jmarya/knowledge
jmarya/knowledge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

rename crypto

Browse source
This commit is contained in:
JMARyA 2024-02-06 08:12:49 +01:00
parent 6c43633a3e
commit 1d1b1f10af
Signed by: jmarya
GPG key ID: 901B2ADDF27C2263
11 changed files with 26 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

71
technology/cryptography/AES.md Normal file
View file

@ -0,0 +1,71 @@
---
obj: concept
---
# AES
The Advanced Encryption Standard (AES) is a widely adopted symmetric encryption algorithm used to secure sensitive data. It was established as a standard by the U.S. National Institute of Standards and Technology (NIST) in 2001, following a public competition to select a successor to the Data Encryption Standard (DES). AES is known for its efficiency, security, and versatility, making it a popular choice for various applications, including data encryption, secure communications, and cryptographic protocols.
## Key Features
### 1. **Symmetric Encryption**
AES is a symmetric encryption algorithm, meaning the same key is used for both encryption and decryption. This key is kept secret between the communicating parties.
### 2. **Block Cipher**
AES operates on fixed-size blocks of data, encrypting and decrypting data in blocks of 128 bits. It supports key sizes of 128, 192, or 256 bits.
### 3. **Key Expansion**
The key expansion process in AES generates a set of round keys derived from the original key. These round keys are used in the multiple rounds of encryption and provide a high level of security.
### 4. **Rounds of Encryption**
AES performs a series of transformations known as rounds. The number of rounds depends on the key size: 10 rounds for a 128-bit key, 12 rounds for a 192-bit key, and 14 rounds for a 256-bit key.
### 5. **Substitution-Permutation Network (SPN) Structure**
AES employs an SPN structure, combining substitution (replacing each byte with another) and permutation (rearranging bytes) operations to achieve confusion and diffusion, enhancing the algorithm's security.
## Encryption Process
1. **Key Expansion:** Generate a set of round keys from the original key.
2. **Initial Round:** Add the initial round key to the plaintext.
3. **Main Rounds:** Perform a series of substitution, permutation, and mixing operations for the specified number of rounds.
4. **Final Round:** The final round excludes the mixing operation.
5. **Output:** The result is the ciphertext.
## Decryption Process
1. **Key Expansion:** Generate the round keys from the original key.
2. **Initial Round:** Add the initial round key to the ciphertext.
3. **Main Rounds:** Perform the inverse operations of the encryption process in reverse order.
4. **Final Round:** The final round excludes the mixing operation.
5. **Output:** The result is the decrypted plaintext.
## Strengths of AES
- **Security:** AES has withstood extensive cryptanalysis and is considered highly secure when implemented correctly.
- **Efficiency:** It is computationally efficient and well-suited for both hardware and software implementations.
- **Versatility:** AES is used in various applications, including securing data at rest, data in transit, and cryptographic protocols like TLS.
## Variants of AES
- **AES-128:** Uses a 128-bit key and 10 rounds of encryption.
- **AES-192:** Uses a 192-bit key and 12 rounds of encryption.
- **AES-256:** Uses a 256-bit key and 14 rounds of encryption.
## Usage
One can use AES with [OpenSSL](OpenSSL.md) or [GPG](GPG.md):
### OpenSSL
Encrypt:
```shell
openssl enc -aes-256-cbc -salt -in plaintext.txt -out encrypted_file.enc
```
Decrypt:
```shell
openssl enc -aes-256-cbc -d -in encrypted_file.enc -out decrypted_file.txt
```
### GnuPG
Encrypt:
```shell
gpg -c --cipher-algo AES256 file.txt
```
Decrypt:
```shell
gpg -d file.txt.gpg -o decrypted_file.txt
```

