The main type of cryptographic transformation of information in computer systems is encryption. Encryption is the process of encoding information to prevent unauthorized access. If stolen or leaked, the encrypted data will be unreadable without the appropriate key. Encryption refers to the process of converting open information into encrypted information (ciphertext) or the process of converting encrypted information back into open information. The process of converting open information into closed information is called encryption, and the process of converting closed information into open information is called decryption.
The advent of computers initiated the process of developing new ciphers, taking into account their ability to be used both for encrypting/decrypting information and for attacks on the cipher. An encryption attack (cryptoanalysis) is the process of decrypting private information without knowing the key and, possibly, in the absence of information about the encryption algorithm.
The process of restoring the original plaintext based on a key encrypted without knowing the key is called decryption.
Modern encryption methods must meet the following requirements:
The strength of a cipher to withstand cryptanalysis (cryptographic strength) must be such that it can be opened only by solving the problem of exhaustive enumeration of the keys. Cryptographic strength is ensured not by the secrecy of the encryption algorithm, but by the secrecy of the key. The ciphertext should not significantly exceed the original information in volume.
Modern cryptography includes symmetric cryptosystems, asymmetric cryptosystems (public key cryptosystems), electronic digital signature systems and key management.
Symmetric cryptosystems are an encryption method in which the same cryptographic key is used for encryption and decryption. The algorithm key must be kept secret by both parties, and measures must be taken to protect access to the channel along the entire path of the cryptogram.
Asymmetric cryptosystem encryption is a method of data encryption that involves the use of two keys - a public and a private one. The open (public) key is used to encrypt information and can be transmitted over unsecured channels. An encryption and/or electronic signature (ES) system, in which the public key is transmitted over an open (that is, unprotected, observable) channel and is used to verify the ES and to encrypt the message. A private key is used to generate the electronic signature and decrypt the message. Public key cryptographic systems are now widely used in various network protocols, in particular in the TLS protocols and its predecessor SSL (underlying HTTPS), in SSH. Also used in PGP, S/MIME.
Electronic digital signature. A digital signature allows you to confirm the authorship of an electronic document. The signature is associated with both the author and the document itself using cryptographic methods, and cannot be forged through ordinary copying. In fact, there is no way to see an electronic signature on documents, since it is a set of data: information that is attached to other information. You can only check the fact that the document is signed. There are special programs for this. The use of electronic signatures is expected to implement the following important areas in the electronic economy.
Full control of the integrity of the transmitted electronic payment document: in the event of any accidental or intentional change to the document, the digital signature will become invalid, because it is calculated using a special algorithm based on the original state of the document and corresponds only to it.
Key management is an information processing system process that generates and distributes keys (public and private) among users.
Key management consists of procedures that ensure:
inclusion of users in the system;
generation, distribution and introduction of keys into equipment;
control of key usage;
changing and destroying keys;
archiving, storage and recovery of keys.