Various Cryptography Applications in Real World

AKHIL KABRA
Nov 8 · 5 min read

Does this alphabets make sense to you: AES, HMAC, ECDSA, RSA, SHA512, CA, PKCS8
Even if it doesn’t, you are using these on a day-to-day basis in securing your information!
Cryptography has been a science since the 1940s. But how does it fit into today’s modern world and, most importantly, how can it steer effective cyber security?

Various Applications of Cryptography include:

Whatsapp Encryption:

‘Whatsapp’ is currently one of the most popular mobile messaging software. It is available for different platforms such as Android, Windows Phone, and iPhone. ‘Whatsapp’ also enables users to make free calls with other users. In the latest version of ‘Whatsapp,’ the conversations and calls are “end-to-end” encrypted.

What does end-to-end encryption mean?
In end-to-end encryption, only the data is encrypted. The headers, trailers, and routing information are not encrypted. End-to-to end encryption in Whatsapp has been developed in collaboration with ‘Open Whisper Systems.’

End-to-end encryption makes sure that a message that is sent is received only by the intended recipient and none other. Whatsapp has ensured, that even “it” cannot read the messages making itself a very strong messaging platform. It also means that outsiders or third party individuals cannot snoop on conversations between intended recipients as well.

How is end-to-end encryption in Whatsapp implemented?
Whatsapp end-to-end encryption is implemented using asymmetric cryptography or public key systems. Recall, that in asymmetric encryption, when one key is used to encrypt (here, the public key), the other key is used to decrypt (here, the private key) the message.

Once ‘Whatsapp’ is installed on a user’s smartphone, the public keys of ‘Whatsapp’ clients are registered with the Whatsapp server. It is important to note here that the private key is not stored on Whatsapp servers.

Encrypted session between Whatsapp clients:
Once the client is registered, an encrypted session is created between two clients willing to take part in a conversation. A session needs to be re-created only when the device is changed or when the Whatsapp software is re-installed.

If for example, client1 wants to send a message to client 2, the public keys of the client2 are retrieved from the Whatsapp server, and this used to encrypt the message and send it to the client2. Client2 then decrypts the message with his own private key. “Once a session has been established, clients exchange messages that are protected with a Message Key using AES256 in CBC mode for encryption and HMAC-SHA256 for authentication”.

Digital signatures:

Having seen how encryption is implemented in Whatsapp, let us see the next practical application of cryptography — Digital signatures. Digital signatures are signatures applied digitally. They enforce the concepts of authentication, non-repudiation, and confidentiality. Wikipedia defines digital signatures the following way: “A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or documents.”

If you receive a message from me that I have encrypted with my private key and you are able to decrypt it using my public key, you should feel reasonably certain that the message did in fact come from me. If I think it necessary to keep the message secret, I may encrypt the message with my private key and then with your public key, that way only you can read the message, and you will know that the message came from me. The only requirement is that public keys are associated with their users by a trusted manner, for example a trusted directory. To address this weakness, the standards community has invented an object called a certificate. A certificate contains, the certificate issuer’s name, the name of the subject for whom the certificate is being issued, the public key of the subject, and some time stamps. You know the public key is good, because the certificate issuer has a certificate too

Electronic Money

The definition of electronic money (also called electronic cash or digital cash) is a term that is still evolving. It includes transactions carried out electronically with a net transfer of funds from one party to another, which may be either debit or credit and can be either anonymous or identified. There are both hardware and software implementations.

Encryption is used in electronic money schemes to protect conventional transaction data like account numbers and transaction amounts, digital signatures can replace handwritten signatures or a credit-card authorizations, and public-key encryption can provide confidentiality. There are several systems that cover this range of applications, from transactions mimicking conventional paper transactions with values of several dollars and up, to various micropayment schemes that batch extremely low cost transactions into amounts that will bear the overhead of encryption and clearing the bank.

Secure Web Browsing

Each time a user visits an e-commerce website or a Web-based email server13 such as Gmail or Hotmail, he or she does so through an encrypted connection. A protocol called TLS provides the encrypted connection. It uses authentication protocols based on asymmetric cryptography and signed certificates to verify that the server is the one whose name the user typed into the browser. It then uses public key encryption to negotiate a symmetric key for the browsing session and uses that symmetric key to encrypt the session traffic. Almost all Web browsers and servers support TLS or one of its predecessors, and many web servers have the public-key certificates necessary to support encrypted sessions.

Device Locking

Mobile devices and the data they contain are frequently protected by locking11 mechanisms that ensure, by default, that phone data is encrypted whenever the screen is locked and that only the user can unlock the phone and its contents. For phones, this combination of cryptographic passcode protection and full disk encryption was introduced as the default setting in Apple’s iOS 9 and Android’s Marshmallow system, although not all vendors of Android phones implement this encryption.

The impression you might get from this is that encryption is difficult to implement properly. This is correct, unfortunately! I encourage everyone to use encryption more

Various Applications of Cryptography in Real World

AKHIL KABRA

Written by

Akhil Kabra
Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade