Get ready for an exciting journey into the world of cybersecurity! Today, we’re going to dive into an ocean of information, but don’t worry, I promise you won’t drown in boring data. Join me on a journey through the mysteries of cryptography, the art of keeping our secrets safe in the digital world.

Cryptography is like the James Bond of the digital world. It is a set of techniques and tools used to protect sensitive information. Imagine that your messages are treasures and cybercriminals are modern-day hackers trying to loot them. Cryptography is your sword and shield in this battle.

Let’s take a trip back in time to explore the fascinating history of cryptography, where sensitive information was protected in ingenious ways even before the internet existed!

Secret Art Throughout History

Cryptography is not a recent invention, in fact, its history dates back to ancient times. From ancient Rome to the wars of the 20th century, encryption has been a critical tool in protecting vital information. Over the centuries, we have seen how it has evolved from rudimentary methods to complex modern techniques.

Ciphering in Ancient Rome: A Little Word Game

In ancient Rome, Julius Caesar became a key figure in the history of encryption. He used a cipher we know today as  the Caesar Cipher, in which each letter of the message was moved three forward positions in the alphabet. This made the message incomprehensible to anyone who didn’t know the scroll key. Imagine trying to crack “L ORYHGDJH” if you don’t know Caesar’s key.

During the Middle Ages: The Age of Transposition and Substitution Ciphers

During the Middle Ages, ciphers evolved even further. Transposition ciphers involved rearranging the letters of the message, while substitution ciphers replaced the letters with others. A famous example is the Vigenère Table cipher, which used a key to determine how many positions each letter of the message moved.

World War II: Enigma and the War of Cryptography

World War II marked a milestone in the history of cryptography with the emergence of  the Enigma machine, used by the Nazis to encrypt military communications. The Allies were faced with the challenge of deciphering these coded communications. Mathematicians and cryptographers, such as Alan Turing, became cybersecurity heroes by developing methods to break Enigma’s codes, which contributed significantly to the outcome of the war.

The Digital Age: Modern Cryptography and Cybersecurity

With the advent of the digital age, cryptography evolved exponentially. The concepts of symmetric and asymmetric encryption, which we mentioned earlier, appeared. Cryptography became an essential tool for ensuring the security of online communications, protecting financial transactions, emails, and much more.

Current Examples: TLS/SSL and Web Security

Nowadays, crypto is everywhere, especially on the web. When you see a padlock in your browser or “https://” in the URL, you’re seeing TLS/SSL technology in action. This is the layer of security that protects your data while browsing the internet, enabling secure transactions and protecting your passwords.

Let’s dive into the exciting world of symmetric encryption and explore the fascinating AES, along with the powerful OpenSSL! Get your flashlight ready because we’re about to explore the dark and exciting world of cybersecurity.

Symmetric encryption is like a secret choreography between two dancers sharing a master key. Both the sender and recipient use the same key to encrypt and decrypt messages. This means that keeping that key safe is of the utmost importance. Now, let’s talk about the king of symmetrical dance: AES.

AES (Advanced Encryption Standard): The Monarch of Encryption

AES is the gold standard in symmetric encryption, used around the world to protect sensitive data. It was adopted by the U.S. government in 2001, and its history dates back to a competition to find a replacement for the old standard, DES (Data Encryption Standard).

AES is based on the principle that a key is a series of binary digits (1s and 0s) that mix and remove data so that no one else can understand it. It works with three different key sizes: 128-bit, 192-bit, and 256-bit. The longer the key size, the more secure the information will be.

Example of Using AES:

Imagine you want to send a secret message to a friend, such as “RED ALERT.” 

When encrypted with AES and a secret key, it might look like this:

Original Post: RED ALERT

Encrypted message: 2iSnaXeMZTsy1hE4os1A

Only those who know the key will be able to decrypt the message and read “RED ALERT” again.

Now, let’s talk about OpenSSL. OpenSSL is an open-source library that provides implementations of security protocols, including AES encryption. It is used to encrypt and decrypt data, authenticate servers, and generate digital certificates.

