Cryptography Basics

Cryptography is the mathematical backbone of trust. In an Operating System, it is used for:

  • Encrypted Filesystems (BitLocker, LUKS).
  • Secure Network Connections (SSH, HTTPS).
  • Code Signing (Preventing malware from loading as a driver).

1. Symmetric Encryption (Shared Secret)

Both parties have the same key.

  • Algorithm: AES (Advanced Encryption Standard).
  • Pros: Extremely fast (Hardware accelerated by AES-NI instructions in CPU).
  • Cons: Key Distribution Problem. How do I send you the key without a hacker intercepting it?

2. Asymmetric Encryption (Public Key)

Each party has a Key Pair.

  • Public Key: Share with everyone. Used to Encrypt.
  • Private Key: Keep secret. Used to Decrypt.
  • Algorithm: RSA, ECC (Elliptic Curve Cryptography).
  • Pros: Solves Key Distribution.
  • Cons: Very slow (1000x slower than AES).

[!TIP] Hybrid Encryption: In the real world (HTTPS/TLS), we use Asymmetric encryption to securely exchange a Symmetric key. Then we use the Symmetric key for the rest of the conversation.

3. Interactive: Public Key Demo

Alice wants to send a secret to Bob.

Alice
Has Message
"Attack at Dawn"
Bob
Has Keys
Bob-PUB
Bob-PRI
???
Waiting to start...

4. Code Example: AES Encryption

High-performance symmetric encryption.

Go
Java
package main

import (
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"fmt"
	"io"
)

func main() {
	key := []byte("thisis32bitlongpassphraseimusing") // 32 bytes = AES-256
	text := []byte("My Secret Data")

	// Create Cipher Block
	block, err := aes.NewCipher(key)
	if err != nil { panic(err) }

	// GCM Mode (Galois/Counter Mode) provides encryption + integrity
	aesGCM, err := cipher.NewGCM(block)
	if err != nil { panic(err) }

	// Generate Nonce
	nonce := make([]byte, aesGCM.NonceSize())
	if _, err = io.ReadFull(rand.Reader, nonce); err != nil { panic(err) }

	// Encrypt
	ciphertext := aesGCM.Seal(nonce, nonce, text, nil)
	fmt.Printf("Encrypted: %x\n", ciphertext)
}

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import java.security.SecureRandom;
import java.util.Base64;

public class AESGCM {
    public static void main(String[] args) throws Exception {
        // Generate Key
        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
        keyGen.init(256);
        SecretKey key = keyGen.generateKey();

        // IV (Nonce)
        byte[] iv = new byte[12]; // GCM standard IV size
        new SecureRandom().nextBytes(iv);

        // Encrypt
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        GCMParameterSpec spec = new GCMParameterSpec(128, iv);
        cipher.init(Cipher.ENCRYPT_MODE, key, spec);

        byte[] ciphertext = cipher.doFinal("My Secret Data".getBytes());

        System.out.println("Encrypted: " + Base64.getEncoder().encodeToString(ciphertext));
    }
}