mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-23 08:02:05 +01:00
ch3: Flesh out more of the text
This commit is contained in:
parent
a35573c5a7
commit
d4306da504
1 changed files with 33 additions and 18 deletions
|
@ -1,19 +1,16 @@
|
|||
(cyrptography_chapter)=
|
||||
# Cryptographic concepts/terms
|
||||
|
||||
```{admonition} TODO
|
||||
```{admonition} VISUAL
|
||||
:class: warning
|
||||
|
||||
- Introduce cryptographic primitives/terms at a very superficial level
|
||||
- Introduce visualizations for cryptographic primitives
|
||||
- Show example visualizations for operations? (encrypt/decrypt and signing/verification - only if we're going to reuse the visual primitives later)
|
||||
```
|
||||
|
||||
## (Cryptographic) hash functions
|
||||
|
||||
https://en.wikipedia.org/wiki/Cryptographic_hash_function
|
||||
|
||||
Note: hashes are sometimes called "digests".
|
||||
[(Cryptographic) hash functions](https://en.wikipedia.org/wiki/Cryptographic_hash_function) map binary data of arbitrary length to a fixed size "hash" (hashes are also sometimes called "digests").
|
||||
|
||||
## Symmetric-key cryptography
|
||||
|
||||
|
@ -21,29 +18,29 @@ Note: hashes are sometimes called "digests".
|
|||
|
||||
Participants in symmetric-key operations need to exchange the shared secret over a secure channel.
|
||||
|
||||
```{admonition} TODO
|
||||
```{admonition} VISUAL
|
||||
:class: warning
|
||||
|
||||
- visualization? (maybe a black key icon, following wikipedia's example?)
|
||||
```
|
||||
|
||||
Symmetric-key cryptography is much faster than public-key cryptography. Also, unlike traditional public-key mechanisms, symmetric-key cryptography is quantum-resistant.
|
||||
Symmetric-key cryptography is much faster than public-key cryptography. Also, most current symmetric cryptographic algorithms are considered quantum-resistant.
|
||||
|
||||
So there is a trade-off: Symmetric-key has major benefits, but exchanging the shared secret is a problem that needs to be solved separately. [Hybrid cryptosystems](hybrid_cryptosystems) are one common approach.
|
||||
So symmetric-key cryptography has major benefits, but exchanging the shared secret is a problem that needs to be solved separately.
|
||||
|
||||
[Hybrid cryptosystems](hybrid_cryptosystems) are one common approach to leverage the benefits of symmetric-key cryptography, while handling the shared secret with a separate mechanism (using public-key cryptography).
|
||||
|
||||
### Symmetric-key cryptography in OpenPGP
|
||||
|
||||
Symmetric cryptography is used in OpenPGP as part of a [hybrid cryptosystem](https://en.wikipedia.org/wiki/Hybrid_cryptosystem).
|
||||
Symmetric cryptography is used in OpenPGP (as part of a hybrid cryptosystem).
|
||||
|
||||
Where symmetric keys are used in OpenPGP, they are referred to as "session keys."
|
||||
|
||||
### Authenticated encryption with associated data (AEAD)
|
||||
|
||||
```{admonition} TODO
|
||||
:class: warning
|
||||
[Authenticated encryption](https://en.wikipedia.org/wiki/Authenticated_encryption) is a class of cryptographic schemes that gives additional guarantees besides confidentiality.
|
||||
|
||||
- AEAD solves the problem of malleability.
|
||||
```
|
||||
In OpenPGP version 6, AEAD is used to solve the problem of "malleability": In past versions of the OpenPGP protocol, some malicious changes to ciphertext were undetectable. With AEAD undetected changes of ciphertext are not possible.
|
||||
|
||||
## Public-key, or asymmetric cryptography
|
||||
|
||||
|
@ -87,15 +84,33 @@ Note that in many contexts, only the public part is present (more on that later)
|
|||
Only the public part of an asymmetric key pair
|
||||
```
|
||||
|
||||
### Cryptographic digital signatures
|
||||
|
||||
### Public-key cryptography in OpenPGP
|
||||
|
||||
OpenPGP makes heavy use of public-key cryptography.
|
||||
OpenPGP makes heavy use of public-key cryptography, both for encryption and signing operations.
|
||||
|
||||
Note that, for historical reasons, OpenPGP often uses the terms "public/secret" instead of "public/private." The OpenPGP RFC and other documentation often use the non-standard term "secret key" instead of the more common "private key."
|
||||
Note that, for historical reasons, OpenPGP often uses the terms "public/secret key" instead of "public/private key." The OpenPGP RFC and other documentation often use the non-standard term "secret key" instead of the more common "private key."
|
||||
|
||||
### Cryptographic digital signatures
|
||||
|
||||
[Digital signatures](https://en.wikipedia.org/wiki/Digital_signature) are a mechanism that is based on asymmetric cryptography. With this mechanism, one actor can make a signature over a digital message, and another actor can check the validity of that signature.
|
||||
|
||||
The signer uses digital signatures to make statements about the message. Third parties can then inspect these statements.
|
||||
|
||||
```{admonition} VISUAL
|
||||
:class: warning
|
||||
|
||||
- add visualization showing: message + private key + sign = signature -> message + signature + public key + verify = ok?
|
||||
```
|
||||
|
||||
In OpenPGP, digital signatures are used in two different contexts:
|
||||
|
||||
- [Certification statements](certifications_chapter)
|
||||
- [Signatures over data](signing_data)
|
||||
|
||||
(hybrid_cryptosystems)=
|
||||
## Hybrid cryptosystems
|
||||
|
||||
[Hybrid cryptosystems](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) combine public-key cryptosystems with symmetric-key cryptosystems in a way that makes use of their respective advantages.
|
||||
[Hybrid cryptosystems](https://en.wikipedia.org/wiki/Hybrid_cryptosystem) combine two cryptosystems and make use of their respective advantages:
|
||||
|
||||
- A public-key cryptosystem is used to safely handle shared secrets over insecure channels (in OpenPGP: so-called "session keys")
|
||||
- A symmetric-key cryptosystem is used to efficiently encrypt and decrypt long messages (using an OpenPGP "session key" as the shared secret)
|
||||
|
|
Loading…
Reference in a new issue