Asymmetric encryption in practice
Greetings to you habravchane!
Security issues are the weak point of most of us. It is unpleasant for all of us to encounter and, all the more so, lose something valuable because of an accidental mouse click. And that is why I decided to share the found materials with you.
In an effort to dispel the most frequently asked question - why will they attack me? Who needs me? - we will start the article with him.
')
It should be borne in mind that not only man can attack you. This can be done, for example, by a bot.
Each of us is connected to the ISP. And most likely, attacks are launched on him literally every day. Have you noticed the spam section in your email? In every such letter there is potentially a phishing attack. This attack is not personally on you. This is a large-scale attack, aimed at a wide range of people. We are potentially victims.
Most often their goal is money. How can they get them?
For example, use your computer as a web server, steal your content, produce email attacks, work in a botnet, steal accounts, and extort attacks. Yes, and email account is potentially an important thing, because we all often use the same password on several services.
Time is expensive, and we want to spend as little time as possible on issues related to security.
And so the first thing to do is to answer a few questions for yourself:
Well, for example, laptop theft. Yes, it hurts and sad. But how can this threaten you?
This may be the loss of data to enter the social network. This may be confidential information received during work. Or maybe it's personal photos.
OK, we decided on what we need to protect. The next step is to choose a protection method.
Yes, of course, there are many attacks in the world and it is simply impossible to defend against everyone.
Therefore, we consider one of the most effective tools - encryption.
To make the right choice in the field of security, you need to understand what encryption is. You don't need to know hardcore math. Enough to understand at a basic level. This is one of the best and indispensable tools in our arsenal.
Encryption is a method of converting data readable by humans into a form that a person cannot read. Due to this, the data remain confidential and private.
Decryption is the reverse operation. Convert unreadable data to readable.
Okay, where does this apply? In fact, in many places. For example, did you pay attention to the “https” protocol? It is due to it that your data cannot be intercepted by the 3rd person during your climbing on the Internet. I will explain in more detail. You go to the site " www.google.com ", make any request. At the same time, all the data that is needed to display the output of the results are transmitted using the “https” protocol. So, if any person decides to view data about your traffic (attack Man In the Middle), then he will see only that you are logged on to Google. In addition, he will receive a lot of encrypted packets. That is, it can be said that he will not receive anything.
But back to the basic theory. The encryption process involves 2 main components - an algorithm and a key.
The algorithm is in some sense a lock that allows you to keep your data secret. Due to it, the text is converted.
The key is forgive the tautology, the key to the lock. A piece of unique data with which the text is converted
Hmm, good. We go further. Slightly increase the voltage.
How else can we use encryption for our own selfish purposes? For ease of understanding, we consider the archive encryption. When archiving, many archivers have the ability to set a password. In this case, the archiver uses some kind of encryption algorithm. And most often it is a symmetric algorithm.
Symmetric encryption algorithm - an algorithm that uses the same key for encryption and decryption. A striking and simple example would be Caesar’s cipher.
All the work of this algorithm is to change the symbol to another with a certain step.
For example, at an offset of 5 characters, the character that stands in the first position is replaced by the character 6 position and so on.
The most robust at the moment is the AES (Advanced Encryption Standard) algorithm.
It is worth mentioning one more thing - the power of the password. Password strength is measured in bits. One of the most common solutions is 128 or 256 bits. This is the number of bits that will be allocated to the password. This number also means the number of passwords you can get with this encryption algorithm. But the longer the key, the slower the process of encryption or decryption.
And so, we encrypted the letter, but how to send it to our friend? Send in social. networks or text message - not the best idea. Like talking it on the phone.
And this leads us to a new type of encryption.
In asymmetric encryption uses 2 keys - open and closed (secret).
The public key is for encryption, the private key is for decryption.
What algorithms allow you to use this technology?
Here is a list:
Pluses of asymmetric algorithms:
Minuses:
3) Now the most time-consuming part is the choice of the exponent and an arbitrary coefficient.
The fact is that with the chosen coefficients, the value of “d” should be integer. "D" - the necessary component of the algorithm
e = 5
k = 9
d = (k * f + 1) / e
Now our public key (for encrypting a message) consists of the values ​​of the variables “e” and “n”, and the private key (for decryption) of the values ​​“d” and “n”.
That is, in our case ...
Then the message is encrypted using the formula: crypt = m ^ e% n.
And decryption: decrypt = crypt ^ d% n.
Well, from the point of view of the programmer, we can use this information as follows:
How can asymmetric encryption be used for their own purposes?
Now, knowing the theory, the pros and cons of the algorithm, and why do we need to use it at all, we can talk about practical application.
Among all the programs found, the most convenient seemed to me gpg4usb.
This program uses PGP encryption. Why do I recommend using it?
It's simple. This type of encryption has not yet been able to crack. No one. So use.
Using the program is quite simple. You just need to know where to click.
And this is what is being discussed now.
The first thing to do is download the program. You can do this by the link:
reference .
I will say right away - this program is cross-platform. That is, you can use it on both Windows and Linux.
The second is the creation of an encryption key pair.
This can be done by performing the following sequence of actions:
1) Go to the "Key Manager" section
2) Select “Key” in the top panel, then “Generate a key”
It should look something like this:
3) Fill in the required fields. I'll warn you right away - it’s better to write down the password somewhere (or remember it), because it will be needed later to decrypt the message.
Now the key is created, and we can proceed directly to encryption.
On the main screen there is a text field - this is our springboard for creating messages. In the right sidebar tick your key.
Enter the message in the field, feel free to click in the top panel "Encrypt".
Congratulations, you can encrypt messages.
Decryption is similar, except that instead of "Encrypt" you use the "Decrypt" button.
And now the moment that the brain endured for me for half an hour: how to pass the key to a friend?
Yes, we set up an encryption system, and it works, yes, we can give a friend a public key and not be afraid that the message will be read. But where to get it?
As it turned out, everything is quite simple. In the window in which we created the keys for encryption, we tick the necessary key and in the top panel select “Export to file”. We received a public key and can send to anyone to receive encrypted messages from it that only we can read.
So, and now I want to get the private key (and suddenly I will work from another computer? After all, the keys are stored locally).
To solve this problem, we return to the main screen, in the right sidebar, right-click on the desired key and select "Show key properties". And in the window that opens, select "Export Secret Key."
Done, you now have on hand public and private encryption keys, which you can dispose of at your discretion.
Well, at the end of the article I want to share a useful methodology: threat modeling and risk assessment.
The first thing you need to understand is that you cannot ensure 100% security, as well as reduce all risks to zero. You can not get 100% anonymity. You can not get 100% security (unless you use the phone and PC).
Using the Internet, we somehow take risks. It gives us a chance to expand our capabilities, but there is a risk of losing our data. Therefore, security is a balancing act between convenience, extension of knowledge, comfort and preservation of already defined, important for us data.
We must use risk-oriented approach.
For example, laptop theft. What we can do? Encrypt the entire disk, add additional authorization steps.
To ensure quality protection you need to go through several stages:
Security issues are the weak point of most of us. It is unpleasant for all of us to encounter and, all the more so, lose something valuable because of an accidental mouse click. And that is why I decided to share the found materials with you.
In an effort to dispel the most frequently asked question - why will they attack me? Who needs me? - we will start the article with him.
')
It should be borne in mind that not only man can attack you. This can be done, for example, by a bot.
Each of us is connected to the ISP. And most likely, attacks are launched on him literally every day. Have you noticed the spam section in your email? In every such letter there is potentially a phishing attack. This attack is not personally on you. This is a large-scale attack, aimed at a wide range of people. We are potentially victims.
Most often their goal is money. How can they get them?
For example, use your computer as a web server, steal your content, produce email attacks, work in a botnet, steal accounts, and extort attacks. Yes, and email account is potentially an important thing, because we all often use the same password on several services.
