Revolvy Trivia Quizzes Revolvy Lists Revolvy Topics

Cryptographic key types

A cryptographic key is a string of data that is used to lock or unlock cryptographic functions, including authentication, authorization and encryption. Cryptographic keys are grouped into cryptographic key types according to the functions they perform.[1]

Description

Consider a keyring that contains a variety of keys. These keys might be various shapes and sizes, but one thing is certain, each will generally serve a separate purpose. One key might be used to start an automobile, while another might be used to open a safety deposit box. The automobile key will not work to open the safety deposit box and vice versa. This analogy provides some insight on how cryptographic key types work. These keys are categorized in respect to how they are used and what properties they possess.

A cryptographic key is categorized according to how it will be used and what properties it has. For example, a key might have one of the following properties: Symmetric, Public or Private. Keys may also be grouped into pairs that have one private and one public key, which is referred to as an Asymmetric key pair.

Asymmetric versus symmetric keys

Asymmetric keys differ from symmetric keys in that the algorithms use separate keys for encryption and decryption while a symmetric key’s algorithm uses a single key for both processes. Because multiple keys are used with an asymmetric algorithm, the process takes longer to produce than a symmetric key algorithm would. However, the benefits lay in the fact that an asymmetric algorithm is much more secure than a symmetric key algorithm is.

With a symmetric key, the key needs to be transmitted to the receiver where there is always the possibility that the key could be intercepted or tampered with. With an asymmetric key, the message and/or accompanying data can be sent or received by using a public key; however, the receiver or sender would use his or her personal private key to access the message and/or accompanying data. Thus, asymmetric keys are suited for use for transmitting confidential messages and data and when authentication is required for assurance that the message has not be tampered with. Only the receiver whom is in possession of the public key’s corresponding private key has the ability to decode the message. A public key can be sent back and forth between recipients, but a private key remains fixed to one location and is not sent back and forth, which keeps it safe from being intercepted during transmission.[1]

Long term versus single use

Cryptographic keys may also have keys that designate they can be used for long-term (static, archived) use or used for a single session (ephemeral). The latter generally applies to the use of an Ephemeral Key Agreement Key. Most other key types are designed to last for long crypto-periods from about one to two years. When a shorter crypto-period is designed different key types may be used, such as Data Encryption keys, Symmetric Authentication keys, Private Key-Transport keys, Key-Wrapping keys, Authorization keys or RNG keys.[1]

Key types

This page shows the classification of key types from the point of view of key management. In a key management system, each key should be labeled with one such type and that key should never be used for a different purpose.

According to NIST SP 800-57 (Revision 4) the following types of keys exist[2] [1] [3] :

Private signature key
Private signature keys are the private keys of asymmetric (public) key pairs that are used by public key algorithms to generate digital signatures with possible long-term implications. When properly handled, private signature keys can be used to provide authentication, integrity and non-repudiation.
Public signature verification key
A public signature verification key is the public key of an asymmetric key pair that is used by a public key algorithm to verify digital signatures, either to authenticate a user's identity, to determine the integrity of the data, for non-repudiation, or a combination thereof.
Symmetric authentication key
Symmetric authentication keys are used with symmetric key algorithms to provide assurance of the integrity and source of messages, communication sessions, or stored data.
Private authentication key
A private authentication key is the private key of an asymmetric key pair that is used with a public key algorithm to provide assurance as to the integrity of information, and the identity of the originating entity or the source of messages, communication sessions, or stored data.
Public authentication key
A public authentication key is the public key of an asymmetric key pair that is used with a public key algorithm to determine the integrity of information and to authenticate the identity of entities, or the source of messages, communication sessions, or stored data.
Symmetric data encryption key
These keys are used with symmetric key algorithms to apply confidentiality protection to information.
Symmetric key wrapping key
Symmetric key wrapping keys are used to encrypt other keys using symmetric key algorithms. Key wrapping keys are also known as key encrypting keys.
Symmetric and asymmetric random number generation keys
These are keys used to generate random numbers.
Symmetric master key
A symmetric master key is used to derive other symmetric keys (e.g., data encryption keys, key wrapping keys, or authentication keys) using symmetric cryptographic methods.
Private key transport key
Private key transport keys are the private keys of asymmetric key pairs that are used to decrypt keys that have been encrypted with the associated public key using a public key algorithm. Key transport keys are usually used to establish keys (e.g., key wrapping keys, data encryption keys or MAC keys) and, optionally, other keying material (e.g., initialization vectors).
Public key transport key
Public key transport keys are the public keys of asymmetric key pairs that are used to encrypt keys using a public key algorithm. These keys are used to establish keys (e.g., key wrapping keys, data encryption keys or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors).
Symmetric key agreement key
These symmetric keys are used to establish keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors) using a symmetric key agreement algorithm.
Private static key agreement key
Private static key agreement keys are the private keys of asymmetric key pairs that are used to establish keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors).
Public static key agreement key
Public static key agreement keys are the public keys of asymmetric key pairs that are used to establish keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors).
Private ephemeral key agreement key
Private ephemeral key agreement keys are the private keys of asymmetric key pairs that are used only once to establish one or more keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors).
Public ephemeral key agreement key
Public ephemeral key agreement keys are the public keys of asymmetric key pairs that are used in a single key establishment transaction to establish one or more keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors).
Symmetric authorization key
Symmetric authorization keys are used to provide privileges to an entity using a symmetric cryptographic method. The authorization key is known by the entity responsible for monitoring and granting access privileges for authorized entities and by the entity seeking access to resources.
Private authorization key
A private authorization key is the private key of an asymmetric key pair that is used to provide privileges to an entity.
Public authorization key
A public authorization key is the public key of an asymmetric key pair that is used to verify privileges for an entity that knows the associated private authorization key.
References
  1. Reinholm, James H. "Classification of Cryptographic Keys (Functions & Properties)". Cryptomathic. Retrieved 12 June 2017.
  2. Barker, Elaine. "NIST Special Publication 800-57 Part 1 Revision 4: Recommendation for Key Management" (PDF). National Institute of Standards and Technology (NIST). Retrieved 12 June 2017.
  3. Spacey, John. "12 Types of Cryptographic Key". Simplicable. Retrieved 12 June 2017.
External links
Continue Reading...
Content from Wikipedia Licensed under CC-BY-SA.

Cryptographic key types

topic

A cryptographic key is a string of data that is used to lock or unlock cryptographic functions , including authentication , authorization and encryption . Cryptographic keys are grouped into cryptographic key types according to the functions they perform. Description Consider a keyring that contains a variety of keys. These keys might be various shapes and sizes, but one thing is certain, each will generally serve a separate purpose. One key might be used to start an automobile, while another might be used to open a safety deposit box. The automobile key will not work to open the safety deposit box and vice versa. This analogy provides some insight on how cryptographic key types work. These keys are categorized in respect to how they are used and what properties they possess. A cryptographic key is categorized according to how it will be used and what properties it has. For example, a key might have one of the following properties: Symmetric, Public or Private. Keys may also be grouped into pairs that have on ...more...



Key (cryptography)

topic

In cryptography , a key is a piece of information (a parameter ) that determines the functional output of a cryptographic algorithm . For encryption algorithms, a key specifies the transformation of plaintext into ciphertext , and vice versa for decryption algorithms. Keys also specify transformations in other cryptographic algorithms, such as digital signature schemes and message authentication codes . Need for secrecy In designing security systems, it is wise to assume that the details of the cryptographic algorithm are already available to the attacker. This is known as Kerckhoffs' principle — "only secrecy of the key provides security", or, reformulated as Shannon's maxim , "the enemy knows the system". The history of cryptography provides evidence that it can be difficult to keep the details of a widely used algorithm secret (see security through obscurity ). A key is often easier to protect (it's typically a small piece of information) than an encryption algorithm, and easier to change if compromised. T ...more...



Glossary of cryptographic keys

topic

This glossary lists types of keys as the term is used in cryptography , as opposed to door locks . Terms that are primarily used by the U.S. National Security Agency are marked (NSA). For classification of keys according to their usage see cryptographic key types . 40-bit key - key with a length of 40 bits , once the upper limit of what could be exported from the U.S. and other countries without a license. Considered very insecure. See key size for a discussion of this and other lengths. authentication key - Key used in a keyed-hash message authentication code, or HMAC . benign key - (NSA) a key that has been protected by encryption or other means so that it can be distributed without fear of its being stolen. Also called BLACK key . content-encryption key (CEK) a key that may be further encrypted using a KEK, where the content may be a message, audio, image, video, executable code, etc. crypto ignition key An NSA key storage device ( KSD-64 ) shaped to look like an ordinary physical key. cryptovariable - NSA ...more...



Public-key cryptography

topic

An unpredictable (typically large and random ) number is used to begin generation of an acceptable pair of keys suitable for use by an asymmetric key algorithm. In an asymmetric key encryption scheme, anyone can encrypt messages using the public key, but only the holder of the paired private key can decrypt. Security depends on the secrecy of the private key. In the Diffie–Hellman key exchange scheme, each party generates a public/private key pair and distributes the public key. After obtaining an authentic copy of each other's public keys, Alice and Bob can compute a shared secret offline. The shared secret can be used, for instance, as the key for a symmetric cipher . Public key cryptography , or asymmetrical cryptography , is any cryptographic system that uses pairs of keys : public keys which may be disseminated widely, and private keys which are known only to the owner. This accomplishes two functions: authentication , where the public key verifies a holder of the paired private key sent the message, and ...more...



Symmetric-key algorithm

topic

Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext . The keys may be identical or there may be a simple transformation to go between the two keys . The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link. This requirement that both parties have access to the secret key is one of the main drawbacks of symmetric key encryption, in comparison to public-key encryption (also known as asymmetric key encryption ). Types of symmetric-key algorithms Symmetric-key encryption can use either stream ciphers or block ciphers . Stream ciphers encrypt the digits (typically bytes) of a message one at a time. Block ciphers take a number of bits and encrypt them as a single unit, padding the plaintext so that it is a multiple of the block size. Blocks of 64 bits were commonly used. The Advanced Encryption Standard (AES) algorithm approved by NIST i ...more...



Key size

topic

In cryptography , key size or key length is the number of bits in a key used by a cryptographic algorithm (such as a cipher ). Key length defines the upper-bound on an algorithm's security (i.e., a logarithmic measure of the fastest known attack against an algorithm, relative to the key length), since the security of all algorithms can be violated by brute force attacks . Ideally, key length would coincide with the lower-bound on an algorithm's security. Indeed, most symmetric-key algorithms are designed to have security equal to their key length. However, after design, a new attack might be discovered. For instance, Triple DES was designed to have a 168 bit key, but an attack of complexity 2 is now known (i.e., Triple DES has 112 bits of security). Nevertheless, as long as the relation between key length and security is sufficient for a particular application, then it doesn't matter if key length and security coincide. This is important for asymmetric-key algorithms , because no such algorithm is known to s ...more...



Cryptographic protocol

topic

A security protocol ( cryptographic protocol or encryption protocol ) is an abstract or concrete protocol that performs a security -related function and applies cryptographic methods, often as sequences of cryptographic primitives . A protocol describes how the algorithms should be used. A sufficiently detailed protocol includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program. Cryptographic protocols are widely used for secure application-level data transport. A cryptographic protocol usually incorporates at least some of these aspects: Key agreement or establishment Entity authentication Symmetric encryption and message authentication material construction Secured application-level data transport Non-repudiation methods Secret sharing methods Secure multi-party computation For example, Transport Layer Security (TLS) is a cryptographic protocol that is used to secure web ( HTTP / HTTPS ) connections. It has an entity a ...more...



Cryptography

topic

German Lorenz cipher machine, used in World War II to encrypt very-high-level general staff messages Cryptography or cryptology (from Greek κρυπτός kryptós, "hidden, secret"; and γράφειν graphein, "writing", or -λογία -logia , "study", respectively ) is the practice and study of techniques for secure communication in the presence of third parties called adversaries . More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages; various aspects in information security such as data confidentiality , data integrity , authentication , and non-repudiation are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics , computer science , electrical engineering , communication science , and physics . Applications of cryptography include electronic commerce , chip-based payment cards , digital currencies , computer passwords , and military communications . Cryptography prior to ...more...



PKCS

topic

In cryptography , PKCS stands for "Public Key Cryptography Standards". These are a group of public-key cryptography standards devised and published by RSA Security Inc, starting in the early 1990s. The company published the standards to promote the use of the cryptography techniques to which they had patents , such as the RSA algorithm , the Schnorr signature algorithm and several others. Though not industry standards (because the company retained control over them), some of the standards in recent years have begun to move into the " standards-track " processes of relevant standards organizations such as the IETF and the PKIX working-group. PKCS Standards Summary Version Name Comments PKCS #1 2.2 RSA Cryptography Standard See RFC 8017 . Defines the mathematical properties and format of RSA public and private keys ( ASN.1 -encoded in clear-text), and the basic algorithms and encoding/padding schemes for performing RSA encryption, decryption, and producing and verifying signatures. PKCS #2 - Withdrawn No longer ...more...



Cryptographic hash function

topic

A cryptographic hash function (specifically SHA-1 ) at work. A small change in the input (in the word "over") drastically changes the output (digest). This is the so-called avalanche effect . A cryptographic hash function is a special class of hash function that has certain properties which make it suitable for use in cryptography . It is a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size (a hash) which is designed to also be a one-way function , that is, a function which is infeasible to invert. The only way to recreate the input data from an ideal cryptographic hash function's output is to attempt a brute-force search of possible inputs to see if they produce a match, or use a rainbow table of matched hashes. Bruce Schneier has called one-way hash functions "the workhorses of modern cryptography". The input data is often called the message, and the output (the hash value or hash) is often called the message digest or simply the digest. The ideal cryptographic hash fun ...more...



Encryption

topic

In cryptography , encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. Encryption does not itself prevent interference, but denies the intelligible content to a would-be interceptor. In an encryption scheme, the intended information or message, referred to as plaintext , is encrypted using an encryption algorithm – a cipher – generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, considerable computational resources and skills are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients but not to unauthorized users. Types Symmetric key / Private key In symmetric-key schemes, the encryption and decryption ...more...

Member feedback about Encryption:

Folder: ruz

(lolitamar)

ertgxd('g


Key party

topic

Key party may refer to: A key party , a type of swinger sex event A key signing party , an event at which people present cryptographic keys to others in person for identity verification Key party may refer to: A key party , a type of swinger sex event A key signing party , an event at which people present cryptographic keys to others in person for identity verification ...more...



NSA product types

topic

The U.S. National Security Agency (NSA) ranks cryptographic products or algorithms by a certification called product types . Product types are defined in the National Information Assurance Glossary (CNSSI No. 4009) which defines Type 1 products, Type 2 products, Type 3 algorithms, and Type 4 algorithms. Type 1 product A Type 1 product is a device or system certified by NSA for use in cryptographically securing classified U.S. Government information . A Type 1 product is defined as: Type 1 certification is a rigorous process that includes testing and formal analysis of (among other things) cryptographic security, functional security, tamper resistance , emissions security ( EMSEC / TEMPEST ), and security of the product manufacturing and distribution process. Type 2 product Type 2 products are unclassified cryptographic equipment, assemblies, or components, endorsed by the National Security Agency (NSA), for use in telecommunications and automated information systems for the protection of national security inf ...more...



Strong cryptography

topic

Strong cryptography or cryptographically strong are general terms applied to cryptographic systems or components that are considered highly resistant to cryptanalysis . Demonstrating the resistance of any cryptographic scheme to attack is a complex matter, requiring extensive testing and reviews, preferably in a public forum. Good algorithms and protocols are required, and good system design and implementation is needed as well. For instance, the operating system on which the cryptographic software runs should be as carefully secured as possible. Users may handle passwords insecurely, or trust 'service' personnel overly much, or simply misuse the software. (See social engineering .) "Strong" thus is an imprecise term and may not apply in particular situations. Background The use of computers changed the process of cryptanalysis, famously with Bletchley Park 's Colossus . But just as the development of digital computers and electronics helped in cryptanalysis, it also made possible much more complex ciphers. I ...more...



