Encryption, Authentication, Authorization

The saying goes that if you can't explain something simply then you don't know it well enough, for my own sake as much as anyone elses I wanted to put a post together covering high level concepts in modern-day encryption (symmetric vs symmetric encryption and signing). Hopefully others might find it useful as well.

I'll try to explain it by putting my own spin on the tale of Bob and Alice (the Romeo and Juliet of cryptography).

Encryption, a love story

Bob and Alice are two high schoolers so in love that they develop a habit of passing notes to one another in class. After their teacher, Mr. Middleman, catches them out and reads out their loves notes to the rest of the class (much to their embarassment) they decide they need to come up with a system that allows them to communicate with each other without the communication being decipherable by third parties. Sure, the teacher might be able to intercept the note but if he can't read it - then it's no big deal - their dignity remains intact.

So after class Bob says to Alice. "Hey Alice, I have an idea, let's write our notes with numbers instead of letters. If you want to write A we write 1, to write B we write 2, and so on. Mr. Middleman won't have any idea what our notes say".

The following day they try out the new system, unfortunately, Mr. Middleman quickly figures out that if he replaces each number with a corresponding letter in the alphabet, meaningful information starts to appear and he quickly decodes the whole love letter - joyfully reciting it to the rest of the class to everyone's amusement.

After class, Alice says to Bob - "Ok, Bob I have a better idea - let's do the same thing we did yesterday except instead of just converting the letter to a number, let's convert it to a number but if it's a letter in one of our names we add 53 to it! And if the letter is a vowel we multiply the corresponding number by 32! There's no way Mr. Middleman will figure that one out!"

And so the cycle began, Alice and Bob would come up with increasingly sophisticated forms of encryption whilst Mr. Middleman work spend his nights sipping on scotch with his head down trying his damnedest to crack em'.

So obviously the nuances and algorithmic details of cryptography are much more complex but the basic premise here is the same - except in the real world Bob and Alice are probably using some of the same encryption techniques employed by the military and intelligence agencies via their smartphones, designed by some... erm very smart people who have made it their lifes work.

Symmetric Encryption

The scenario outlined above is not all that dissimilar to Symmetric Encryption.

Symmetric Encryption is where Bob and Alice both have a private key, a piece of information (typically a long string of alphanumeric characters) that may be shared between them and which can decrypt the encrypted data. Much like a safe with a key - Bob and Alice may have different copies of the key but the shape of the key is the same and as such they can both lock and unlock the safe.

The problem with Symmetric key encryption is how to establish a shared private key in the first place. If Bob and Alice live in the same street - sure one can just walk over to the other and hand them the shared key on paper discreetly. If they are on other sides of the world however this becomes more difficult. They could email each other the private key, but to do that they have to trust that method of communication is also secure. Which brings us to assymetric Encryption.

Asymmetric Encryption

In asymmetric encryption both Bob and Alice each have two keys, one a "private" key and the other a "public" key, which are mathematically linked together with some sort of black magic.

  • Encryption by one key can only be decrypted by the other key.

So if Alice wants to send a love note to Bob, she can encrypt it using his public key and only his private key will be capable of decrypting it, providing Bob is very careful and his private key never ends up in anyone elses hands this guarantees that only he can read the message.

If Bob wants to reply he can do the same thing, encrypted the message with Alice's public key and shipping it off to her, for her to decrypt with her private key.


So we know that Bob can encrypt data with Alice's public key and that will ensure that only she can read that data.

What if Bob encrypts something with his private key instead of his public key?

Well that would mean that only his public key could decrypt it. Now - why might that be useful? Well it would allow anyone to verify that a message comes from Bob himself and not an impersonator.

This is commonly referred to as signing, because it has a similar effect (an arguably more secure one) as that of a handwritten signature - it authenticates a message, it proves that the message originates from a particular author, one in possession of the private key.

To be continued...