- successor of Data Encryption Standard (DES)
- symmetric-key algorithm
- can be accelerated by hardware (like graphics can be accelerated by GPU), supported by instruction set extensions in Intel Core i3/i5/i7, AMD Ryzen CPUs, ARMv8.
- AE: Authenticated Encryption
- AEAD: Authenticated Encryption with Associated Data
AEAD: authenticity (who the sender is) and integrity (the data has not been tampered with) of that data, but not its secrecy
AEAD vs MAC:
- AEAD: encrypts data and ensures the authenticity
- MAC: does not encrypt, but ensures that data is authentic
- MAC: message authentication code. (A.k.a a tag)
- HMAC: hash-based message authentication code, using a cryptographic hash function like SHA-3, which results in a name like HMAC-SHA3-256.
Purpose: confirm (1) the message came from the stated sender (2) the message has not been changed.
Cryptographic hash function
Or Message Digest
- transform a sequence of bits into a fixed sequence of bits.
- a one-way, non-invertible function
Input and output:
- input data: message(any string)
- output: message digest(the hash value).
Methods: (SHA = Secure Hash Algorithm)
- SHA-1 (1995): 160-bit (20-byte). Deprecated. All major browsers stopped accepting SHA-1 SSL certificates by 2017.
- SHA-2 (2001): a family of six hash functions,
SHA-512/256(numbers are num of bits).
- SHA-3 (2015):
- MD5: 128bit, used as a checksum to verify data integrity, but only against unintentional corruption.
SHA-256share the same specification, but use different initial hash values, and the final hash value is truncated to 224 bits for
- similar to
SHA-512/256, except that the final hash value is truncated to 224 bits for SHA-512/224, 256 bits for SHA- 512/256 or 384 bits for SHA-384.
SHA-256is faster on 32-bit hardware
Most Android devices have hardware support for AES via ARMv8 Cryptography Extensions. However for low-end devices, this is not supported, AES is slow.
Adiantum is Google's solution, which uses uses a fast hash (NH + Poly1305) and a fast stream cipher (XChaCha12).
Asymmetric cryptography uses key pairs: a public key, and a private key. The public key is mathematically related to the private key, but given sufficient key length, it is computationally impractical to derive the private key from the public key.
The public key is comprised of a string of random numbers and can be used to encrypt a message. Only the intended recipient can decipher and read this encrypted message and it can only be deciphered and read by using the associated private key, which is also made of a long string of random numbers.
This private key is secret and is known only to the recipient. As the public key is published for all the world to see.
X.509 certificate format uses a related public and private key pair to encrypt and decrypt a message.
X.509 digital certificate asserts the authenticity of the public key.
certificate = public key + identity
fields: X. 509 version, algorithm, issuer (the CA), subject (the identity the certificate is issued to), validity perirod.
- The most common use case of X.509-based PKI is TLS
- SSH keys are a form of X.509 certificate
Two major encoding schemes for X.509 certificates and keys: PEM (Base64 ASCII), and DER (binary).
PEM format: the most common format for X. 509 certificates, CSRs, and cryptographic keys. A PEM file is a text file containing one or more items in Base64 ASCII encoding, each with plain-text headers and footers.
-----BEGIN CERTIFICATE----- -----END CERTIFICATE-----
- obtain certificates from a variety of Issuers
- ensure the certificates are valid and up-to-date
- attempt to renew certificates at a configured time before expiry
- adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates.
Two types of certificates
- CA certificate: A CA certificate can issue other certificates. The top level, self-signed CA certificate is sometimes called the Root CA certificate. Other CA certificates are called intermediate CA or subordinate CA certificates.
- end-entity certificate. An end-entity certificate identifies the user, like a person, organization or business. An end-entity certificate cannot issue other certificates. An end-entity certificate is sometimes called a leaf certificate since no other certificates can be issued below it.
Abstract Syntax Notation One (ASN.1): an IDL (interface description language) to define data structures that can be serialized and deserialized in a cross-platform way.
Public key infrastructure (PKI)
PKI is sometimes used as a synonym for a CA implementation.
- Registration Authority (RA): accepts requests for digital certificates and authenticating the entity making the request; does NOT sign or issue certificates.
- Certificate Authority (CA): issuess certificates and publish the public keys associated with individuals' private keys.
- When a certificate is signed by a trusted CA, the certificate user can be confident that the certificate owner or hostname/domain has been validated, while self-signed certificates can be trusted to a lesser extent as the owner doesn't go through any additional validation before issuance.
- Validation Authority (VA): verifies the validity of a digital certificate. (does NOT issue or revoke certificates; it get updates from CA.)
- Central directory: a secure location in which keys are stored and indexed