.png)
.png)
.png)
.png)
Cryptographic Applications: Confidentiality & Integrity Protection
CIA, which stands for confidentiality, integrity, and availability, is the fundamental principle of information security and represents its three main objectives. Among them, confidentiality refers to the condition where only legitimate users can access the data, and this data is not disclosed to unauthorized users during transmission or storage. Integrity means that the data is not altered or corrupted during transmission or storage. Common techniques for protecting confidentiality include key agreements and digital envelopes, while techniques for ensuring Integrity include message authentication codes and digital signature.
Key Agreement
Key agreement is the process by which two or more participants generate a shared key over an insecure communication channel. In simple terms, even if an attacker is eavesdropping on the network transmission between the sender and the receiver, the sender can still negotiate an encryption key that is known only to both parties. The most famous of these is the Diffie-Hellman key agreement protocol, with the specific implementation process illustrated in Figure 1.
Figure 1: Diffie-Hellman Key Agreement Process
Digital Envelope
Digital envelope is a technology that uses asymmetric encryption algorithms to transmit or distribute symmetric keys. When conveying information, the sender encrypts the symmetric key using the recipient's public key; the recipient must first decrypt the symmetric key with their own private key in order to use the symmetric key to decrypt the information. The specific implementation process is shown in Figure 2.
Figure 2: Digital Envelope Process
Message Authentication Code (MAC)
MAC is a data item derived from the message using symmetric cryptography technology, with the key as a parameter. Any entity holding this key can use the MAC to verify the integrity of the message and its origin. The specific process is shown in Figure 3.
Figure 3: Message Authentication Code Process
Digital Signature
Digital signature is a technology based on public key cryptography that uses asymmetric encryption algorithms to authenticate digital information. It is primarily used to protect the authenticity, integrity, and non-repudiation of information, ensuring that the information has not been tampered with during transmission or storage, and that the sender cannot deny their sending actions. The specific process is illustrated in Figure 4.
Figure 4: Digitally Signature Process
In practical applications, the common cryptographic algorithms that can be applied to the above four types of cryptographic technologies are shown in Table 1.
Table 1: Common Cryptographic Algorithms Used in Key Agreement and Other Four Technologies
|
Information Security Elements |
Cryptography |
Applied Cryptographic Algorithm |
|
Confidentiality |
Key Agreement |
RSA Algorithm |
|
DH Algorithm |
||
|
ECDH Algorithm |
||
|
Digital Envelope |
SM4-SM2 Algorithm |
|
|
RSA-AES Algorithm |
||
|
Integrity |
Message Authentication Code |
HMAC Algorithm |
|
CMAC Algorithm |
||
|
Digital Signature |
RSA Algorithm |
|
|
DSA Algorithm |
||
|
SM2 Algorithm |
||
|
SM9 Algorithm |
The analyses and discussions in the article are intended to share industry dynamics and technical practices. If any issue involving intellectual property rights arises, please do not hesitate to contact us. We will handle your concerns and make necessary adjustments in accordance with relevant laws and regulations.
