Using a state of art cryptographic library, here we present the basic foundations of a robust cryptographic system.
Let’s start by describing two introductory concepts that are required before we start implementing.
Public Key Cryptography
The “Public Key Cryptography” is the cryptographic mechanism that allows the Internet to be secure.
Public-key cryptography, or asymmetric cryptography, is any cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. This accomplishes two functions: authentication, where the public key verifies that a holder of the paired private key sent the message, and encryption, where only the paired private key holder can decrypt the message encrypted with the public key.
Public-key cryptography - Wikipedia
Public-key cryptography, or asymmetric cryptography, is any cryptographic system that uses pairs of keys: public keys…
Example of systems using Public Key Cryptography:
NaCL & TweetNaCL.js
NaCl (pronounced “salt”) is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc. NaCl’s goal is to provide all of the core operations needed to build higher-level cryptographic tools.
NaCl was initiated under the CACE (Computer Aided Cryptography Engineering) project funded by the European Commission's…
The NaCL project is being lead by Daniel J.Bernstein, one of the most prominent Computer Scientists of our era.
NaCL is proven to be secure, as breaking every round of Salsa20 is theoretically more expensive than breaking correspondent AES rounds.
In the other hand Salsa20 was designed with speed in mind, offering great performance even under low speed CPUs. A more detailed explanation of Salsa20 speed is available here: https://cr.yp.to/snuffle/speed.pdf
TweetNaCl is the world’s first auditable high-security cryptographic library. TweetNaCl fits into just 100 tweets while supporting all 25 of the C NaCl functions used by applications. TweetNaCl is a self-contained public-domain C library, so it can easily be integrated into applications.
TweetNaCl is the world's first auditable high-security cryptographic library. TweetNaCl fits into just 100 tweets while…
Bob encrypts message for Alice
Alice decrypts message from Bob
Using pre-computed shared keys
For encryption/decryption sessions between peers, using pre-computed shared keys is recommended:
Maintaining the keys
A “Public Key Infrastructure” requires proper solutions for the maintenance and authentication of the users public key. While this process is out of scope in this article, a common solution consist on maintaining the users public key as part of their profile page and make it accessible to their contacts through a directory-like API.
Maintaining secret keys is a lot more complicated, as this is a very sensitive piece of information users want to keep in secret. Commonly this process is a user responsibility and somehow the applications implementing public-key cryptography are required to allow the users to enter their secret keys (never transmitting it to the server-side).
Secret keys are often stored using offline secure storage mechanisms or online, using strong symmetric encryption methods such as AES to protect the key. The second method simplifies the process of “injecting” the private key into the application(client-side decryption only), for instance: during the login phase.
Using XSalsa20 instead of RSA, CPU usage and battery consumption are reduced to historical minimums, while keeping strong
— a message for your apps ;)
Digital Signatures using TweetNaCL.js will be discussed on a second post in this serie: read it here.
As always, your feedback is appreciated!