Cryptography applications in real world

Praveen Talluri
Nov 7 · 5 min read

i. Authentication /Digital Signatures:-

Authentication and Digital signatures are signatures applied digitally. They enforce the concepts of authentication, non-repudiation, and confidentiality. Wikipedia defines digital signatures the following way: “A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or documents.”

  1. With the world being more technically tuned now, business transactions occurring all around the world are fairly common. Manually signing a document and transferring it to different locations is time-consuming. This time lag might not bode well for either the customer or the client. By digitally signing the documents, the business transaction will be completed on time.
  2. Consider another case when two parties are required to sign documents relating to a business transaction. The two parties might never have met each other and might not trust each other. Digital signatures thus ensure timeliness and authenticity of business transactions.

Implementing Digital Signatures:- Digital signature uses public key encryption. A digital signature is technically a “string of bits”. Let us assume that ‘A’ would like to send a “digitally signed” message to ‘B.’ Since a digital signature uses public key encryption, ‘A’ and ‘B’ will both have a public-private key pair. To create a digital signature and use it along with a message between two clients, the following steps are followed:

a) The message that has to be digitally signed is “hashed, ” and a few lines are generated which is known as “message digest.” “Hashing” is the process that is used to enforce data integrity. Hashing functions take the message and add a string value and convert it to another value (message digest). Hashing functions are one-way which means that the message digest cannot be re-converted back to the message.

b) The message digest is then encrypted by ‘A’s private key. This is “digital signature.”

c) The “digital signature” is now attached to the message and sent to ‘B.’

d) ‘B’ verifies the digital signature by decrypting the signature with his public key. This decryption results in a message digest.

e) ‘B’ also hashes the message which results in the message digest again. If both the message digests are the same, then ‘B’ can be sure that ‘A’ signed the message and had the message indeed.

The encryption algorithm employed in digital signatures ensures confidentiality. The hashing algorithm ensures data integrity in digital signatures. Digitally signing the documents makes sure that the message or document is authenticated. It also enforces non-repudiation.

ii. HTTP SECURE:-

  1. HTTP is ‘Hypertext transfer protocol’ is a protocol responsible for communicating on the Internet. It is the fundamental block of the World Wide Web. HTTP is a stateless protocol since the server forgets the client once the transaction is over.
  2. HTTPS, on the other hand, is HTTP running on top of SSL (Secure Sockets Layer) Most of our day to day transactions like shopping or bill payments are done online. This results in critical and vital data like credit card numbers and bank account numbers being sent online. This crucial data cannot fall into the wrong hands which might be used for malicious purposes.
  3. This creates an absolute necessity that the communication between the server and client be secure. SSL ensures this secure channel of communication using cryptography. Most users are assured of the SSL guarantee by seeing the “padlock” on the left part of the address bar along with the “https” instead of “http.”

How SSL is implemented ?

SSL is one practical application of cryptography that makes use of both symmetric and asymmetric encryption. SSL makes use of asymmetric public-private key pair and ‘symmetric session keys.’ A ‘session key’ is a one- time use symmetric key which is used for encryption and decryption. They are randomly chosen and are used only for any particular session.

  1. For the server and client to engage in a secure conversation, an ‘SSL certificate’ needs to be created and verified by the Certificate Authority (CA).
  2. The browser next indicates that it would like to start a conversation with a secure server.
  3. The server sends its SSL certificate along with the server’s asymmetric public key.
  4. If the browser trusts the certificate, it encrypts the just created ‘symmetric session key’ with the server’s asymmetric public key and sends it back to the server.
  5. The server decrypts the symmetric session key with its own asymmetric private key.
  6. This decrypted session key is then used for creating a secure means of communication between the server and client.

It should be noted that both the client and server must enable SSL to secure communication between them. SSL works only by encrypting the communication and does not secure data once it has been delivered.

iii. Pretty Good Privacy(PGP) in e-mail compatibility:-

  1. PGP is a software package originally developed by “Phil Zimmerman” that provides encryption and authentication for e-mail and file storage applications. Zimmerman developed his freeware program using existing encryption techniques, and made it available on multiple platforms.
  2. It provides message encryption, digital signatures, data compression, and e-mail compatibility.
  3. PGP uses RSA for key transport and IDEA for bulk encryption of messages. Zimmerman ran into legal problems with RSA over his use of the RSA algorithm in his program.

iv. Encryption in Whatsapp:-

  1. ‘ Whatsapp’ is currently one of the most popular mobile messaging software. It is available for different platforms such as Android, Windows Phone, and iPhone.
  2. ‘Whatsapp’ also enables users to make free calls with other users. In the latest version of ‘Whatsapp,’ the conversations and calls are “end-to-end” encrypted.

What does end-to-end encryption mean?

  1. In end-to-end encryption, only the data is encrypted. The headers, trailers, and routing information are not encrypted. end-to-to end encryption in Whatsapp has been developed in collaboration with ‘Open Whisper Systems.’
  2. End-to-end encryption makes sure that a message that is sent is received only by the intended recipient and none other. Whatsapp has ensured, that even “it” cannot read the messages bolstering a very strong messaging platform.
  3. It also means that outsiders or third party individuals cannot snoop on conversations between intended recipients as well.

How is end-to-end encryption in Whatsapp implemented?

  1. Whatsapp end-to-end encryption is implemented using asymmetric cryptography or public key systems. Recall, that in asymmetric encryption, when one key is used to encrypt (here, the public key), the other key is used to decrypt (here, the private key) the message.
  2. Once ‘Whatsapp’ is installed on a user’s smartphone, the public keys of ‘Whatsapp’ clients are registered with the Whatsapp server. It is important to note here that the private key is not stored on Whatsapp servers.

Encrypted session between Whatsapp clients?

  1. Once the client is registered, an encrypted session is created between two clients willing to take part in a conversation. A session needs to be re-created only when the device is changed or when the Whatsapp software is re-installed.
  2. If for example, client1 wants to send a message to client 2, the public keys of the client2 are retrieved from the Whatsapp server, and this used to encrypt the message and send it to the client2. Client2 then decrypts the message with his own private key.
  3. “Once a session has been established, clients exchange messages that are protected with a Message Key using AES256 in CBC mode for encryption and HMAC-SHA256 for authentication”.