This article is part of a series on the Python cryptography library.
If you are new to cryptography, you might be unfamiliar with some of the terms used. Here are some definitions.
Message - the information you want to encrypt, hash, sign etc. Historically (in pre-computer days) a message would usually have been text, but in computer cryptography a message is any file or block of byte data - text, image, video, executable file, etc.
Plaintext - this is a message in a form than can be read by anyone. As above, historically it would have been a text message (hence the name), but in computer cryptography it can be any byte data.
Ciphertext - this is a message in encrypted form. In text only encryption systems like the Caeser cipher or the Enigma machine, the resulting message looks like a random set of letters. In computer cryptography, the ciphertext will resemble random byte data, so even if the plaintext is an ASCII string the ciphertext will generally not be an ASCII string, it will contain byte values in the range 0 to 255.
In order to read ciphertext, it must be converted back into plaintext. This usually requires a secret key.
Key - a key is a block of data that is used to encrypt or decrypt data. It serves a similar function to a password, in that you need to know it to access the data. But a key is normally a fixed size block of byte data (typically 16 or 32 bytes, depending of the encryption algorithm), whereas a password is usually a variable string of human readable letters, numbers and punctuation symbols. Here is an example 32 byte (256 bit) key, in hex format:
There is nothing special about the actual value, it is completely random.
Key generation - for maximum security a key should be unguessable, which means it should be as random as possible. Key generation typically uses a secure random number generator to create a key.
A symmetric encryption algorithm accepts a key and some plaintext data and uses them to create the ciphertext:
In order to decrypt the the ciphertext, you need to use the same key. This retrieves the original plaintext:
So for example if Alice wanted to send Bob a secure message via email, she could encrypt the message using a secret key and send the ciphertext to Bob. When Bob received it, he could then decrypt it using the same key to retrieve the original plaintext. If someone else, Eve say, happens to intercept the ciphertext, she cannot read it because she doesn't know the key.
The main inconvenience with symmetric encryption is that Alice and Bob both need to know the key, but nobody else must know it. This means that they must have a secure we of exchanging the key - it cannot be sent with the message, of course, because then Eve would know it and could read the message. However, once Alice and Bob have agreed a key, they can use it many times to pass secret messages between themselves.
It is called symmetric encryption because the same key is used for both encryption and encryption. It is sometimes called private key encryption because the key must be kept private.
Typically, if you encode the same plaintext message, using the same key, it will always produce the same ciphertext. So if Alice sends the same message to Bob on several occasions, and Eve has access to the ciphertexts, then Eve will know that the same message has been sent each time. Even though Eve doesn't know exactly what the message means, she might be able to gain some information from it.
To avoid this, some encryption algorithms allow you to set an initialisation vector (IV). This is a small block of data, just like a key, that sets the initial state of the encryption algorithm. If Alice use a different IV then she will always generate a completely different ciphertext even if the plain text and key are the same. Eve will have no idea that they are the same message.
In order to decrypt the message. Bob will need to use the same IV. This means that Bob needs to know the key and the IV. Fortunately, the IV doesn't have to be kept secret, it just needs to be different every time. The IV is usually sent as part of the ciphertext, for example the Fernet system does that. Provided the key is kept secret, it doesn't matter if Eve knows the IV, it won't help her in any way.
Copyright (c) Axlesoft Ltd 2020