Cryptography
Cryptography protects data from unauthorized access, ensuring confidentiality, integrity, authenticity, and non-repudiation. Cryptography is used to secure emails, messages, and data transfers to protect them from eavesdropping. Data Integrity ensures that data has not been tampered with. Authentication means verifying the identity of users and devices.
This section covers
- Encryption: The process of converting plaintext into ciphertext using an algorithm and a key. Only someone with the correct key can decrypt the ciphertext back into plaintext.
- Hashing: A method of transforming data into a fixed-size value, which is unique to the original data. Hashes are used for verifying data integrity.
- Digital Signatures: A cryptographic technique that uses asymmetric keys to verify the authenticity and integrity of a message or document.
It covers both Symmetric Cryptography and Asymmetric Cryptography. The former uses the same key for both encryption and decryption. It's fast and efficient but requires secure key distribution. The latter uses a pair of keys (public and private). The public key is shared openly, while the private key is kept secret. This method enhances security but is slower than symmetric cryptography.
Encryption
Transforming plaintext into ciphertext for confidentiality.
- Types: Symmetric (shared key) vs. Asymmetric (key pair).
- Algorithms: AES, RSA.
- Purpose: Confidentiality.
| Recipe | Crates | Categories |
|---|---|---|
| Use the RSA Algorithm |  |  |
AEAD (Authenticated Encryption with Associated Data)
Encryption scheme providing both confidentiality and authentication.
- Associated Data: Additional data bound to the ciphertext but not encrypted.
- Algorithms: AES-GCM, ChaCha20-Poly1305.
- Purpose: Confidentiality and authentication.
| Recipe | Crates | Categories |
|---|---|---|
aes-gcm-siv |   | |
aes-gcm | | |
| ChaCha20Poly1305 |  | |
Hashing
One-way function producing a fixed-size "digest." Hashing is used in digital signatures, HMACs, and password hashing.
- Properties: Deterministic, collision-resistant, preimage-resistant.
- Algorithms: SHA-256, BLAKE3.
- Purpose: Data integrity.
| Recipe | Crates | Categories |
|---|---|---|
| Calculate the SHA-256 Digest of a File |   | |
sha2 |  | |
sha1 |  | |
md-5 |  | |
blake3 |  | |
Password Hashing
One-way hashing specifically to protect passwords.
- Goals: Resistance to brute-force, rainbow table attacks.
- Algorithms: bcrypt, Argon2, scrypt; salting (adding a unique random value before hashing).
- Purpose: Password protection.
| Recipe | Crates | Categories |
|---|---|---|
| Hash a Password, then Verify a Password Against the Hash |  | |
scrypt |  | |
bcrypt |  | |
| Salt and Hash a Password with PBKDF2 | | |
HMAC (Hash-based Message Authentication Code)
A Message Authentication Code (MAC) is a cryptographic checksum using a shared secret key. HMAC (Hash-based MAC) uses a hash function with a secret key.
- Purpose: Integrity and authentication (but not non-repudiation).
| Recipe | Crates | Categories |
|---|---|---|
| Sign and Verify a Message with a HMAC Digest | | |
Digital Signatures
Cryptographic mechanism for authentication, integrity, and non-repudiation. Digital signatures are used to sign certificates and other documents.
- Process: Signing with private key, verifying with public key.
- Algorithms: RSA, ECDSA, Ed25519.
- Purpose: Authentication, message integrity, non-repudiation.
| Recipe | Crates | Categories |
|---|---|---|
ed25519 |  | |
ed25519-dalek |  | |
ecdsa |  | |
dsa |  | |
Digital Certificates (X.509)
Digital documents binding a public key to an identity.
- Components: Subject, issuer, public key, validity period, signature.
- Certificate Authorities (CAs): Trusted third parties.
- Purpose: Identity verification.
| Recipe | Crates | Categories |
|---|---|---|
| DER |  | |
pem-rfc7468 |  | |
pkcs8 |  | |
x509-cert |  | |
TLS (Transport Layer Security)
Cryptographic protocol for secure communication over a network.
- Handshake: Establishing a secure connection.
- Encryption: TLS uses encryption (often AEAD) to protect data in transit.
- Authentication: Verifying server (and optionally client) identity.
- Certificates: Used for authentication.
- Purpose: Secure communication.
| Recipe | Crates | Categories |
|---|---|---|
rustls |  | |
native-tls |  | |
