Overview[1] [2]#
Encryption is the process of encoding Messages or data in such a way that only authorized parties have access.Encryption provides Confidentiality of the data within a provided context
In Encryption, a Cipher is applied to a Message which results in the encrypted Ciphertext
In an Encryption scheme, the Message or information, referred to as plaintext, is encrypted using a Cipher, generating Ciphertext that can only be read if decrypted.
For technical reasons, an Encryption scheme usually uses a pseudorandom number generator by an algorithm.
Although it is possible to decrypt the message without possessing the key, the process requires large computational resources and large time frames which make the decryption impractical.
An authorized recipient (Bob) can easily decrypt the message with the key provided by the originator (Alice) to recipients, but not to unauthorized interceptors (Eve)
Alice And Bob's Problem#
This is a User Story where Alice wants to send Bob a message and Eve is eavesdropping in the Communication. This is why there is Encryption.
Where:
- m = message in Plaintext
- c = Ciphertext
- Ke = Key
- E(Ke, m) is the Encryption Algorithm
- D(Ke, c) is the Decryption Algorithm
Bob needs two things to decrypt the Ciphertext:
- Key and
- Decryption Algorithm
Types Of Encryption#
There are two primary types of Encryption:Encryption Scheme#
An Encryption Scheme is defined for Encryption Encryption operations.Information security#
Encryption, by itself, can protect the confidentiality of data, but other techniques are still needed to protect the integrity and Non-Repudiation of a data. For Example verification might be performed by using of a Message Authentication Code (MAC) or a Digital Signature.Encryption Context#
A Cipher that like Caesar Cipher may have worked in Caesar's time but offers no Security with today's tools.More Information#
There might be more information for this subject on one of the following:- AES-GCM
- AS Exchange
- AWS CloudHSM
- Active Directory Functional Levels
- Asymmetric Key
- Asymmetric cipher
- Authenticated Encryption
- Authenticated Encryption with Associated Data
- Authenticated Protected Channel
- Authentication Center
- Authentication cookie
- Base64
- Best Practices Password
- Best Practices Remote Loader
- Best Practices for LDAP Security
- Block Cipher
- Block Cipher Mode
- Blowfish
- By-value
- CALG_RC4
- CBOR Object Signing and Encryption
- CTAP2
- Caesar Cipher
- Cell-Site Simulators
- Cellebrite
- Certificate
- Certificate Level Of Assurance
- Change_cipher_spec
- Cipher
- Cipher Block Chaining
- Cipher Suite
- Ciphertext
- Ciphertext stealing
- Client Secret
- Cloud Access Security Broker
- Cookie
- Credential Vault
- CryptoAPI
- Cryptographic Key
- DNS over TLS
- Data At Rest
- Data Encryption Standard
- Data In Process
- Data In Transit
- Data Leakage
- Data Network Cipher
- Data Protection
- Data anonymization
- DataEncipherment
- Decryption
- Deprecating Secure Sockets Layer Version 3.0
- Diffie-Hellman or RSA
- Digital Key
- Digital Signature
- Digital Signature Algorithm
- DirXML-NamedPasswords
- Domain Validated Certificate
- EMV Terms
- Elliptic Curve
- Enc
- Enciphered PIN
- Encrypt
- Encrypted
- Encrypted File Systems
- Encrypted Server Name Indication
- Encryption
- Encryption And Hashing
- Encryption Scheme
- Encryption for the Masses
- Encryption key
- End-to-end Encryption
- FAL 2
- FAL 3
- FAPI Pushed Request Object
- Federation Assurance Level
- Galois-Counter Mode
- Golden Ticket
- Google Cloud Security
- Google Cloud Storage
- Homomorphic Encryption
- How SSL-TLS Works
- Hybrid cryptosystem
- IMA Policies
- Id_token_encrypted_response_alg
- Id_token_encryption_enc_values_supported
- Identity Token
- Impersonation-resistant
- Internet Protocol Security
- JSON Web Encryption
- JSON Web Signature
- JWK Set
- Kerberos Authentication Service
- Kerberos Error Codes
- Kerberos Pre-Authentication
- Kerberos Service Account
- Key Deletion
- Key Encrypting Key
- Key Management Service
- Key Rotation
- Key wrapping
- Key-Exchange
- KeyEncipherment
- Known Cipher Suites
- LDAP Protocol dependencies
- LDAP Signing
- Law Enforcement Consideration
- Login_hint_token
- Master Secret
- Message Number
- Messaging Layer Security
- MsDS-SupportedEncryptionTypes
- NCP Primary Authentication Protocol
- NICITreeKeyProvider
- NMAS Result Codes
- NSA Suite B Cryptography
- Networking and Cryptography library
- OAuth 2.0 JWT Secured Authorization Request
- OAuth 2.0 Token Exchange Request
- OAuth Dynamic Client Registration Metadata
- OSI-Model
- Off-the-Record Messaging
- OpenPGP
- Opportunistic TLS
- Opportunistic encryption
- Organization Validated Certificate
- PKCS 1
- PKCS5
- Password Authentication
- Password Flow From Active Directory to eDirectory
- Password Spraying
- Password Validator
- Perfect Forward Secrecy
- Perl LDAPS and Certificates
- Plaintext
- Point-to-Point Protocol
- Poodle
- Premaster Secret
- Presentation Layer
- Privacy And Security Conflicts
- Public Key Algorithm
- Public Wi-Fi
- Public-Key Cryptography Standards
- Quick UDP Internet Connections
- RFC 2313
- RFC 3961
- RFC 3962
- RFC 7539
- RSA Cryptography
- RSA key-exchange
- Record Protocol
- Request_object_encryption_alg
- Request_object_encryption_alg_values_supported
- SAML V2.0
- SHA-1
- SSL Overhead
- Schannel SSP
- Secure MIME
- Secure Socket Layer
- Secure connection
- Security Domain Infrastructure
- Server Name Indication
- Session Key
- Shared Secret
- Sovrin
- Stream Cipher
- Subscriber Identification Module
- Substitution Cipher
- Symmetric Key Cryptography
- Symmetric cipher
- TLS Protocol Limitations
- TLS Session Resumption
- Telegram
- The Onion Router
- Token
- Token Storage
- Tokenization
- Triple DES
- Trust No One
- U-Prove
- USER_USE_AES_KEYS
- Universal Password
- User-Account-Control Attribute Values
- W3C Web Crypto API
- Web Authentication
- Web Blog_blogentry_011115_1
- Web Blog_blogentry_090418_1
- Web Blog_blogentry_130418_1
- Web Blog_blogentry_150617_1
- Web Blog_blogentry_170120_1
- Web Blog_blogentry_280717_1
- Web Blog_blogentry_310717_1
- Why Use Tokens
- Wi-Fi Protected Access 2
- XorEncryptXor
- Zero Trust
- [#1] - Encryption
- based on information obtained 2013-04-10
- [#2] - Cryptography Engineering: Design Principles and Practical Applications
- based on information obtained 2013-04-10