OpenSSL, initially released in 1998, has become one of the most widely used open-source libraries in the world of information security. It was created as a fork of the SSLeay project, an early implementation of the SSL/TLS protocol. Over the years, OpenSSL has undergone various revisions and updates to improve its security and functionality.

OpenSSL Features:

1. Encryption: OpenSSL provides a wide range of symmetric and asymmetric encryption algorithms, including AES, DES, RSA, and more. This makes it possible to encrypt and decrypt data, as well as sign and verify digital signatures.
2. Secure Protocols: OpenSSL implements the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols, which are essential to ensure secure connections on the Internet, such as the famous “https://” in browser URLs.
3. Digital Certificates: OpenSSL facilitates the generation of X.509 digital certificates used to authenticate websites and ensure the integrity of communications.
4. Key Generation: You can generate public and private keys, which are essential for asymmetric cryptography and authentication.
5. Certificate Manipulation: OpenSSL allows the creation, management, and conversion of certificates and keys in various formats, such as PEM, DER, and PKCS#12.

Benefits of OpenSSL:

1. Open Source: OpenSSL is open source, which means that its source code is available for anyone to inspect and modify according to their needs.
2. Widely Used: Due to its longevity and reliability, OpenSSL has become one of the most widely used libraries for security implementation on servers and applications.
3. Versatility: OpenSSL offers a wide range of encryption algorithms and protocols, allowing developers to customize the security of their applications.
4. Interoperability: By following widely accepted standards, OpenSSL enables secure communication between systems and applications using different security implementations.

Uses of OpenSSL:

1. Web Security: OpenSSL is used to implement SSL/TLS encryption on web servers, ensuring the security of online communications, including encryption of transmitted data and authentication of servers.
2. Secure Email: Used to encrypt and sign emails, ensuring that messages sent and received are not intercepted or altered in transit.
3. Network Security: OpenSSL is used in VPNs, firewalls, and other network security devices to provide authentication and encryption.

OpenSSL Rivals:

1. LibreSSL: A fork of OpenSSL that focuses on simplicity and eliminating unnecessary code.
2. BoringSSL: A fork of OpenSSL developed by Google, focused on security and performance for Google projects.
3. wolfSSL: A lightweight, high-performance alternative to OpenSSL, particularly suitable for embedded systems and IoT devices.

Examples of OpenSSL Commands for Encrypting and Decrypting with AES:

To encrypt a file with OpenSSL using AES, you can use the following command:

openssl enc -aes-256-cbc -in archivo_plano.txt -out archivo_cifrado.enc

This command encrypts a file named “archivo_plano.txt” with AES-256 in CBC mode and saves the result to “archivo_cifrado.enc”. You’ll be asked for a password to protect the encryption key.

To decrypt the encrypted file, use the following command:

openssl enc -aes-256-cbc -d -in archivo_cifrado.enc -out archivo_descifrado.txt

This command takes the encrypted “archivo_cifrado.enc” file and decrypts it, saving the result in “archivo_descifrado.txt”. Again, it will ask you for the password to unlock the encryption key.

1. DES (Data Encryption Standard): DES was the encryption standard before AES. It uses a 56-bit key and operates in 64-bit blocks. Although it is no longer considered secure due to its short key length, it is still historically relevant.

2. Triple DES (3DES): 3DES is an enhanced version of DES that applies DES three times in sequence, significantly increasing security. It uses 168-bit keys, making it more robust than DES.

3.  Blowfish: Blowfish is a fast and efficient encryption algorithm designed by Bruce Schneier. It uses variable keys from 32 to 448 bits and operates in 64-bit blocks. Although it has been replaced in many contexts by AES, it is still relevant in certain applications.

4. RC4: RC4 is a flow algorithm that has been widely used in security applications, such as SSL/TLS. Despite its history, RC4 has demonstrated significant vulnerabilities and is currently discouraged from use.

