CyberSchool Module 9 · Cryptography
Home › Module 9 › Cryptography
Lesson 11

Cryptography Basics

Cryptography is the maths that keeps secrets secret and proves things haven't been tampered with. It's the invisible engine behind the padlock in your browser, your passwords, and secure messaging. You don't need heavy maths — just the ideas — and this lesson gives you both the ideas and the commands.

The three jobs of cryptography

GoalMeansAchieved by
ConfidentialityKeep it secretEncryption
IntegrityDetect any changeHashing
AuthenticityProve who sent itDigital signatures & certificates

Encryption — scrambling so only the right person can read

Encryption turns readable data (plaintext) into scrambled data (ciphertext) using a key. Only someone with the right key can reverse it.

Analogy — A locked box Encryption is putting your message in a strong box and locking it. Anyone can carry the box, but without the key it's useless to them. The security lives in the key, not in hiding the box.

Symmetric vs. asymmetric

Analogy — A public letterbox Your public key is a letterbox slot on your front door: anyone can drop a letter in (encrypt to you), but only your private key opens the box to read them. You hand out the slot freely and guard the key.

Hashing — a fingerprint for data

A hash is a fixed-length fingerprint of any data (e.g. SHA-256). Change even one character and the hash changes completely. Crucially, it's one-way: you can't turn a hash back into the original.

Analogy — A tamper-evident seal A hash is like a wax seal that would visibly crack if the letter were opened. It doesn't hide the letter — it proves it wasn't changed. That's why downloads publish a hash, and why passwords are stored hashed, never in plain text.
Encryption ≠ hashing Encryption is reversible with a key (for secrecy). Hashing is one-way (for integrity). Mixing these up is a classic beginner mistake — and a common exam trap.

Certificates & HTTPS — putting it together

When you see the padlock, your browser used TLS (recall OSI Layer 6). A digital certificate is a file that vouches for a website's identity, signed by a trusted Certificate Authority (CA). The handshake then uses asymmetric crypto to safely agree on a fast symmetric key for the rest of the session.

  1. Browser checks the site's certificate is valid and CA-signed (authenticity).
  2. They use asymmetric keys to agree a shared secret.
  3. The session switches to fast symmetric encryption (confidentiality).

This is why the plaintext logins you captured in Module 4 are dangerous, and why HTTPS fixes them.

Command demo: OpenSSL

$ sha256sum file.iso # fingerprint a file to verify it wasn't tampered with $ echo -n "hello" | sha256sum # hash a string; change one letter and watch it change $ openssl genrsa -out private.key 2048 # create an asymmetric private key $ openssl rsa -in private.key -pubout -out public.key # derive the public key $ openssl s_client -connect example.com:443 # inspect a live website's TLS certificate
Try It Yourself (practice terminal)

Try: echo -n hello | sha256sum, echo -n hellO | sha256sum (note the capital O!), or openssl genrsa -out private.key 2048.

kali@lab: ~
Crypto practice shell. Try a command below.
kali@lab:~$
Practical Exercise 11.1 — Feel the avalanche effect & verify a download
  1. Hash two almost-identical strings and compare:
    $ echo -n "Password1" | sha256sum $ echo -n "Password2" | sha256sum
    The hashes are wildly different despite one character — this is the “avalanche effect,” and it's why hashing detects tampering.
  2. Download any file that publishes a checksum, hash it with sha256sum, and confirm your value matches the published one. You just verified integrity like a professional.
  3. Generate an RSA key pair with openssl genrsa and view the public key. Note how the private key must stay secret (chmod 600 from Module 2!).
Quick check: Passwords should be stored in a database using…?
Plain text, so support can read them
Reversible encryption
A one-way hash (ideally salted, e.g. bcrypt)
Base64 encoding
Passwords should be hashed (one-way) so that even a stolen database doesn't reveal them. Encryption is reversible; hashing is not.
Why does this matter for your career? Cryptography underpins everything: HTTPS, VPNs, disk encryption, password storage, digital signatures. Every certification — Security+, CISSP, CEH — has a crypto domain, and “explain symmetric vs asymmetric” or “encryption vs hashing” are guaranteed interview questions. You don't have to invent algorithms; you have to use them correctly.

Key takeaways

  • Crypto delivers confidentiality (encryption), integrity (hashing), and authenticity (signatures/certs).
  • Symmetric = one shared key (AES, fast); asymmetric = public/private pair (RSA, solves key sharing).
  • Hashing is one-way; encryption is reversible with a key — don't confuse them.
  • HTTPS/TLS combines certificates + asymmetric + symmetric to secure the web.