17
technology/cryptography/Cryptography.md Normal file
View file

@ -0,0 +1,17 @@
---
obj: concept
---
# Cryptography
Cryptography is the science and art of securing communication and information through the use of mathematical techniques and algorithms. It plays a crucial role in ensuring confidentiality, integrity, and authenticity of data in various applications, including communication systems, financial transactions, and information storage.
## Cryptographic Algorithms
### 1. **Symmetric-Key Algorithms**
Symmetric-key algorithms use the same key for both encryption and decryption. They are efficient and fast, making them suitable for bulk data encryption. See [AES](AES.md).
### 2. **Asymmetric-Key Algorithms**
Asymmetric-key algorithms use a pair of public and private keys. The public key is shared openly, while the private key is kept secret. Data encrypted with the public key can only be decrypted with the corresponding private key, and vice versa. See [RSA](RSA.md).
### 3. **Hash Functions**
Hash functions take input data and produce a fixed-size hash value, typically a string of characters. They are fundamental for data integrity verification. See [SHA](SHA.md).

67
technology/cryptography/GPG.md Normal file
View file

@ -0,0 +1,67 @@
---
aliases: ["PGP", "GnuPG", "OpenPGP"]
website: https://www.gnupg.org/
obj: application
---
# GPG
gpg is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a tool to provide digital encryption and signing services using the OpenPGP standard. gpg features complete key management and all the bells and whistles you would expect from a full OpenPGP implementation.
## Commands
**Sign:**
```shell
gpg --sign
gpg -s
gpg --clear-sign # Sign with clear text
```
**Encrypt:**
```shell
gpg --encrypt
gpg -e
```
**Symmetric Encryption:**
```shell
gpg --symmetric
gpg -c
```
**Decrypt:**
```shell
gpg --decrypt
gpg -d
```
**Verify:**
```shell
gpg --verify
```
## Keys
**List keys:**
```shell
gpg --list-keys
gpg -k # List public keys
gpg -K # List private keys
```
**Generate key:**
```shell
gpg --generate-key
```
**Import & export keys:**
```shell
gpg --export
gpg --import
```
**Key selection:**
```shell
-r, --recipient KEY # Encrypt for key
-u, --local-user KEY # Use this key
```

141
technology/cryptography/OpenSSL.md Normal file
View file

@ -0,0 +1,141 @@
---
website:
- https://www.openssl.org
- https://www.libressl.org
obj: application
---
# OpenSSL
OpenSSL is a [cryptography](Cryptography.md) toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) network protocols and related [cryptography](Cryptography.md) standards required by them.
The openssl program is a command line program for using the various [cryptography](Cryptography.md) functions of OpenSSL's crypto library from the [shell](cli/Shell.md). It can be used for:
- Creation and management of private keys, public keys and parameters
- Public key cryptographic operations
- Creation of X.509 certificates, CSRs and CRLs
- Calculation of Message Digests and Message Authentication Codes
- Encryption and Decryption with Ciphers
- SSL/TLS Client and Server Tests
- Handling of S/MIME signed or encrypted mail
- Timestamp requests, generation and verification
## Usage
```shell
openssl [command] [options]
```
### Certificates (`openssl req`, `openssl x509`)
#### Generate a certificate
Usage: `openssl req -x509 -key private_key.pem -out certificate.pem -days 365`
#### Generate a signed certificate
```shell
# Create Certificate Request
openssl req -new -key entity.key -out entity.csr
# Sign with CA
openssl x509 -req -in entity.csr -CA ca.crt -CAkey ca.key -out entity.crt -CAcreateserial
```
#### Show information about a certificate
Usage: `openssl x509 -in certificate.pem -text -noout`
### Digest (`openssl dgst`)
Use digest (hash) functions. (Use `openssl dgst -list` for a list of all available digests)
Usage: `openssl dgst [options] [file]`
#### Options
| Option | Description |
| ------------- | ----------------------------------- |
| `-c` | Print digest with seperating colons |
| `-r` | Print digest in coreutils format |
| `-out <file>` | Output to filename |
| `-hex` | Output as hex |
| `-binary` | Output in binary |
| `-<digest>` | Use \<digest> |
### Encryption (`openssl enc`)
Encrypt and decrypt using ciphers (Use `openssl enc -ciphers` for a list of all available ciphers)
Usage: `openssl enc [options]`
#### Options
| Option | Description |
| --------------- | ----------------------------------------------- |
| `-e` | Do Encryption |
| `-d` | Do Decryption |
| `-<cipher>` | Use \<cipher> |
| `-in <input>` | Input file |
| `-k <val>` | Passphrase |
| `-kfile <file>` | Read passphrase from file |
| `-out <output>` | Output file |
| `-a, -base64` | [Base64](../files/Base64.md) decode/encode data |
| `-pbkdf2` | Use password-based key derivation function 2 |
| `-iter <num>` | Change iterations of `-pbkdf2` |
### [RSA](RSA.md) (`openssl genrsa`, `openssl rsa`, `openssl pkeyutl`)
#### Generate [RSA](RSA.md) Private Key (`openssl genrsa`)
```shell
openssl genrsa -out <keyfile> [-<cipher>] [-verbose] [-quiet] <numbits>
```
The `-<cipher>` option lets you protect the key with a password using the specified cipher algo (See `openssl enc -ciphers` for a list of available ciphers).
#### Generate [RSA](RSA.md) Public Key (`openssl rsa`)
```shell
openssl rsa -pubout -in <privatekey> [-passin file:<password_file>] -out <publickey>
```
#### Working with [RSA](RSA.md) (`openssl pkeyutl`)
```shell
# Sign with Private Key
openssl pkeyutl -sign -in <input> -inkey <private_key> [-passin file:<password_file>] -out <output> [-digest algo]
# Verify with Public Key
openssl pkeyutl -verify -in <input> -pubin -inkey <public_key> -sigfile <signature_file>
# Encrypt with Public Key
openssl pkeyutl -encrypt -pubin -inkey <public_key> -in <input> -out <output>
# Decrypt with Private Key
openssl pkeyutl -decrypt -inkey <private_key> [-passin file:<password_file>] -in <input> -out <output>
```
### Password Hash (`openssl passwd`)
Generate hashed passwords
Usage: `openssl passwd [options] [password]`
### Options
| Option | Description |
| ------------ | ------------------------------------------------ |
| `-in infile` | Read passwords from file |
| `-noverify` | Never verify when reading password from terminal |
| `-stdin` | Read passwords from stdin |
| `-salt val` | Use provided salt |
| `-6` | SHA512-based password algorithm |
| `-5` | SHA256-based password algorithm |
| `-apr1` | MD5-based password algorithm, Apache variant |
| `-1` | MD5-based password algorithm |
| `-aixmd5` | AIX MD5-based password algorithm |
### Prime Numbers (`openssl prime`)
Generate and verify prime numbers
Usage: `openssl prime [options] [num]`
#### Options
| Option | Description |
| ------------ | ------------------------------------------------- |
| `-bits +int` | Size of number in bits |
| `-hex` | Hex output |
| `-generate` | Generate a prime |
| `-safe` | When used with `-generate`, generate a safe prime |
### Random Data (`openssl rand`)
Generate random data.
Usage: `openssl rand [options] num`
#### Options
| Option | Description |
| -------------- | ------------------------------------------------------- |
| `-out outfile` | Output file |
| `-base64` | [Base64](../files/Base64.md) encode output |
| `-hex` | Hex encode output |
| `-rand val` | Load the given file(s) into the random number generator |