Key Management Interoperability Protocol

topic

The Key Management Interoperability Protocol ( KMIP ) is an extensible communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server. This facilitates data encryption by simplifying encryption key management. Keys may be created on a server and then retrieved, possibly wrapped by other keys. Both symmetric and asymmetric keys are supported, including the ability to sign certificates. KMIP also allows for clients to ask a server to encrypt or decrypt data, without needing direct access to the key. The KMIP standard was first released in 2010 and has since become the industry standard for key management. Vendors have demonstrated commercially available clients and servers at every recent RSA Conference . The KMIP standard effort is governed by the OASIS standards body . Technical details can also be found on the official KMIP page and wiki . Description A KMIP server stores and controls Managed Objects such as symmetric and asymmetric keys, certific ...more...



NSA cryptography

topic

The vast majority of the National Security Agency 's work on encryption is classified , but from time to time NSA participates in standards processes or otherwise publishes information about its cryptographic algorithms. The NSA has categorized encryption items into four product types, and algorithms into two suites. The following is a brief and incomplete summary of public knowledge about NSA algorithms and protocols. Type 1 Product A Type 1 Product refers to an NSA endorsed classified or controlled cryptographic item for classified or sensitive U.S. government information, including cryptographic equipment, assembly or component classified or certified by NSA for encrypting and decrypting classified and sensitive national security information when appropriately keyed. Name Type Specification Use Equipment (incomplete list) ACCORDIAN (or ACCORDION) R21-TECH-13-00, "ACCORDIAN 3.0 Specification" (August 2000) AIM (1999 and 2004 brochures), SafeXcel-3340 , PSIAM AES (256-bit keys only) Block cipher FIPS 197 Num ...more...



Diffie–Hellman key exchange

topic

Prior to public key methods like Diffie–Hellman, cryptographic keys had to be transmitted in physical form such as this World War II list of keys for the German Enigma cipher machine . Diffie–Hellman key exchange ( DH ) is a method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as originally conceptualized by Ralph Merkle and named after Whitfield Diffie and Martin Hellman . DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography . Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical channel, such as paper key lists transported by a trusted courier . The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel . This key can then be used to encrypt subsequent communications using a symmetric key cipher . Diffi ...more...



Key management

topic

Key management is the name of management of cryptographic keys in a cryptosystem . This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol design, key servers , user procedures, and other relevant protocols. Key management concerns keys at the user level, either between users or systems. This is in contrast to key scheduling , which typically refers to the internal handling of keys within the operation of a cipher. Successful key management is critical to the security of a cryptosystem. It is the more challenging side of cryptography in a sense that it involves aspects of social engineering such as system policy, user training, organizational and departmental interactions, and coordination between all of these elements, in contrast to pure mathematical practices that can be automated. Types of keys Cryptographic systems may use different types of keys, with some systems using more than one. These may include ...more...



Post-quantum cryptography

topic

Post-quantum cryptography refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against an attack by a quantum computer . As of 2017, this is not true for the most popular public-key algorithms, which can be efficiently broken by a sufficiently large hypothetical quantum computer. The problem with currently popular algorithms is that their security relies on one of three hard mathematical problems: the integer factorization problem , the discrete logarithm problem or the elliptic-curve discrete logarithm problem . All of these problems can be easily solved on a sufficiently powerful quantum computer running Shor's algorithm . Even though current, publicly known, experimental quantum computers are too small to attack any real cryptographic algorithm, many cryptographers are designing new algorithms to prepare for a time when quantum computing becomes a threat. This work has gained greater attention from academics and industry through the PQCrypto conference series ...more...



Digital signature

topic

A digital signature is a mathematical scheme for demonstrating the authenticity of digital messages or documents. A valid digital signature gives a recipient reason to believe that the message was created by a known sender ( authentication ), that the sender cannot deny having sent the message ( non-repudiation ), and that the message was not altered in transit ( integrity ). Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software distribution, financial transactions, contract management software , and in other cases where it is important to detect forgery or tampering. Explanation Digital signatures are often used to implement electronic signatures , a broader term that refers to any electronic data that carries the intent of a signature, but not all electronic signatures use digital signatures. In some countries, including the United States, Turkey , India , Brazil, Indonesia, Mexico , Saudi Arabia, Switzerland and the countries of the Europea ...more...



History of cryptography

topic

Cryptography, the use of codes and ciphers to protect secrets, began thousands of years ago. Until recent decades, it has been the story of what might be called classic cryptography — that is, of methods of encryption that use pen and paper, or perhaps simple mechanical aids. In the early 20th century, the invention of complex mechanical and electromechanical machines, such as the Enigma rotor machine , provided more sophisticated and efficient means of encryption; and the subsequent introduction of electronics and computing has allowed elaborate schemes of still greater complexity, most of which are entirely unsuited to pen and paper. The development of cryptography has been paralleled by the development of cryptanalysis — the "breaking" of codes and ciphers . The discovery and application, early on, of frequency analysis to the reading of encrypted communications has, on occasion, altered the course of history. Thus the Zimmermann Telegram triggered the United States' entry into World War I; and Allied read ...more...



Certificateless cryptography

topic

Certificateless cryptography is a variant of ID-based cryptography intended to prevent the key escrow problem. Ordinarily, keys are generated by a certificate authority or a key generation center (KGC) who is given complete power and is implicitly trusted. To prevent a complete breakdown of the system in the case of a compromised KGC, the key generation process is split between the KGC and the user. The KGC first generates a key pair, where the private key is now the partial private key of the system. The remainder of the key is a random value generated by the user, and is never revealed to anyone, not even the KGC. All cryptographic operations by the user are performed by using a complete private key which involves both the KGC's partial key, and the user's random secret value. One disadvantage of this is that the identity information no longer forms the entire public key. Meaning, the user's public key is not discoverable from only the user's identity string and the KGC's public key. Thus, the user's public ...more...



Advanced Encryption Standard

topic

The Advanced Encryption Standard ( AES ), also known by its original name Rijndael ( Dutch pronunciation: ), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a subset of the Rijndael cipher developed by two Belgian cryptographers, Vincent Rijmen and Joan Daemen , who submitted a proposal to NIST during the AES selection process. Rijndael is a family of ciphers with different key and block sizes. For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits. AES has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES), which was published in 1977. The algorithm described by AES is a symmetric-key algorithm , meaning the same key is used for both encrypting and decrypting the data. In the United States, AES was announced by the NIST as U.S. FIPS PUB 197 (FIPS 1 ...more...



Public key infrastructure

topic

A public key infrastructure ( PKI ) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred. In cryptography , a PKI is an arrangement that binds public keys with respective identities of entities (like people and organizations). The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA). Depending on the assurance level of the binding, this may be carried out by an automated process or under human supervision. The PKI ...more...



Hash-based message authentication code

topic

In cryptography , a keyed-hash message authentication code ( HMAC ) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key . It may be used to simultaneously verify both the data integrity and the authentication of a message , as with any MAC. Any cryptographic hash function, such as MD5 or SHA-1 , may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-X, where X is the hash function used (e.g. HMAC-MD5 or HMAC-SHA1). The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output, and the size and quality of the key. HMAC generation uses two passes of hash computation. The secret key is first used to derive two keys – inner and outer. The first pass of the algorithm produces an internal hash derived from the message and the inner key. The second pass produces the final HMAC code derived from the inner hash result and the outer key. ...more...



Ephemeral key

topic

A cryptographic key is called ephemeral if it is generated for each execution of a key establishment process. In some cases ephemeral keys are used more than once, within a single session (e.g., in broadcast applications) where the sender generates only one ephemeral key pair per message and the private key is combined separately with each recipient's public key . Contrast with a static key . Private ephemeral key agreement key: Private ephemeral key agreement keys are the private keys of asymmetric key pairs that are used only once to establish one or more keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors). Public ephemeral key agreement key: Public ephemeral key agreement keys are the public keys of asymmetric key pairs that are used in a single key establishment transaction to establish one or more keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization ...more...



NaCl (software)

topic

NaCl (pronounced "salt") is an abbreviation for "Networking and Cryptography library", a public domain "...high-speed software library for network communication, encryption, decryption, signatures, etc". NaCl was created by the mathematician and programmer Daniel J. Bernstein who is best known for the creation of qmail and Curve25519 . The core team also includes Tanja Lange and Peter Schwabe. The main goal while creating NaCl, according to the paper, was to "avoid various types of cryptographic disasters suffered by previous cryptographic libraries". Basic functions Public-key cryptography Authenticated encryption using Curve25519 , Salsa20 , and Poly1305 . Signatures using Ed25519 . Key agreement using Curve25519 . Secret-key cryptography Authenticated encryption using Salsa20 and Poly1305 . Encryption using Salsa20 or AES . Authentication using HMAC-SHA-512-256 . One-time authentication using Poly1305 . Low-level functions Hashing using SHA-512 or SHA-256 . String comparison. Implementations Reference im ...more...



Snake oil (cryptography)

topic

In cryptography , snake oil is any cryptographic method or product considered to be bogus or fraudulent. The name derives from snake oil , one type of patent medicine widely available in 19th century United States . Distinguishing secure cryptography from insecure cryptography can be difficult from the viewpoint of a user. Many cryptographers, such as Bruce Schneier and Phil Zimmermann , undertake to educate the public in how secure cryptography is done, as well as highlighting the misleading marketing of some cryptographic products. The Snake Oil FAQ describes itself as, "a compilation of common habits of snake oil vendors. It cannot be the sole method of rating a security product, since there can be exceptions to most of these rules. [...] But if you're looking at something that exhibits several warning signs, you're probably dealing with snake oil." Some examples of snake oil cryptography techniques This is not an exhaustive list of snake oil signs. A more thorough list is given in the external articles li ...more...



Cryptography law

topic

Cryptography is the practice and study of encrypting information , or in other words, securing information from unauthorized access. There are many different cryptography laws in different nations . Some countries prohibit export of cryptography software and/or encryption algorithms or cryptoanalysis methods. In some countries a license is required to use encryption software, and a few countries ban citizens from encrypting their internet communication. Some countries require decryption keys to be recoverable in case of a police investigation. Overview Issues regarding cryptography law fall into four categories: Export control, which is the restriction on export of cryptography methods within a country to other countries or commercial entities. There are international export control agreements, the main one being the Wassenaar Arrangement . The Wassenaar Arrangement was created after the dissolution of COCOM (Coordinating committee for Multilateral Export Controls), which in 1989 "decontrolled password and au ...more...



Cryptographic Service Provider

topic

In Microsoft Windows , a Cryptographic Service Provider (CSP) is a software library that implements the Microsoft CryptoAPI (CAPI). CSPs implement encoding and decoding functions, which computer application programs may use, for example, to implement strong user authentication or for secure email. CSPs are independent modules that can be used by different applications. A user program calls CryptoAPI functions and these are redirected to CSPs functions. Since CSPs are responsible for implementing cryptographic algorithms and standards, applications do not need to be concerned about security details. Furthermore, one application can define which CSP it is going to use on its calls to CryptoAPI. In fact, all cryptographic activity is implemented in CSPs. CryptoAPI only works as a bridge between the application and the CSP. CSPs are implemented basically as a special type of DLL with special restrictions on loading and use. Every CSP must be digitally signed by Microsoft and the signature is verified when Windows ...more...



Wiener's attack

topic

The Wiener's attack , named after cryptologist Michael J. Wiener, is a type of cryptographic attack against RSA . The attack uses the continued fraction method to expose the private key d when d is small. Background on RSA Before we discuss how Wiener's attack works, we will first briefly explain how RSA works. For more details see the main entry on the RSA cryptosystem. Let Alice and Bob be two people who want to communicate securely. More specifically, Alice wants to send a message to Bob which only Bob can read. First Bob chooses two primes p and q. Then he calculates the RSA modulus N = pq. This RSA modulus is made public together with the encryption exponent e. N and e form the public key pair (e,N). By making this information public, anyone can encrypt messages to Bob. The decryption exponent d satisfies e d = 1 mod φ ( N ) {\displaystyle ed=1{\bmod {\varphi }}(N)} , where φ ( N ) = ( p − 1 ) ( q − 1 ) {\displaystyle \varphi (N)=(p-1)(q-1)} , is Euler’s phi function (note: this is the order of the multi ...more...



Internet Key Exchange

topic

In computing , Internet Key Exchange ( IKE , sometimes IKEv1 or IKEv2 , depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP . IKE uses X.509 certificates for authentication ‒ either pre-shared or distributed using DNS (preferably with DNSSEC ) and a Diffie–Hellman key exchange ‒ to set up a shared session secret from which cryptographic keys are derived. In addition, a security policy for every peer which will connect must be manually maintained. History The Internet Engineering Task Force (IETF) originally defined IKE in November 1998 in a series of publications ( Request for Comments ) known as RFC 2407 , RFC 2408 and RFC 2409 : RFC 2407 defined The Internet IP Security Domain of Interpretation for ISAKMP. RFC 2408 Internet Security Association and Key Management Protocol (ISAKMP) RFC 2409 defined The Internet Key Exchange (IKE) RFC 4306 updated IKE to version two (IKEv2) in December 2005. RFC 4718 cl ...more...



Filesystem-level encryption

topic

Filesystem-level encryption , often called file/folder encryption , is a form of disk encryption where individual files or directories are encrypted by the file system itself. This is in contrast to full disk encryption where the entire partition or disk, in which the file system resides, is encrypted. Types of filesystem-level encryption include: the use of a 'stackable' cryptographic filesystem layered on top of the main file system a single general-purpose file system with encryption The advantages of filesystem-level encryption include: flexible file-based key management , so that each file can be and usually is encrypted with a separate encryption key individual management of encrypted files e.g. incremental backups of the individual changed files even in encrypted form, rather than backup of the entire encrypted volume access control can be enforced through the use of public-key cryptography , and the fact that cryptographic keys are only held in memory while the file that is decrypted by them is held o ...more...



Session key

topic

A session key is a single-use symmetric key used for encrypting all messages in one communication session . A closely related term is content encryption key ( CEK ), traffic encryption key ( TEK ), or multicast key which refers to any key used to encrypt messages, as opposed to other uses, like encrypting other keys ( key encryption key ( KEK ) or key wrapping key ). Session keys can introduce complication into a system. However, they solve some real problems. There are two primary reasons to use session keys: Several cryptanalytic attacks become easier as more material encrypted with a specific key is available. By limiting the amount of data processed using a particular key, those attacks are made more difficult. asymmetric encryption is too slow for many purposes, and all secret key algorithms require that the key is securely distributed. By using an asymmetric algorithm to encrypt the secret key for another, faster, symmetric algorithm, it's possible to improve overall performance considerably. This is th ...more...



Hash-based cryptography

topic

Hash-based cryptography is the generic term for constructions of cryptographic primitives based on the security of hash functions . So far, hash-based cryptography is limited to digital signatures schemes such as the Merkle signature scheme . Hash-based signature schemes combine a one-time signature scheme with a Merkle tree structure. Since a one-time signature scheme key can only sign a single message securely, it is practical to combine many such keys within a single, larger structure. A Merkle tree structure is used to this end. In this hierarchical data structure, a hash function and concatenation are used repeatedly to compute tree nodes. Lamport signatures are an example of a one-time signature scheme that can be combined with a Merkle tree structure. Hash-based cryptography is a type of post-quantum cryptography . History Ralph Merkle invented hash-based signatures in 1979. The XMSS (eXtended Merkle Signature Scheme) and SPHINCS hash-based signature schemes were introduced in 2011 and 2015, respect ...more...



Cryptographically secure pseudorandom number generator

topic

A cryptographically secure pseudo-random number generator ( CSPRNG ) or cryptographic pseudo-random number generator ( CPRNG ) is a pseudo-random number generator (PRNG) with properties that make it suitable for use in cryptography . Many aspects of cryptography require random numbers, for example: key generation nonces one-time pads salts in certain signature schemes, including ECDSA , RSASSA-PSS The "quality" of the randomness required for these applications varies. For example, creating a nonce in some protocols needs only uniqueness. On the other hand, generation of a master key requires a higher quality, such as more entropy . And in the case of one-time pads , the information-theoretic guarantee of perfect secrecy only holds if the key material comes from a true random source with high entropy. Ideally, the generation of random numbers in CSPRNGs uses entropy obtained from a high-quality source, generally the operating system's randomness API. However, unexpected correlations have been found in several ...more...



