• Identity 101
  • What Is Cryptography? Definition & How It Works

What Is Cryptography? Definition & How It Works

Learn how Adaptive Multi-Factor Authentication combats data breaches, weak passwords, and phishing attacks.
Read more
Okta
Updated: 04/21/2022 - 12:27
Time to read: 9 minutes

Modern cryptography is a method of sending and receiving messages that only the intended receiver and sender can read — to prevent third-party access. It often involves encryption of electronic data, which commonly creates ciphertext by scrambling regular text. Then, it uses a decryption key of some form to return it to readable format on the receiving end. Cryptography can involve either a symmetric key system, which is the simplest, or an asymmetric key system, which is typically more secure. Cryptography provides methods for secure communication and electronic data that malicious adversaries cannot read, interpret, or access.

What is cryptography?

Cryptography is used to keep messages and data secure from being accessible to anyone other than the sender and the intended recipient. It is the study of communications and a form of security for messaging. Ultimately, cryptography can keep data from being altered or stolen. It can also be used to authenticate users. Cryptography often uses encryption and an algorithm to keep electronic data and messages secure and only readable by the intended parties. Cryptography has been around for centuries. The term itself comes from the Greek word kryptos, which translates to hidden. Today, cryptography is based on computer science practices and mathematical theory.

Types of cryptography

There are two main types of cryptography used for digital data and secure messages today: symmetric cryptography and asymmetric cryptography. Hash functions, a third type, doesn’t involve use of a key.

  • Symmetric cryptography: This is one of the most commonly used and simplest forms of encrypting and decrypting electronic data. It is also called secret-key or private-key cryptography. With symmetric cryptography, both the sender and the recipient will have the same key. This key is used to encrypt messages and data on one end and then decrypt it on the other end. Before communications begin, both parties must have the same secret key. Symmetric cryptography is fast, easy to use, and best suited for transmitting large amounts of data or for bulk encryption. The issue with this form of cryptography is that if a third party gets the secret key, they too can read and decrypt the data or messages. There are two main forms of symmetric encryption algorithms: stream and block algorithms.
    • Stream algorithm: This type encrypts the data while it is being streamed; therefore, it is not stored in the system’s memory. One of the most popular stream ciphers is the RC4 (Rivest Cipher 4), which encrypts messages one byte at a time.  
    • Block algorithms: This type encrypts specific lengths of bits in blocks of data using the secret key. The data is held within the system’s memory while blocks are completed. The Advanced Encryption Standard (AES) is the most commonly used symmetric algorithm. Blocks of 128-bit data are encrypted and decrypted using cryptographic keys of 128, 192, and 256 bits. The AES is FIPS (Federal Information Processing Standards) approved under guidance from NIST (National Institute of Standards and Technology).  
  • Asymmetric cryptography: This is also called public-key cryptography, and it involves the use of two different keys. A public key is distributed widely to everyone to encrypt data. This key is required to send messages and encrypt them. A sender can request the public key for the recipient to encrypt the data. Then, it will require the private key, which is kept secret, to decrypt the message. The key pair of the private and public key are mathematically related. Both keys are needed to perform operations, send and receive encrypted data and messages, and access sensitive data. Asymmetric cryptography needs higher processing and longer keys, with pieces of data that are smaller than the key; therefore, is often used on a smaller scale. Asymmetric and symmetric cryptography can be used together in a cryptosystem. Asymmetric cryptography can be used to encrypt symmetric keys, for example, while the symmetric cryptography is used to transmit or encrypt larger amounts of data.  
  • Hash functions: This is a third type of cryptography that does not use a key. It uses a fixed length hash value based on the plain text message. This can then be used to ensure that the message has not been altered or compromised. Hash functions add an extra layer of security, as the hashed output can’t be reversed to reveal the data that was originally input.  

What is cryptography used for?

The intention of cryptography is to keep data and messages secure and inaccessible to potential threats or bad actors. It is often working behind the scenes to encrypt and decrypt data you are sending through social media, applications, interactions on websites, and email. Symmetric cryptography can be used for these purposes:

  • Card transactions and payment applications
  • Random number generation
  • Signature verification to ensure the sender is who they claim to be

Asymmetric cryptography can be used for the following purposes:

  • Email messages
  • SIM card authentication
  • Web security
  • Exchange of private keys

Key principles of cryptography

Cryptography strives for private communications and data security to protect digital information from being altered, accessed, or read by anyone other than those with legitimate access. These are key principles of cryptography:

  1. Confidentiality: The basis of cryptography relies on the information being kept private and confidential from third-party or malicious adversaries. Confidentiality agreements contain specific guidelines and rules that are meant to ensure that information is restricted, secure, and only accessible to certain people or within certain arenas.
     