63
technology/cryptography/RSA.md Normal file
View file

@ -0,0 +1,63 @@
---
obj: concept
---
# RSA
RSA (Rivest-Shamir-Adleman) is a widely used asymmetric encryption algorithm that enables secure communication and digital signatures. Named after its inventors, Ron Rivest, Adi Shamir, and Leonard Adleman, RSA relies on the mathematical properties of large prime numbers for its security.
## Key Concepts
### 1. **Asymmetric Encryption**
RSA is an asymmetric algorithm, meaning it uses a pair of keys: a public key for encryption and a private key for decryption. The public key is widely distributed, while the private key is kept secret.
### 2. **Key Generation**
- **Key Pair:** The RSA key pair consists of a public key and a corresponding private key.
- **Public Key:** Composed of a modulus $N$ and an exponent $e$.
- **Private Key:** Composed of the same modulus $N$ and a private exponent $d$.
- **Key Generation Process:**
1. Select two large prime numbers, $p$ and $q$.
2. Compute $N = pq$.
3. Compute $ϕ(N) = (p - 1)(q - 1)$.
4. Choose $e$ such that $1 < e < ϕ(N)$ and $e$ is coprime to $ϕ(N)$.
5. Calculate $d$ as the modular multiplicative inverse of $e$ modulo $ϕ(N)$.
6. The public key is $(N, e)$ and the private key is $(N, d)$.
### 3. **Encryption and Decryption**
- **Encryption:** Given the public key $(N,e)$, a plaintext message $M$ is encrypted as $C = M^e \mod N$.
- **Decryption:** Using the private key $(N,d)$, the ciphertext $C$ is decrypted as $M = C^d \mod N$.
### 4. **Digital Signatures**
RSA is commonly used for digital signatures to verify the authenticity and integrity of messages. The sender signs a message with their private key, and the recipient can verify the signature using the sender's public key.
## Security Considerations
- The security of RSA relies on the difficulty of factoring the product of two large prime numbers $(N = porque)$.
- The key length is crucial for security; longer keys provide higher security but may be computationally more expensive.
## Using RSA in Practice
Using RSA can be done either with [OpenSSL](OpenSSL.md) or [GPG](GPG.md).
### 1. **Key Generation:**
```shell
# Generate a 2048-bit RSA private key
openssl genpkey -algorithm RSA -out private_key.pem -aes256
# Derive the corresponding public key
openssl rsa -pubout -in private_key.pem -out public_key.pem
```
### 2. **Encryption and Decryption:**
```shell
# Encrypt a message with the public key
openssl rsautl -encrypt -in plaintext.txt -out ciphertext.enc -pubin -inkey public_key.pem
# Decrypt the ciphertext with the private key
openssl rsautl -decrypt -in ciphertext.enc -out decrypted.txt -inkey private_key.pem
```
### 3. **Digital Signatures:**
```shell
# Sign a message with the private key
openssl dgst -sha256 -sign private_key.pem -out signature.bin message.txt
# Verify the signature with the public key
openssl dgst -sha256 -verify public_key.pem -signature signature.bin message.txt
```

17
technology/cryptography/SHA.md Normal file
View file

@ -0,0 +1,17 @@
---
obj: concept
---
# SHA
SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the MerkleDamgård construction, from a one-way compression function itself built using the DaviesMeyer structure from a specialized block cipher.
SHA-2 includes significant changes from its predecessor, SHA-1. The SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256. SHA-256 and SHA-512 are novel hash functions computed with eight 32-bit and 64-bit words, respectively. They use different shift amounts and additive constants, but their structures are otherwise virtually identical, differing only in the number of rounds. SHA-224 and SHA-384 are truncated versions of SHA-256 and SHA-512 respectively, computed with different initial values. SHA-512/224 and SHA-512/256 are also truncated versions of SHA-512, but the initial values are generated using the method described in Federal Information Processing Standards (FIPS) PUB 180-4.
SHA has libraries for many programming languages and can be used with [OpenSSL](OpenSSL.md) or the `shasum` command.
## Purpose
Hash functions play a crucial role in [cryptography](Cryptography.md) and information security. They take an input (or message) and produce a fixed-size string of characters, which is typically a digest or hash value. The primary purposes of SHA hash functions include:
1. **Data Integrity**: Hash functions ensure the integrity of data by generating a unique hash value for a given input. Any change in the input data will result in a completely different hash, making it easy to detect alterations.
2. **Digital Signatures**: SHA is often used in conjunction with digital signatures to create a secure and verifiable way of confirming the origin and integrity of a message or document.
3. **Password Storage**: Hash functions are employed to store passwords securely. Instead of storing the actual password, systems store the hash of the password, making it more challenging for attackers to obtain the original passwords.