Cryptanalysis

topic

Cryptanalysis (from the Greek kryptós, "hidden", and analýein, "to loosen" or "to untie") is the study of analyzing information systems in order to study the hidden aspects of the systems. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown. In addition to mathematical analysis of cryptographic algorithms, cryptanalysis includes the study of side-channel attacks that do not target weaknesses in the cryptographic algorithms themselves, but instead exploit weaknesses in their implementation. Even though the goal has been the same, the methods and techniques of cryptanalysis have changed drastically through the history of cryptography, adapting to increasing cryptographic complexity, ranging from the pen-and-paper methods of the past, through machines like the British Bombes and Colossus computers at Bletchley Park in World War II , to the mathematically advanced computerized schemes of the present. Method ...more...



Outline of cryptography

topic

The following outline is provided as an overview of and topical guide to cryptography: Cryptography (or cryptology ) – practice and study of hiding information . Modern cryptography intersects the disciplines of mathematics , computer science , and engineering . Applications of cryptography include ATM cards , computer passwords , and electronic commerce . Essence of cryptography Cryptographer Encryption / decryption Cryptographic key Cipher Ciphertext Plaintext Code Tabula recta Alice and Bob Uses of cryptographic techniques Commitment schemes Secure multiparty computation Electronic voting Authentication Digital signatures Crypto systems Dining cryptographers problem Anonymous remailer Pseudonymity Anonymous internet banking Onion routing Digital currency Secret sharing Branches of cryptography Cryptographic engineering Multivariate cryptography Post-quantum cryptography Quantum cryptography Steganography Visual cryptography History of cryptography Japanese cryptology from the 1500s to Meiji World War I cry ...more...



Security token

topic

Security tokens are physical devices used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Examples include a wireless keycard opening a locked door, or in the case of a customer trying to access their bank account online, the use of a bank provided token can prove that the customer is who they claim to be. Some tokens may store cryptographic keys , such as a digital signature , or biometric data, such as fingerprint details. Some may also store passwords . Some designs feature tamper resistant packaging, while others may include small keypads to allow entry of a PIN or a simple button to start a generating routine with some display capability to show a generated key number. Special designs include a USB connector, RFID functions or Bluetooth wireless interface to enable transfer of a generated key number sequence to a client system. Password types All tokens contain some secret information ...more...



Static key

topic

A cryptographic key is called static if it is intended for use for a relatively long period of time and is typically intended for use in many instances of a cryptographic key establishment scheme. Contrast with an ephemeral key . See also Cryptographic key types Recommendation for Key Management — Part 1: general, NIST Special Publication 800-57 NIST Cryptographic Toolkit A cryptographic key is called static if it is intended for use for a relatively long period of time and is typically intended for use in many instances of a cryptographic key establishment scheme. Contrast with an ephemeral key . See also Cryptographic key types Recommendation for Key Management — Part 1: general, NIST Special Publication 800-57 NIST Cryptographic Toolkit ...more...



Communications security

topic

PRC-77 VHF radio with digital voice encryption device Communications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients. In the North Atlantic Treaty Organization culture, including United States Department of Defense culture, it is often referred to by the abbreviation COMSEC . The field includes cryptographic security , transmission security , emissions security and physical security of COMSEC equipment and associated keying material. COMSEC is used to protect both classified and unclassified traffic on military communications networks, including voice, video, and data. It is used for both analog and digital applications, and both wired and wireless links. Voice over secure internet protocol VOSIP has become the de facto standard for securing voice communication, replacing the need for Secure Terminal Equipment (STE) in much of NATO, including the U.S.A. USCENTCOM moved entire ...more...



ID-based cryptography

topic

Identity-based cryptography is a type of public-key cryptography in which a publicly known string representing an individual or organization is used as a public key . The public string could include an email address, domain name, or a physical IP address. The first implementation of identity-based signatures and an email-address based public-key infrastructure (PKI) was developed by Adi Shamir in 1984, which allowed users to verify digital signatures using only public information such as the user's identifier. Under Shamir's scheme, a trusted third party would deliver the private key to the user after verification of the user's identity, with verification essentially the same as that required for issuing a certificate in a typical PKI. Shamir similarly proposed identity-based encryption , which appeared particularly attractive since there was no need to acquire an identity's public key prior to encryption. However, he was unable to come up with a concrete solution, and identity-based encryption remained an o ...more...



Brute-force attack

topic

The EFF 's US$250,000 DES cracking machine contained over 1,800 custom chips and could brute-force a DES key in a matter of days. The photograph shows a DES Cracker circuit board fitted on both sides with 64 Deep Crack chips. In cryptography , a brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function . This is known as an exhaustive key search . A brute-force attack is a cryptanalytic attack that can, in theory, be used to attempt to decrypt any encrypted data (except for data encrypted in an information-theoretically secure manner). Such an attack might be used when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. When pas ...more...



S/KEY

topic

S/KEY is a one-time password system developed for authentication to Unix-like operating systems , especially from dumb terminals or untrusted public computers on which one does not want to type a long-term password. A user's real password is combined in an offline device with a short set of characters and a decrementing counter to form a single-use password. Because each password is only used once, they are useless to password sniffers . Because the short set of characters does not change until the counter reaches zero, it is possible to prepare a list of single-use passwords, in order, that can be carried by the user. Alternatively, the user can present the password, characters, and desired counter value to a local calculator to generate the appropriate one-time password that can then be transmitted over the network in the clear. The latter form is more common and practically amounts to challenge-response authentication . S/KEY is supported in Linux (via pluggable authentication modules ), OpenBSD , NetBSD , ...more...



Index of cryptography articles

topic

Articles related to cryptography include: 0-9 3-D Secure • 3-subset meet-in-the-middle attack • 3-Way • 40-bit encryption • 56-bit encryption • 5-UCO • A A5/1 • A5/2 • ABA digital signature guidelines • ABC (stream cipher) • Abraham Sinkov • Acoustic cryptanalysis • Adaptive chosen-ciphertext attack • Adaptive chosen plaintext and chosen ciphertext attack • Advantage (cryptography) • ADFGVX cipher • Adi Shamir • Advanced Access Content System • Advanced Encryption Standard • Advanced Encryption Standard process • Adversary • AEAD block cipher modes of operation • Affine cipher • Agnes Meyer Driscoll • AKA (security) • Akelarre (cipher) • Alan Turing • Alastair Denniston • Al Bhed language • Alex Biryukov • Alfred Menezes • Algebraic Eraser • Algorithmically random sequence • Alice and Bob • All-or-nothing transform • Alphabetum Kaldeorum • Alternating step generator • American Cryptogram Association • AN/CYZ-10 • Anonymous internet banking • Anonymous publication • Anonymous remailer • Antoni Palluth • Anubis ...more...



Key

topic

Look up key in Wiktionary, the free dictionary. Key may refer to: Common meanings Cay , also spelled key, a small, low-elevation, sandy island formed on the surface of a coral reef Key (cryptography) , a piece of information that controls the operation of a cryptography algorithm Key (engineering) , a type of coupling used to transmit rotation between a shaft and an attached item Key (electrical) , mechanical component in a plug and/or socket which prevents mating except with a correctly oriented matching connector Key (lock) , a device used to open a lock such as in a door, safe, or other openings to objects or places. Key (map) , a guide to a map's symbology Key, a guide to colours and symbols used in a data chart , graph, plot or diagram Places In the United States Key, Alabama Key, Ohio Key, West Virginia Keys, Oklahoma Florida Keys , an archipelago of about 1700 islands in the southeast United States Elsewhere Key Island , Tasmania, Australia Key, Iran , a village in Isfahan Province, Iran People Key (si ...more...



PKCS 12

topic

In cryptography , PKCS #12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust . A PKCS #12 file may be encrypted and signed. The internal storage containers, called "SafeBags", may also be encrypted and signed. A few SafeBags are predefined to store certificates, private keys and CRLs . Another SafeBag is provided to store any other data at individual implementer's choice. PKCS #12 is one of the family of standards called Public-Key Cryptography Standards (PKCS) published by RSA Laboratories . The filename extension for PKCS #12 files is " .p12 " or " .pfx ". These files can be created, parsed and read out with the OpenSSL pkcs12 command. Relationship to PFX file format PKCS #12 is the successor to Microsoft 's "PFX"; however, the terms "PKCS #12 file" and "PFX file" are sometimes used interchangeably. Microsoft's "PFX" has received heavy criticism of bei ...more...



Web cryptography API

topic

The Web Cryptography API is the World Wide Web Consortium ’s (W3C) recommendation for a low-level interface that would increase the security of web applications by allowing them to perform cryptographic functions without having to access raw keying material. This agnostic API would perform basic cryptographic operations, such as hashing , signature generation and verification and encryption as well as decryption from within a web application. Description The World Wide Web Consortium (W3C) was founded in 1994 by Tim Berners-Lee who is the original architect of the World Wide Web. This consortium consists of international companies that are involved with the Internet and the World Wide Web. Its purpose is to develop open standards and provide recommendations that will allow the Web to continue to evolve in a single direction versus splintering into different factions that could potentially compete against one another. On 15 December 2016, the W3C released its recommendation for a Web Cryptography API that cou ...more...



PKCS 11

topic

In cryptography , PKCS #11 is one of the Public-Key Cryptography Standards , and also refers to the programming interface to create and manipulate cryptographic tokens. Detail The PKCS #11 standard defines a platform-independent API to cryptographic tokens , such as hardware security modules (HSM) and smart cards , and names the API itself "Cryptoki" (from "cryptographic token interface" and pronounced as "crypto-key" - but "PKCS #11" is often used to refer to the API as well as the standard that defines it). The API defines most commonly used cryptographic object types ( RSA keys, X.509 Certificates, DES / Triple DES keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects. Usage Most commercial certificate authority software uses PKCS #11 to access the CA signing key or to enroll user certificates. Cross-platform software that needs to use smart cards uses PKCS #11, such as Mozilla Firefox and OpenSSL (using an extension). It is also used to access smart cards and H ...more...



Challenge–response authentication

topic

In computer security , challenge–response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authenticated . The simplest example of a challenge–response protocol is password authentication, where the challenge is asking for the password and the valid response is the correct password. Clearly an adversary who can eavesdrop on a password authentication can then authenticate itself in the same way. One solution is to issue multiple passwords, each of them marked with an identifier. The verifier can ask for any of the passwords, and the prover must have that correct password for that identifier. Assuming that the passwords are chosen independently, an adversary who intercepts one challenge–response message pair has no clues to help with a different challenge at a different time. For example, when other communications security methods are unavailable, the U.S. military uses the AKAC-1553 TRIAD numeral cipher ...more...




Next Page
Javascript Version
Revolvy Server https://www.revolvy.com