Time is expensive, and we want to spend as little time as possible on issues related to security.
And so the first thing to do is to answer a few questions for yourself:
- In which files are the most important data stored?
- What accounts in social networks you can not lose?
- What can cause the most harm?
- And what can hit your reputation?
Well, for example, laptop theft. Yes, it hurts and sad. But how can this threaten you?
This may be the loss of data to enter the social network. This may be confidential information received during work. Or maybe it's personal photos.
OK, we decided on what we need to protect. The next step is to choose a protection method.
Yes, of course, there are many attacks in the world and it is simply impossible to defend against everyone.
Therefore, we consider one of the most effective tools - encryption.
What is encryption?
To make the right choice in the field of security, you need to understand what encryption is. You don't need to know hardcore math. Enough to understand at a basic level. This is one of the best and indispensable tools in our arsenal.
Encryption is a method of converting data readable by humans into a form that a person cannot read. Due to this, the data remain confidential and private.
Decryption is the reverse operation. Convert unreadable data to readable.
Okay, where does this apply? In fact, in many places. For example, did you pay attention to the “https” protocol? It is due to it that your data cannot be intercepted by the 3rd person during your climbing on the Internet. I will explain in more detail. You go to the site " www.google.com ", make any request. At the same time, all the data that is needed to display the output of the results are transmitted using the “https” protocol. So, if any person decides to view data about your traffic (attack Man In the Middle), then he will see only that you are logged on to Google. In addition, he will receive a lot of encrypted packets. That is, it can be said that he will not receive anything.
But back to the basic theory. The encryption process involves 2 main components - an algorithm and a key.
The algorithm is in some sense a lock that allows you to keep your data secret. Due to it, the text is converted.
The key is forgive the tautology, the key to the lock. A piece of unique data with which the text is converted
Hmm, good. We go further. Slightly increase the voltage.
Types of encryption
How else can we use encryption for our own selfish purposes? For ease of understanding, we consider the archive encryption. When archiving, many archivers have the ability to set a password. In this case, the archiver uses some kind of encryption algorithm. And most often it is a symmetric algorithm.
Symmetric encryption
Symmetric encryption algorithm - an algorithm that uses the same key for encryption and decryption. A striking and simple example would be Caesar’s cipher.
All the work of this algorithm is to change the symbol to another with a certain step.
For example, at an offset of 5 characters, the character that stands in the first position is replaced by the character 6 position and so on.
The most robust at the moment is the AES (Advanced Encryption Standard) algorithm.
It is worth mentioning one more thing - the power of the password. Password strength is measured in bits. One of the most common solutions is 128 or 256 bits. This is the number of bits that will be allocated to the password. This number also means the number of passwords you can get with this encryption algorithm. But the longer the key, the slower the process of encryption or decryption.
But asymmetric encryption is most commonly used.
And so, we encrypted the letter, but how to send it to our friend? Send in social. networks or text message - not the best idea. Like talking it on the phone.
And this leads us to a new type of encryption.
In asymmetric encryption uses 2 keys - open and closed (secret).
The public key is for encryption, the private key is for decryption.
What algorithms allow you to use this technology?
Here is a list:
- Rivest — Shamir — Adleman (RSA) (most common)
- Elliptic curve cryptosystem (ECC)
- Diffie — Hellman (DH)
- El gamal
Pluses of asymmetric algorithms:
- You can freely share your public key and anyone can send you a secret message.
Minuses:
- encryption / decryption speed.
For advanced
Since I have a vein of a programmer, as well as a love of mathematics, I just can not tell you how everything works “under the hood”
Consider the example of the RSA algorithm.
The first thing we need to do is generate the public and private keys. The sequence of actions is approximately as follows:
1) We choose two prime numbers. It is desirable that they were close enough
p = 19
s = 13
2) Calculate their product, as well as the Euler function
n = p * s
f = (p - 1) * (s - 1)
Consider the example of the RSA algorithm.