Example of Using 3DES:

To encrypt a file with 3DES using OpenSSL, you can use the following command:

openssl enc -des-ede3-cbc -in archivo_plano.txt -out archivo_cifrado.enc

And to decipher:

openssl enc -des-ede3-cbc -d -in archivo_cifrado.enc -out archivo_descifrado.txt

Example of Using Blowfish:

To encrypt a file with Blowfish:

openssl enc -bf-cbc -in archivo_plano.txt -out archivo_cifrado.enc

And to decipher:

openssl enc -bf-cbc -d -in archivo_cifrado.enc -out archivo_descifrado.txt

OpenSSL and Symmetric Encryption:

OpenSSL supports multiple symmetric encryption algorithms, allowing you to choose the most suitable option for your security needs.

Let’s delve into the intriguing world of asymmetric encryption, also known as public-key cryptography. We’ll explore its key concepts, the most commonly used standards, its history, and provide command examples to better understand it.

Unlike symmetric encryption, which uses a single key to encrypt and decrypt, asymmetric encryption uses two distinct keys: a public key and a private key. Anyone can know your public key, but only you, as the owner of the private key, can decrypt messages encrypted with your public key. This asymmetry is essential for online security and authentication.

Key concepts in asymmetric encryption:

1. Public Key: This is the key that is freely shared and used to encrypt messages for the owner of the private key.
2. Private Key: This key is kept secret and is used to decrypt messages encrypted with the public key. It is essential to keep the private key secure.
3. Encryption and Decryption: The encryption and decryption processes are performed using the public and private keys respectively. A message encrypted with the public key can only be decrypted with the corresponding private key.
4. Digital Signature: The digital signature is a key application of asymmetric encryption. It is used to verify the authenticity of a message and ensure that it has not been modified in transit.

Most Commonly Used Asymmetric Encryption Standards:

1. RSA (Rivest-Shamir-Adleman): Developed in 1977, RSA is one of the most widely used asymmetric encryption algorithms. It is based on the factorization of large integers. RSA is widely used to encrypt communications and authenticate websites.
2. DSA (Digital Signature Algorithm): DSA is a digital signature algorithm used to verify the authenticity of messages. It is often used in combination with SHA-1 or SHA-2 to ensure message integrity.
3. ECDSA (Elliptic Curve Digital Signature Algorithm): ECDSA is a digital signature algorithm based on elliptic curves, which makes it more efficient in terms of computational resources. It’s a popular choice in resource-constrained applications.

History of Asymmetric Encryption:

Asymmetric encryption revolutionized cryptography by eliminating the need to share a common key between communicating parties. The RSA algorithm, developed by Rivest, Shamir, and Adleman in 1977, marked a major milestone in the history of cryptography. RSA allowed the parties to communicate securely without having to meet beforehand to agree on a shared key. Since then, several asymmetric encryption algorithms have been developed, such as DSA and ECDSA, which are used for a variety of online security applications.

Example of Using OpenSSL with RSA:

To generate an RSA key pair, you can use the following command:

Generate Private Key:

openssl genpkey -algorithm RSA -out private_key.pem

Generate corresponding public key:

openSSL RSA -pubout -in private_key.pem -out public_key.pem

These commands will generate a private key and its corresponding public key in separate files.

Let’s see how two people can use asymmetric encryption to communicate securely while complying with the triad of information security: Confidentiality, Integrity, and Authentication.

Step 1: Generate a Key Pair

• Jack and Jane generate a key pair: Each of them generates a key pair, which consists of a public key and a private key. These keys are used to encrypt and decrypt messages and verify the authenticity of the messages.

Step 2: Public Key Exchange

• Public Key Exchange: Jack sends his public key to Jane, and Jane sends her public key to Jack. Public keys can be securely shared through an untrusted medium, as they are not used to decrypt messages, only to encrypt.

Step 3: Message Encryption by Jack

• Message encryption by Jack: Suppose Jack wants to send a confidential message to Jane. To do so, it first encrypts the message with Jane’s public key. In this step, Confidentiality is adhered to, as only Jane will be able to decrypt the message with her private key.

Step 4: Sending the Encrypted Message to Jane

• Sending the Encrypted Message to Jane: Jack sends the encrypted message to Jane through any communication channel, even if it is an unsecured channel. At this point, the encrypted message just looks like a set of unreadable characters to anyone who intercepts it.

