Re: encryption

[Bennett Todd <bet () rahul net>]

2000-03-20-08:17:38 Simondon:
> I am looking for a key encryption system :
> - 1) to choose a key encryption method
> - 2) to find , if possible, a key server existant technology (domain
>      public)
> - 3) to find an encryption system
>
> Perhaps this mail group is not adapted for this kind of questions ?

Perhaps it's not, but I'll take a stab here. Please reply offline if
you'd like more details.

Very first thing, you should consider reading a book on this
stuff. In English, the basic text is Applied Cryptography, by Bruce
Schneier. I don't know if that text has been translated, or if there
are other recommended texts in other languages.

I'll try and give a quick overview of cryptography, but length
limits will guarantee that this is really superficial, that's
unavoidable.

First off, it's helpful to separate some different concepts, giving
them different names.

Encryption Algorithms are mathematical procedures. They fall into a
  few categories. Encryption algorithms use "keys", typically short
  strings or integers, to control a scrambling of the plaintext
  to produce an encrypted text. Without the key it's impossible
  to recover the plaintext from the encrypted text. Encryption
  algorithms in turn fall into two categories: symmetric (or "secret
  key") and assymetric (or "public key"). Symmetric key algorithms
  use the same key for encrypting and decrypting. DES, IDEA, and
  Blowfish are typical symmetric algorithms. Assymetric, or public
  key algorithms, help with the key distribution problem, since they
  use separate keys for encryption and decryption. A plaintext is
  encrypted with one key, and can only be decrypted with the other.
  So you can publish one key --- the "public key" --- and people can
  use that to send you secret documents. Assymetric algorithms are
  very, very slow, so people don't use them to actually handle bulk
  encryption of traffic; instead, they generate random keys
  ("session keys"), encrypt those keys with an assymetric algorithm,
  then use the session keys with another, symmetric algorithm to
  bulk encrypt the actual traffic. Assymetric algorithms include RSA
  and Diffie-Hellman.

  Another category of algorithm is a cryptographic hash function,
  such as MD5. A hash takes an arbitrary-length body of plaintext,
  and produces a sort of checksum. The feature that distinguishes a
  crypto hash is that it's impractical to generate a plaintext to
  match a given hash, so if you check such a hash, and you know
  nobody has been able to tamper with the hash, and the check
  passes, then you know nobody has tampered with the plaintext.
  These are used for digital signatures, among other things.

Encryption protocols are procedures for performing various
  interesting tasks, like e.g. sending secure email, signed email,
  or both; securing traffic over a network link (VPN); securing data
  in a filesystem; etc. Such protocols are built using Encryption
  Algorithms as the blocks. A protocol describes how the algorithms
  should be used. A sufficiently detailed protocol includes details
  about data structures and representations, at which point it can
  be used to implement multiple, interoperable versions of a
  program. Examples of such well-documented protocols include PGP
  and IPSEC.

Encryption Programs implement encryption protocols. Naturally, it's
  preferable to use programs that implement well-documented
  protocols, ideally ones with multiple implementations available;
  this protects you against defects in the protocol design, since
  such public protocols get particularly close scrutiny and
  analysis. By similar reasoning, it's generally preferred to use
  open source encryption programs in preference to closed source,
  proprietary programs, since the open source code can be reviewed
  by more people.

With that background, perhaps you can approach your question. What
do you want to accomplish with encryption? That will indicate what
protocols might be candidates, which will in turn guide the choice
of programs.

Popular protocols with good open source implementations include TLS
(nee SSL), used for secure web transactions (and other tasks, more
rarely); ssh, a good remote shell and file copy protocol; PGP, the
most widely-used email encryption standard; and IPSEC, the current
leading competitor for encrypting network links to create Virtual
Private Nets (VPNs).

Some of these can sometimes make use of key servers.

-Bennett

Attachment: _bin
Description: