Cryptography Basics
Cryptography is the mathematical backbone of trust. In an Operating System, it is used for:
- Encrypted Filesystems (BitLocker, LUKS).
- Secure Network Connections (SSH, HTTPS).
- Code Signing (Preventing malware from loading as a driver).
1. Symmetric Encryption (Shared Secret)
Both parties have the same key. Think of this like a safe with a single physical key. If you want someone else to put things in the safe or take things out, you have to make a copy of the key and give it to them.
- Algorithm: AES (Advanced Encryption Standard) - the industry standard.
- Pros: Extremely fast. Modern CPUs have dedicated AES-NI (New Instructions) hardware acceleration, allowing them to encrypt gigabytes of data per second with minimal CPU overhead. This makes it perfect for encrypting entire hard drives (like BitLocker) or large video streams.
- Cons: The Key Distribution Problem. If Alice and Bob want to talk securely over the internet, how does Alice send Bob the symmetric key without an attacker (Eve) intercepting it in transit?
2. Asymmetric Encryption (Public Key)
Each party generates a mathematically linked Key Pair. Think of this like a mailbox with a mail slot and a padlock. The Public Key is the location of the mailbox and the mail slot—anyone can drop a letter in. The Private Key is the key to the padlock—only the owner can open the box to read the letters.
- Public Key: Shared with the world. Used by others to Encrypt data meant for you.
- Private Key: Closely guarded secret. Used by you to Decrypt data.
- Algorithms: RSA (based on factoring large primes) and ECC (Elliptic Curve Cryptography, which provides stronger security with smaller key sizes).
- Pros: Solves the Key Distribution Problem elegantly.
- Cons: Computationally heavy and very slow (often 1000x slower than AES). It is not feasible to encrypt a 4GB movie file using RSA.
Hybrid Encryption: In the real world (HTTPS/TLS), we use Asymmetric encryption to securely exchange a Symmetric key. Then we use the Symmetric key for the rest of the conversation.
3. Interactive: Public Key Demo
Alice wants to send a secret to Bob.
4. Code Example: AES Encryption
High-performance symmetric encryption.
Go
package main
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"fmt"
"io"
)
func main() {
key := []byte("thisis32bitlongpassphraseimusing") // 32 bytes = AES-256
text := []byte("My Secret Data")
// Create Cipher Block
block, err := aes.NewCipher(key)
if err != nil { panic(err) }
// GCM Mode (Galois/Counter Mode) provides encryption + integrity
aesGCM, err := cipher.NewGCM(block)
if err != nil { panic(err) }
// Generate Nonce
nonce := make([]byte, aesGCM.NonceSize())
if _, err = io.ReadFull(rand.Reader, nonce); err != nil { panic(err) }
// Encrypt
ciphertext := aesGCM.Seal(nonce, nonce, text, nil)
fmt.Printf("Encrypted: %x\n", ciphertext)
}
Java
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import java.security.SecureRandom;
import java.util.Base64;
public class AESGCM {
public static void main(String[] args) throws Exception {
// Generate Key
KeyGenerator keyGen = KeyGenerator.getInstance("AES");
keyGen.init(256);
SecretKey key = keyGen.generateKey();
// IV (Nonce)
byte[] iv = new byte[12]; // GCM standard IV size
new SecureRandom().nextBytes(iv);
// Encrypt
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
GCMParameterSpec spec = new GCMParameterSpec(128, iv);
cipher.init(Cipher.ENCRYPT_MODE, key, spec);
byte[] ciphertext = cipher.doFinal("My Secret Data".getBytes());
System.out.println("Encrypted: " + Base64.getEncoder().encodeToString(ciphertext));
}
}