vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-02-17 01:26:29 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'origin/liw-ch3-tammi' into draft

Browse source 
# Conflicts:
#	book/source/03-cryptography.md
This commit is contained in:
Heiko Schaefer 2023-11-25 23:00:47 +01:00
commit 4f179701e3
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 11 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
book/source/03-cryptography.md
View file

@ -9,12 +9,12 @@ SPDX-License-Identifier: CC-BY-SA-4.0
(crypto-hash)=
## Cryptographic hash functions
[Cryptographic hash functions](https://en.wikipedia.org/wiki/Cryptographic_hash_function) take data strings of any length (like a text message or file) and output a fixed-size code, a "hash digest," which is often abbreviated as either "digest" or "hash." A hash digest acts like a unique identifier for the original data.
[Cryptographic hash functions](https://en.wikipedia.org/wiki/Cryptographic_hash_function) take data strings of any length (like a text message or file) and output a fixed-size code, a "hash digest," which is often abbreviated as either "digest" or "hash." A hash digest is also sometimes called a "(cryptographic) checksum." A hash digest acts like a unique identifier for the original data.
Here are two important properties of cryptographic hash functions:
Cryptographic hash functions have two important properties:
- ["Pre-image resistance"](https://en.wikipedia.org/wiki/Preimage_attack): Given a hash digest, it should be very difficult to determine the original data it represents.
- ["Collision resistance"](https://en.wikipedia.org/wiki/Collision_resistance): It should be very difficult to find two distinct pieces of data that map to the same hash digest.
- [**Pre-image resistance**](https://en.wikipedia.org/wiki/Preimage_attack): Given a hash digest, it should be very difficult to determine any data that matches this hash digest (including, but not limited to, the original data the hash represents). This property embodies the concept of a [one-way function](https://en.wikipedia.org/wiki/One-way_function) a calculation that is easy to perform, but very hard to reverse.
- [**Collision resistance**](https://en.wikipedia.org/wiki/Collision_resistance): It should be very difficult to find two distinct pieces of data that map to the same hash digest.
## Message authentication codes
@ -98,15 +98,15 @@ Throughout this document, we will frequently reference asymmetric cryptographic
An asymmetric cryptographic key pair
```
Each key pair comprises two parts: the public key and the private key. For ease of identification, we will depict the public key in green and the private key in red throughout this document.
Each key pair comprises two parts: the public key and the private key. For ease of identification in this documentation, the public key will be shown in green and the private key in red. Additionally, public keys are depicted with a solid border and pointing to the right, while private keys are shown with a dotted border and pointing to the left.
It's important to note that in many scenarios, only the public key is exposed or used (we will expand on these situations in subsequent sections):
It's important to note that in many scenarios, only the public key is exposed or used. These situations will be elaborated upon in subsequent sections of this document.
```{figure} diag/public_key.png
:name: fig-public-key
:alt: Depicts a box with white background and the title "Public part of an asymmetric keypair". In the box one key symbol with text next to it is shown. The key symbol is rendered using full green lines, points to the right hand side and has the accompanying text "Public key".
The public parts of an asymmetric key pair
The public part of an asymmetric key pair
```
### Usage and terminology in OpenPGP
@ -129,20 +129,12 @@ In OpenPGP, digital signatures have diverse applications, extending beyond mere
Digital signatures in OpenPGP are used in two primary contexts:
- [Certification statements](component_signatures_chapter)
- [Data signatures](signing_data)
- [Signatures on components](component_signatures_chapter)
(hybrid_cryptosystems)=
## Hybrid cryptosystems
## Hybrid cryptosystems in OpenPGP
OpenPGP uses a hybrid cryptosystem. [Hybrid cryptosystems](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) combine the use of symmetric and asymmetric (public-key) cryptography to capitalize on the strengths of each, namely symmetric cryptography's speed and efficiency and public-key cryptography's mechanism for secure key exchange.
[Hybrid cryptosystems](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) combine the use of symmetric and asymmetric (public-key) cryptography to capitalize on the strengths of each, namely symmetric cryptography's speed and efficiency and public-key cryptography's mechanism for secure key exchange.
```{admonition} TODO
:class: warning
Move this to the chapter that details it:
Within OpenPGP's hybrid system, so-called "session keys" are central. They are generated uniquely for each session and are instrumental in both encrypting and decrypting the actual message content, using the efficiency of symmetric-key cryptography.
Using asymmetric (public-key) cryptography, the session keys are also encrypted. This ensures that only the intended recipient, the holder of the corresponding private key, can decrypt and gain access to the session key. With the decrypted session key, they can then use the session key to decrypt the actual message.
```
OpenPGP uses a hybrid cryptosystem for encryption. This approach involves generating unique shared secrets, known as "session keys," for each session. For detailed information on this topic, please refer to the chapters {ref}`encryption_chapter` and {ref}`decryption_chapter`.