This is to ensure that the document is sent from the claimed sender.
  • If the hashing value from the document matches with the given value, then the document is from the claimed sender. If it does not match, then the document is forged or changes have been made. 

Note: Even the slightest changes in the document changes the hashing value. 

Note: This might ensure that the document is not forged, however it does not authenticate the identity of the sender.

Digital Certificate

To ensure the strong authenticity of the sender. 

  • The sender can apply for digital certificate to a well known organization from certification authority such as (Verisign, Global Sign, Symantec). In the process, the sender has to give various details for verifying the identity. There are various stages for identification of the sender.
  • As a part of the process for application, the sender provides a public key to the organization from the asymmetric encryption that the computer generates. 
  • The certification authority then gives the sender a digital certificate denoting the identity of the claimed sender is true. This certificate includes the identity of the sender and the certification authority along with expiry date. 
  • Then, in the process of sending a document along with digital signature, the sender can also attach a digital certificate. This signifies that the certificate is from the claimed sender. 
  • The receiver then can inspect the certificate for trusting the sender with a public key, that is guaranteed from the certification authority. 

Leave a Comment

Your email address will not be published. Required fields are marked *