  2. Encryption: Encryption is what converts readable data into an unreadable form to protect the privacy as messages or data are sent between a sender and a receiver. This is typically done using an algorithm.  
     
  3. Decryption: The reverse of encryption is decryption, and this is returning the data to its original and readable form. Typically, this is performed using a specific key, which can be the same for encryption and decryption or require two different keys.  
     
  4. Data integrity: Data needs to stay consistent and accurate over its entire lifestyle, and data integrity can help to maintain this accuracy. Data cannot be altered anywhere in the communication path. It all needs to remain intact between the sender and the receiver.  
     
  5. Authentication: This is to determine that the message or data received is sent from the actual originator of the message. The sender is often required to verify that they are indeed the originator of the message received by the recipient.  
     
  6. Non-repudiation: This is the ability to ensure that the originator of a message or piece of data is unable to deny the authenticity of their signature. The use of digital signatures can prevent the originator or sender from denying their communication.

Best practices

Messages and data should always be encrypted to ensure privacy and security. The best practices for cryptography include using an entire cryptographic system, or cryptosystem, that regularly uses multiple forms of encryption to keep data and communications safe and secure. This system should have an easy-to-use interface along with strong cryptographic algorithms that conform to the industry’s best practices. For symmetric encryption, this means using AES with 128, 192, or 256-bit keys. For asymmetric encryption standards, it should include elliptical curve cryptography (ECC) and RSA. These are examples of files and data that should be encrypted and protected with cryptography:

  • Email and messages
  • Critical and sensitive files
  • Company data
  • Payment information
  • Personal identification details

Cryptographic methods need to be effective, but also user-friendly to ensure that they are actually going to be used as intended. Using encryption functions can also help to prevent the loss or theft of data even if the hardware itself is stolen or compromised. A strong cryptosystem should be able to hold up to the security community and not rely on security through obscurity. Instead, the system should be known, and the only thing kept secret and private are the actual keys. The public key can be publicized, but the secret or private key should be protected. These are methods for keeping your keys secure:

  • Do not store your encryption keys in clear text or along with the data that is encrypted.
  • Store your keys in a file system protected with strong access control lists (ACLs) while adhering to the principle of least privilege — access only to those who need it.
  • Use a second encryption key to encrypt your data encryption keys, generated using password-based encryption (PBE). A small number of administrators can use a password to generate a key to avoid storing the key in an unencrypted form within the system.
  • Use a tamper-resistant hardware appliance called a hardware security model (HSM) that can securely store keys. When data is needed to be decrypted, code can make an application programming interface (API) call to the HSM.  

Key takeaways

Cryptography is a necessary form of cybersecurity that uses encryption methods to keep digital data and communications secure and out of the hands of potential threats or bad actors. Data protection is highly important in this digital era where so much information is stored on computers, in the cloud, and on the internet. Data security is important to businesses, industries, companies, and individuals alike. Cryptography is a form of securing digital data and messages often using special keys that only the sender and recipient have access to. Cryptography uses mathematical systems and algorithms to encrypt and decrypt data. Symmetrical cryptography uses the same key for both encryption and decryption. It can quickly encrypt and decrypt data, and it is easy to use. It can also be compromised if a third party gains access to the key, however. It is important to keep your data encryption keys safe and secure. Sending your encryption key in a plain text form along with your encrypted message, for example, is similar to leaving your front door key in plain sight in front of your locked door. Keep your keys safe to keep your data safe. Asymmetrical cryptography is a step further than symmetrical cryptography, using different keys for encryption and decryption. The encryption key is “public,” and everyone has access to it. The decryption key is kept “private,” and only intended recipients can have access to this secret key. While this adds an extra layer of security, it can also take longer to encrypt and decrypt data, so it is regularly used for smaller bits of data. A strong cryptosystem often uses multiple forms of encryption and cryptographic methods to keep digital data private and secure from adversaries. Cryptography is a vital component of digital security.

References

Definition of ‘Cryptography.’ (January 2022). The Economic Times.

Security Component Fundamentals for Assessment. (2020). Security Controls Evaluation, Testing, and Assessment Handbook (Second Edition)

Advanced Encryption Standard (AES). (2001). National Institute of Standards and Technology (NIST).

Compliance FAQs: Federal Information Processing Standards (FIPS). (November 2019). National Institute of Standards and Technology (NIST).

Security and Privacy in the Internet of Things. (2016). Internet of Things.

Elliptical Curve Cryptography ECC. (June 2020). National Institute of Standards and Technology (NIST).