openpgp-notes/book/source/03-cryptography.md

112 lines
4.9 KiB
Markdown
Raw Normal View History

(cyrptography_chapter)=
2023-09-29 19:01:22 +02:00
# Cryptographic concepts and terms
2023-09-28 17:53:56 +02:00
```{admonition} VISUAL
:class: warning
2023-09-21 13:09:48 +02:00
- Introduce visualizations for cryptographic primitives
2023-09-26 20:06:44 +02:00
- Show example visualizations for operations? (encrypt/decrypt and signing/verification - only if we're going to reuse the visual primitives later)
```
2023-09-26 20:06:44 +02:00
## (Cryptographic) hash functions
2023-09-28 17:53:56 +02:00
[(Cryptographic) hash functions](https://en.wikipedia.org/wiki/Cryptographic_hash_function) map binary data of arbitrary length to a fixed size "hash" (hashes are also sometimes called "digests").
2023-09-28 16:02:30 +02:00
2023-09-26 20:06:44 +02:00
## Symmetric-key cryptography
[Symmetric-key cryptography](https://en.wikipedia.org/wiki/Symmetric-key_algorithm) uses the same cryptographic key for both encryption and decryption. Symmetric-key cryptographic systems support *encryption/decryption* operations.
Participants in symmetric-key operations need to exchange the shared secret over a secure channel.
2023-09-28 17:53:56 +02:00
```{admonition} VISUAL
2023-09-26 20:06:44 +02:00
:class: warning
- visualization? (maybe a black key icon, following wikipedia's example?)
```
2023-09-29 19:01:22 +02:00
### Benefits and downsides
2023-09-28 16:02:30 +02:00
2023-09-29 19:01:22 +02:00
Symmetric-key cryptography has major benefits: it is much faster than public-key cryptography (see below). Also, most current symmetric cryptographic algorithms are considered quantum-resistant.
2023-09-28 17:53:56 +02:00
2023-09-29 19:01:22 +02:00
However, exchanging the required shared secret is a problem that needs to be solved separately.
[Hybrid cryptosystems](hybrid_cryptosystems) (see below) are one common approach to leverage the benefits of symmetric-key cryptography, while handling the shared secret with a separate mechanism (using public-key cryptography).
2023-09-28 16:02:30 +02:00
2023-09-26 20:06:44 +02:00
### Symmetric-key cryptography in OpenPGP
2023-09-29 19:01:22 +02:00
Symmetric cryptography is used in OpenPGP as part of a hybrid cryptosystem.
2023-09-26 20:06:44 +02:00
Where symmetric keys are used in OpenPGP, they are referred to as "session keys."
### Authenticated encryption with associated data (AEAD)
2023-09-28 17:53:56 +02:00
[Authenticated encryption](https://en.wikipedia.org/wiki/Authenticated_encryption) is a class of cryptographic schemes that gives additional guarantees besides confidentiality.
2023-09-28 16:02:30 +02:00
2023-09-29 19:01:22 +02:00
In OpenPGP version 6, AEAD is used to solve the problem of "malleability": In past versions of the OpenPGP protocol, some malicious changes to ciphertext were undetectable. With AEAD, undetected changes of ciphertext are not possible.
2023-09-26 20:06:44 +02:00
## Public-key, or asymmetric cryptography
[Public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) systems use asymmetric pairs of related keys. Public-key cryptographic systems support *encryption/decryption* and *digital signature* operations.
2023-09-29 19:01:22 +02:00
Public-key cryptography doesn't require participants to pre-arrange a shared secret.
### Asymmetric cryptographic key pairs
In many places, we'll deal with asymmetric cryptographic key pairs:
2023-10-03 19:20:37 +02:00
```{figure} diag/cryptographic_keypair.svg
---
---
2023-09-26 20:06:44 +02:00
An asymmetric cryptographic key pair
```
2023-09-28 16:02:30 +02:00
```{admonition} VISUAL
:class: warning
- Wiktor notes: red-green color-blindness affects 8,5% of the population.
- Heiko: maybe use colors + distinct shapes for the two key halves?
```
2023-09-29 19:01:22 +02:00
An asymmetric cryptographic key pair consists of a public and a private part. In this document, we'll show the public part of a key pair in green, and the private part in red.
Note that in many contexts, only the public part is present (more on that later):
```{figure} diag/keypair_pub.png
---
---
2023-09-26 20:06:44 +02:00
Only the public part of an asymmetric key pair
```
2023-09-28 17:53:56 +02:00
### Public-key cryptography in OpenPGP
OpenPGP makes heavy use of public-key cryptography, both for encryption and signing operations.
2023-09-29 19:01:22 +02:00
Note that, for historical reasons, the OpenPGP RFC and other documentation often use the non-standard term "secret key" instead of the more common "private key."
So in OpenPGP, the pair of terms "public/secret key" is sometimes used instead of the more common "public/private key."
2023-09-28 17:53:56 +02:00
2023-09-26 20:06:44 +02:00
### Cryptographic digital signatures
2023-09-28 17:53:56 +02:00
[Digital signatures](https://en.wikipedia.org/wiki/Digital_signature) are a mechanism that is based on asymmetric cryptography. With this mechanism, one actor can make a signature over a digital message, and another actor can check the validity of that signature.
2023-09-28 17:53:56 +02:00
The signer uses digital signatures to make statements about the message. Third parties can then inspect these statements.
2023-09-25 16:43:26 +02:00
2023-09-28 17:53:56 +02:00
```{admonition} VISUAL
:class: warning
- add visualization showing: message + private key + sign = signature -> message + signature + public key + verify = ok?
```
In OpenPGP, digital signatures are used in two different contexts:
- [Certification statements](certifications_chapter)
- [Signatures over data](signing_data)
2023-09-28 16:02:30 +02:00
(hybrid_cryptosystems)=
2023-09-26 20:06:44 +02:00
## Hybrid cryptosystems
2023-09-25 16:43:26 +02:00
2023-09-28 17:53:56 +02:00
[Hybrid cryptosystems](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) combine two cryptosystems and make use of their respective advantages:
- A public-key cryptosystem is used to safely handle shared secrets over insecure channels (in OpenPGP: so-called "session keys")
- A symmetric-key cryptosystem is used to efficiently encrypt and decrypt long messages (using an OpenPGP "session key" as the shared secret)