The first thing we need to do is generate the public and private keys. The sequence of actions is approximately as follows:
1) We choose two prime numbers. It is desirable that they were close enough
p = 19
s = 13
2) Calculate their product, as well as the Euler function
n = p * s
f = (p - 1) * (s - 1)
3) Now the most time-consuming part is the choice of the exponent and an arbitrary coefficient.
The fact is that with the chosen coefficients, the value of “d” should be integer. "D" - the necessary component of the algorithm
e = 5
k = 9
d = (k * f + 1) / e
Now our public key (for encrypting a message) consists of the values ​​of the variables “e” and “n”, and the private key (for decryption) of the values ​​“d” and “n”.
That is, in our case ...
Then the message is encrypted using the formula: crypt = m ^ e% n.
And decryption: decrypt = crypt ^ d% n.
Well, from the point of view of the programmer, we can use this information as follows:
- Create an array of matches to a symbol and its code (for example, ASCII code)
- Apply an algorithm for each character, creating an array of transformed values
- Translate the resulting array back to the string view
- Profit!
How can asymmetric encryption be used for their own purposes?
Now, knowing the theory, the pros and cons of the algorithm, and why do we need to use it at all, we can talk about practical application.
Among all the programs found, the most convenient seemed to me gpg4usb.
This program uses PGP encryption. Why do I recommend using it?
It's simple. This type of encryption has not yet been able to crack. No one. So use.
Using the program is quite simple. You just need to know where to click.
And this is what is being discussed now.
The first thing to do is download the program. You can do this by the link:
reference .
I will say right away - this program is cross-platform. That is, you can use it on both Windows and Linux.
The second is the creation of an encryption key pair.
This can be done by performing the following sequence of actions:
1) Go to the "Key Manager" section
2) Select “Key” in the top panel, then “Generate a key”
It should look something like this:
3) Fill in the required fields. I'll warn you right away - it’s better to write down the password somewhere (or remember it), because it will be needed later to decrypt the message.
Now the key is created, and we can proceed directly to encryption.
On the main screen there is a text field - this is our springboard for creating messages. In the right sidebar tick your key.
Enter the message in the field, feel free to click in the top panel "Encrypt".
Congratulations, you can encrypt messages.
Decryption is similar, except that instead of "Encrypt" you use the "Decrypt" button.
And now the moment that the brain endured for me for half an hour: how to pass the key to a friend?
Yes, we set up an encryption system, and it works, yes, we can give a friend a public key and not be afraid that the message will be read. But where to get it?
As it turned out, everything is quite simple. In the window in which we created the keys for encryption, we tick the necessary key and in the top panel select “Export to file”. We received a public key and can send to anyone to receive encrypted messages from it that only we can read.
So, and now I want to get the private key (and suddenly I will work from another computer? After all, the keys are stored locally).
To solve this problem, we return to the main screen, in the right sidebar, right-click on the desired key and select "Show key properties". And in the window that opens, select "Export Secret Key."
Done, you now have on hand public and private encryption keys, which you can dispose of at your discretion.
Well, at the end of the article I want to share a useful methodology: threat modeling and risk assessment.
The first thing you need to understand is that you cannot ensure 100% security, as well as reduce all risks to zero. You can not get 100% anonymity. You can not get 100% security (unless you use the phone and PC).
Using the Internet, we somehow take risks. It gives us a chance to expand our capabilities, but there is a risk of losing our data. Therefore, security is a balancing act between convenience, extension of knowledge, comfort and preservation of already defined, important for us data.
We must use risk-oriented approach.
Risk = vulnerability * threats * consequences
For example, laptop theft. What we can do? Encrypt the entire disk, add additional authorization steps.
To ensure quality protection you need to go through several stages:
- Choose
- Customize
- Evaluate. Check that the disk is fully encrypted
- We control. Check for security updates
Source: https://habr.com/ru/post/449552/
All Articles