The aim is for two parties, **A** and **B**, to establish a secure communication by **encrypting** messages sent to each other, so that no third party, **C**, will be able to know what information was communicated. Also A can be B, in which case the message is not sent but is stored. Furthermore the sender can **sign** the message so that the receiver will verify its integrity.

Methods to achieve these, are studied in the field of Cryptography. There are two major concepts: **secret-key** cryptography and **public-key** cryptography.

- Communication
- Secret-key Cryptography
- Public-key Cryptography
- Signature and Integrity
- What the two parties will do
- What the third party may do

Communication is basically the transfer of a message (or anything in general), from a sender to a receiver via a medium, and which the receiver then interprets. Whether or not the sender can interpret the message is not necessary. Communication is considered complete only after the receiver has performed the intended interpretation of the received message. This will not be possible if the message is not received or if the receiver cannot interpret it.

*Secure communication* is about ensuring that communication between two parties is complete only for the communicating parties. This can be achieved by securing the communication medium or by securing the communicated message. In the case where the two parties are the same party it becomes essentially a storage. *Secure storage* becomes achieved by securing the storage medium or by securing the stored message. A secure medium will prevent a third party from receiving the message, while a secure message will prevent the third party from interpreting it. Sometimes a secure message is used as the secure medium for another message.

This document focuses on securing the message. To ensure that a third party who receives the message cannot interpret it, it is first encrypted. The receiver interprets the message by first decrypting it, doing so in a way a third party cannot. There are many ways in which the encryption-decryption relationship can be achieved. By far the most powerful and wonderful way is when a message *says something but means something else*. But this is rather difficult to use as it is very informal. How well two parties are able to use this method is a measure of their mutual understanding.

This document focuses on the use of *keys* as studied in the field of cryptography.

In secret-key cryptography the two parties A and B use the same key, which they have chosen and agreed upon, to do both encryption and decryption. The key is therefore secret/private to both parties, which is unlike in public-key cryptography where it is private to only one party.

An important advantage of secret-key cryptography is that the two parties can choose a key they will easily remember. Another important advantage is that it is easier to develop powerful encryption and decryption techniques. The main issue however, is that the two parties must have had a prior secure communication in which they secretly decide on the key.

In public-key cryptography one of the parties, say A, generates a key-pair: a *public-key* and a *private-key*. Party A publicly sends the public-key to party B, but secretly keeps the private-key. The public-key is used only for encryption while the private-key is used only for decryption. Therefore while anyone with the public-key can encrypt a message, only the party with the private-key can decrypt the encrypted message.

Public-key cryptography takes advantage of the fact that communication can be complete without the need for the sender to be able to interpret the message sent. That is, although the sender B is able to encrypt a message and send to A, B however cannot interpret that sent message. Similarly the third party C who has only the public-key cannot interpret the sent message.

An important advantage of public-key cryptography is that there is no need for a prior secure communication between the two parties. The first communication where A publicly sends the public-key to B is not secure. However the second communication where B sends an encrypted message to A, is secure. One main issue with public-key cryptography is that it is more difficult to develop powerful encryption and decryption techniques. The difficulty comes along with the issue that the private-key may not be explicitly chosen, but be randomly generated, and therefore easy to forget.

The issue of an easy-to-forget private-key is solved by observing that only party A keeps the key, but then A can have a prior secure communication with itself. In other words, A will solve the issue by using secret-key cryptography to encrypt and store the private-key.

In order for secure communication to be both ways, that is for A to also send encrypted messages to B, B will repeat the process of generating a key-pair and sending its own public-key to A. However since the second communication from B to A was secure, it can be used by both parties as their prior secure communication in which they decide on a secret-key to use for future communication. This very nice scenario is what is generally done.

The sender can place a digital signature on a message before sending it. This enables the receiver to verify the integrity of the message received. In secret-key cryptography the signing and verifying keys both are the secret-key. In public-key cryptography the signing key is the private-key while the verifying key is the public-key, both generated by the sender.

As can be noticed, in secret-key cryptography there is nothing other than to always both encrypt and sign a message, the order of which does not matter. However in public-key cryptography there is a choice between whether to *sign-then-encrypt* or to *encrypt-then-sign*. Note that the sender signs with its private-key and encrypts with the receiver's public-key. The receiver will decrypt with its private-key and verify with the sender's public-key.

An issue with encrypting before signing is that the signature can always be replaced by an attacker since it is not encrypted. For a receiver who does not have, beforehand, the verifying key but obtains it from the message, the validation of integrity will be corrupt. An advantage however is that anyone *with the correct* verifying key can verify the message. Unless there is a special reason for verifying a message that cannot be decrypted, the encryption phase is often not necessary. Thus anyone will be able to verify integrity as well as interpret the message. An application of this is in digitally signed academic result transcript.

An advantage of signing before encrypting is that the receiver does not need to know the verifying key beforehand, as it will be obtained from the message. In signing before encrypting, one could have taken the act of signing as merely doing specific additions to the message being encrypted. However this poses the risk of letting a third party, who knows what the additions are, to know portions of the encrypted message, making it easier to crack the decryption. Therefore actual digital signature is required.

(*Warning: you may not have the Right to Privacy to do this!*)

Many software implement secret-key cryptography. The secret-key is obtained as what is commonly known as **password**. If one such software is to be used by two parties for secure communication then they will first need to have decided on the password. To achieve this they can use public-key cryptography as was previously described. To do this online the following steps can be done:

- Party A generates the key-pair, using the link: https://www.igolder.com/pgp/generate-key/
- A then publicly sends the public-key to party B.
- B chooses a password and puts it inside a message.
- B uses the public-key to encrypt the message, using the link: https://www.igolder.com/pgp/encryption/
- B then publicly sends the encrypted message to A.
- A uses the private-key to decrypt the message, using the link: https://www.igolder.com/pgp/decryption/
- A gets the password from the message.

The following are what the third party C may do, and therefore which the two parties A and B must ensure to avoid:

- Compromise the encryption tool, such that it is not properly encrypting the message.
- Compromise the encryption or decryption tool that uses the secret-key, so that traces of the key are exposed.
- Get hold of the secret-key while it is being entered, for example through keystroke logging.
- Crack the decryption method by exploiting a flaw in it. This is of course the most difficult to do.

Of course if the two parties A and B forget the secret-key then they become as good as the third party C.