Step 5: Receiving the Encrypted Message by Jane

• Jane’s Receiving the Encrypted Message: Jane receives the encrypted message from Jack. Although the message is encrypted, Jane can use her private key to decrypt it and get the original content. Confidentiality is now enforced.

Step 6: Integrity Verification

• Integrity verification: To ensure the integrity of the message, Jane uses the hash and digital signature function. First, you create a digest of the original message, and then sign the digest with your private key. This step ensures that the message has not been altered in transit.

Step 7: Sending the Digital Signature to Jack

• Sending the digital signature to Jack: Jane sends the digital signature of the message to Jack. The signature is sent securely, as only Jane can create this signature using her private key.

Step 8: Verification of Authenticity by Jack

• Authenticity verification by Jack: When Jack receives Jane’s digital signature, he uses Jane’s public key to verify the signature. If the signature matches the summary of the original message, this guarantees that the message came from Jane and has not been modified by third parties. Authentication and Integrity are complied with.

Diffie-Hellman (DH) Key Exchange is an essential technique in cryptography that allows two parties to securely agree on a secret key over a public communication channel. Let’s delve into its history, how it works, and how it’s used in practice.

History of the Diffie-Hellman Key Exchange:

The Diffie-Hellman Key Exchange is named after its inventors, Whitfield Diffie and Martin Hellman, who proposed it in 1976. It was a revolutionary breakthrough in cryptography, as it allowed two parties to agree on an encryption key without the need to share it beforehand.

The DH algorithm is based on the idea that it is difficult to compute a discrete logarithm in certain mathematical groups. This provides security and privacy to the keys generated using this method.

How the Diffie-Hellman Key Exchange Works:

1. Generation of Public Parameters: First, public parameters are defined, which are a prime number (P) and a number (g) that acts as a base. These parameters are known to both parties.
2. Private Key Generation: Each party generates its own private key (a and b), which are secret numbers chosen by each party.
3. Public Key Generation: Then, both parties generate their public keys (A and B) using the following formula: A = g^a mod P and B = g^b mod P.
4. Public Key Exchange: A and B send each other over a public channel.
5. Shared Key Calculation: Each party calculates the same shared key using the received public key and its own private key. For example, if Jack receives Jane’s public key (B), she calculates the shared key as s = B^a mod P. Meanwhile, Jane calculates the same shared key as s=A^b mod P. They both get the same secret key(s), which they can now use to encrypt and decrypt messages.

Example of Using OpenSSL with Diffie-Hellman:

Suppose Jack and Jane want to use the Diffie-Hellman Key Exchange to agree on a secret key in an insecure channel. Here’s an example of OpenSSL commands for setting up a Diffie-Hellman key exchange:

1. Generate DH parameters (once, not needed for each session):

openssl dhparam -out dhparams.pem 2048

This will generate the DH parameters in the “dhparams.pem” file with a key length of 2048 bits.

• Jack: Generate your private key and public key:

openssl genpkey -algorithm DH -paramfile dhparams.pem -out jack_private_key.pem

openssl pkey -in jack_private_key.pem -pubout -out jack_public_key.pem

• Jane: Generate your private key and public key:

openssl genpkey -algorithm DH -paramfile dhparams.pem -out jane_private_key.pem

openssl pkey -in jane_private_key.pem -pubout -out jane_public_key.pem

• Public key exchange between Jack and Jane.

• Calculation of the shared key in Jack:

openssl pkeyutl -derive -inkey jack _private_key.pem -peerkey jane_public_key.pem -out jack _shared_secret.bin

• Calculation of the shared key in Jane:

openssl pkeyutl -derive -inkey jane_private_key.pem -peerkey jack _public_key.pem -out jane_shared_secret.bin

• Now, both Jack and Jane have the same shared secret key to encrypt and decrypt messages.

An example of real-world use of the Diffie-Hellman Key Exchange is in secure online communication, such as in secure connections to websites (HTTPS) and in setting up VPNs. When you connect to a website over HTTPS, your browser and web server agree on an encryption key using a DH key exchange process.