Cryptography Basics
Cryptography is the maths that keeps secrets secret and proves things haven't been tampered with. It's the invisible engine behind the padlock in your browser, your passwords, and secure messaging. You don't need heavy maths — just the ideas — and this lesson gives you both the ideas and the commands.
The three jobs of cryptography
| Goal | Means | Achieved by |
|---|---|---|
| Confidentiality | Keep it secret | Encryption |
| Integrity | Detect any change | Hashing |
| Authenticity | Prove who sent it | Digital signatures & certificates |
Encryption — scrambling so only the right person can read
Encryption turns readable data (plaintext) into scrambled data (ciphertext) using a key. Only someone with the right key can reverse it.
Symmetric vs. asymmetric
- Symmetric — the same key locks and unlocks (e.g. AES). Fast, but both sides must already share the secret key. Like a house key you both have copies of.
- Asymmetric — a pair of keys: a public key anyone can use to lock, and a private key only you have to unlock (e.g. RSA). Solves the “how do we share the key?” problem.
Hashing — a fingerprint for data
A hash is a fixed-length fingerprint of any data (e.g. SHA-256). Change even one character and the hash changes completely. Crucially, it's one-way: you can't turn a hash back into the original.
Certificates & HTTPS — putting it together
When you see the padlock, your browser used TLS (recall OSI Layer 6). A digital certificate is a file that vouches for a website's identity, signed by a trusted Certificate Authority (CA). The handshake then uses asymmetric crypto to safely agree on a fast symmetric key for the rest of the session.
- Browser checks the site's certificate is valid and CA-signed (authenticity).
- They use asymmetric keys to agree a shared secret.
- The session switches to fast symmetric encryption (confidentiality).
This is why the plaintext logins you captured in Module 4 are dangerous, and why HTTPS fixes them.
Command demo: OpenSSL
Try: echo -n hello | sha256sum, echo -n hellO | sha256sum (note the capital O!), or openssl genrsa -out private.key 2048.
- Hash two almost-identical strings and compare:
$ echo -n "Password1" | sha256sum $ echo -n "Password2" | sha256sumThe hashes are wildly different despite one character — this is the “avalanche effect,” and it's why hashing detects tampering.
- Download any file that publishes a checksum, hash it with sha256sum, and confirm your value matches the published one. You just verified integrity like a professional.
- Generate an RSA key pair with openssl genrsa and view the public key. Note how the private key must stay secret (chmod 600 from Module 2!).
Key takeaways
- Crypto delivers confidentiality (encryption), integrity (hashing), and authenticity (signatures/certs).
- Symmetric = one shared key (AES, fast); asymmetric = public/private pair (RSA, solves key sharing).
- Hashing is one-way; encryption is reversible with a key — don't confuse them.
- HTTPS/TLS combines certificates + asymmetric + symmetric to secure the web.