Public Key Cryptography Basics

Consider the following scenario from everyday life. Let’s say you are meeting a business partner over coffee and discussing somewhat confidential business plans. Let’s break down the meeting from the security perspective.

• You can see and hear the other person. Consequently, it is easy to be sure of their identity. That’s authentication, i.e., you are confirming the identity of who you are talking with.
• You can also confirm that what you are “hearing” is coming from your business partner. You can tell what words and sentences are coming from your business partner and what is coming from others. That’s authenticity, i.e., you verify that the message genuinely comes from a specific sender. Moreover, you know that what they are saying is reaching you, and there is no chance of anything changing the other party’s words across the table. That’s integrity, i.e., ensuring that the data has not been altered or tampered with.
• Finally, you can pick a seat away from the other customers and keep your voice low so that only your business partner can hear you. That’s confidentiality, i.e., only the authorised parties can access the data.

Let’s quickly compare this with correspondence in the cyber realm. When someone sends you a text message, how can you be sure they are who they claim to be? How can you be sure that nothing changed the text as it travelled across various network links? When you are communicating with your business partner over an online messaging platform, you need to be sure of the following:

• Authentication: You want to be sure you communicate with the right person, not someone else pretending.
• Authenticity: You can verify that the information comes from the claimed source.
• Integrity: You must ensure that no one changes the data you exchange.
• Confidentiality: You want to prevent an unauthorised party from eavesdropping on your conversations.

Cryptography can provide solutions to satisfy the above requirements, among many others. Private key cryptography, i.e., symmetric encryption, mainly protects confidentiality. However, public key cryptography, i.e., asymmetric cryptography, plays a significant role in authentication, authenticity, and integrity. This room will show various examples of how public key cryptography achieves that.

Learning Prerequisites

This room is the second of three introductory rooms about cryptography. Before starting this room, ensure you have finished the first one on the list.

• Cryptography Basics
• Public Key Cryptography Basics (this room)
  
• Hashing Basics

Learning Objectives

In this room, we will cover various asymmetric cryptosystems and applications that use them, such as:

• RSA
• Diffie-Hellman
• SSH
• SSL/TLS Certificates
• PGP and GPG

First, let’s start the Virtual Machine by pressing the Start Machine button below.

The machine will start in Split-Screen view. In case the VM is not visible, use the blue Show Split View button at the top of the page.

You can also access the virtual machine using SSH at the IP address MACHINE_IP using the following credentials:

• Username: user
• Password: Tryhackme123!