The following is an high level overview of Cryptography. I hope this post lays the foundation in your understanding of information travels securely across the internet.
Essentially, cryptography is the basis of how information travels securely across the World Wide Web. Both end-users, such as ourselves, and large corporations make use of cryptography in their everyday lives. From hashing, to asymmetric cryptography/symmetric cryptography, all forms of cryptography contribute to ensuring the CIA Triad of Information security. The “C”, which stands for Confidentiality, is upheld by asymmetric cryptography. The “I”, which stands for Integrity, is upheld by hashing, which makes sure that the file or message in question has not been tampered with. Lastly, the “A”, which stands for Availability, is upheld by symmetric encryption which ensures that users are who they said they are (authenticity) before making the message/file available to the user. Some common applications of cryptography include the use of digital certs, public/private key infrastructure and algorithms to encrypt data. Altogether, the many underrated moving parts of cryptography come together smoothly to successfully thwart the many threats that exist in the cyber community today.
Asymmetric Cryptography involves the use of both private and public keys. Just as the name implies, public key is made available to the public and used to encrypt messages to a specific person. Vice versa, the private key is kept a secret by the owner of the key. This combination is considered the principle of “asymmetric” cryptography because both of these keys are used in the encryption and decryption process. Either key can be used to encrypt a message or a file, while the other has to be used to decrypt the message. This type of encryption is known to be very cumbersome and very slow due to its high computational burden. Thus, it is most commonly used to protect payload data and information that is transferred across the internet. It includes transport protocols such as SSH, SSL and digital signatures. It is worth mentioning that one of the most common asymmetric encryption algorithms is RSA.
Symmetric Cryptography involves the use of keys to encrypt and decrypt information. In this instant, the same key is used to encrypt and decrypt a message or file. This type of encryption is much faster and is not as complex. However, It does require that all parties in communication know the same secret key that will be used to encrypt and decrypt. Common algorithms that use this method are DES, AES and RC4. AES can be found in certain types of VPNs while RC4 can be deployed on wireless networks as the base encryption used by WEP and WPA version 1.
More advanced cryptography solutions employ both symmetric and asymmetric encryption as well. Essentially two endpoints will use asymmetric encryption to communicate which type of key will be used to encrypt the actual message being sent over. When decided upon, the use of the agreed upon key to encrypt and decrypt, is symmetric cryptography. This type of logic is used between clients and web server communication.