Skip to main content

Encryption and signing

Encryption

Encryption of data basically means the following: Data is converted into an unreadable form and can only be made readable again with a matching key. In the simplest case, the key is a password or 1 secret key, or a key pair (secret/public key). The public key is usually provided embedded in a certificate.

Data can be encrypted so that only the authorized recipient can decrypt and read it.

Encryption and decryption are usually performed using symmetric procedures.

In addition, the recipient of the data can be shown that it originates from a sender of integrity and has not been altered. To do this, the data is signed, which is usually done using asymmetric encryption.

Signing (identity verification)

In order for the irrefutable ownership and integrity of a message to be verifiable (integrity, authenticity), it should be provided with a signature. Encryption is also used for a signature (in this case, asymmetric encryption). The sender needs the public key of the recipient and the recipient needs the private key that belongs to this public key. The sender uses his own private key for signing. The recipient can verify the signature with the public key associated with this private key.

The following steps are usually taken:

  1. Sender: Determines a unique hash value over the data (H)

  2. Sender: Encrypts the hash value with private key (He)

  3. Recipient: Also calculates the hash value and decrypts the He with the public key and compares the two values. This allows the sender to be identified uniquely and verifies that the sender possesses the private key.

Hash procedures are necessary for this: One characteristic is the unique "fingerprint" of the data (for example, the checksum of the data). The hash functions are very low-collision, which means that it is very difficult to find/construct two different data for a single hash value.

: