# Fundamentals of Cryptography

## Putting it all Together

We have looked at the three critical pieces of technology – symmetric cryptography, asymmetric cryptography and hashing. Each technology a core technology found in almost all current security systems. A brief summary is shown below:

Technology
Main Usage
Major Pro
Major Con
Symmetric Cryptography
Bulk encryption of large quantities of data
Fast and secure
Key exchange
Asymmetric (Public key) Cryptography
Authentication of entities
Secure – no key exchange
Hashing
Data integrity
Stable technology, very secure
Hashes are subject to alteration, rendering them useless

Neither of these technologies alone is secure, nor can it provide a holistic solution for secure communication. To mitigate the risks associated with each technology, we must use the technologies together. Consider an example of two users who wish to exchange a secure message.

Alice wishes to send a secure message to Bob such that only Bob can receive the message; Bob can verify that the message came only from Alice, and that the message was not tampered with during transmission. In practical terms, this is the procedure that is followed by S/MIME.

1. Alice generates a message M.
2. Alice Bob’s public key to encrypt the message Epub(Bob){M} as eM.
3. Alice produces a hash H of message eM by performing H{eM}
4. Alice uses her private key to encrypt the hash Epvt(Alice){H} as eH.
5. Alice assembles the complete message as eM:eH. And forwards the structure to Bob.
6. Bob separates eM and eH.
7. Bob validates that the message has come from Alice AND the message has not been altered by decrypting the hash that arrived and comparing it with a new hash. This can be represented as Dpub(Alice){H} = H{eM}.
8. Bob uses his private key to decrypt the body of the message by performing Dpvt(Bob){eM} = M.