Relying on the hard math

I don't know math.

Okay. I can figure out coordinates. I can bodge my way to changing an easing curve if I steal it somewhere first. I just can't read math notation, have very limited inherent understanding of mathematical theory and I think of systems as more bodied than theoretical.

I use math all the time. This is a fundamental thing in computers. We build abstractions to serve as useful tools and then people with less in-depth knowledge can use the application of theories to achieve actual results.

Cryptography is very much this. I couldn't math my way through RSA or ECDH. I know about the primes. I know factoring them is computationally expensive. I've tried a trivial Sieve of Eratosthenes due to reading The Code Book in my teens. But I don't spend time inside of cryptographic functions. I don't do the math. I use the abstraction.

Understanding the abstractions of symmetric (secret key) and asymmetric (public/private key) keeps paying off though so let's run through it.

Symmetric encryption is fairly straightforward. You use a key of values to scramble some data so that you need to key to unscramble it. Same key locks and unlocks. Symmetric. Useful to prevent accidental leaks of data or encrypting something going across a wire when you have some safe back-channel for sharing the keys. Erlang distribution for clustering uses a cookie. This is a secret key. If you have it you can join the cluster :)

Assymetric doesn't translate as easily to the real world. You have a private key. The private key can also produce a public key. If you scramble (encrypt) something with the private key the public key can be used to unscramble (decrypt) it. This is primarily practical for preventing snooping and verifying that the sender is who they say by virtue of having the private key.

This is commonly used for cryptographic signatures. You take a hash of the data, some metadata and you encrypt that with the private key. You include that when sending the message. This way you can be certain that the private key was involved in the message. Hashes are also a good topic for another time.

If you encrypt a message with the public key things get more interesting. This is a non-sensitive "key", that we can spread around because the only thing people can do with it is to encrypt things for us that we can decrypt with our private key. They can make messages only we can read.

This is the fundamental security we build everything on. Securing a webserver? The S in HTTPS was originally from SSL (since rebranded to TLS). But the Secure part comes from the web server having a certificate (public key) and keeping a secret (private key) so that only they can read the contents of your handshake. To "ensure" this is a "legit" website we also have CA's like LetsEncrypt or AWS or other megacorps generate the certificate, signing it as authentic.

Assymetric encryption has limits to how much data you can encrypt based on the key size. So TLS uses assymetric crypto for the handshake and then uses that secure exchange for pass a secret key. Now that key can be super secure (long) and will only be used for this connection. And that can be used to encrypt everything. Without even looking I bet there is a nonce counting up or something in there as well. Another topic for later.

So that's a server.

Securing the boot process? The fundamental protections of the hardware in an embedded system, data center server or consumer gaming console. Same thing. Gotta have a key somewhere. This is where you try to squirrel it away in secure hardware like a TPM, Secure Enclave or similarly branded piece of silicon. You want the private key to never exist in software. It can be there and be used to sign, encrypt and bootstrap connections. If it gets extracted it compromises the whole thing.

As TLS above should tell you. We build chains/trees and other linked structures, cryptographic abstractions on top of our primitive cryptographic tools. Andthese are as secure as we can make them but also quite fragile in terms of bad implementations or weak links.

That's enough from me. One neat trick is that hardware modules like a TPM or the Apple Secure Enclave TM can be used to secure your SSH-connections. Example for TPM and for Secure Enclave. I found this a good read on the Apple stuff. For work I've recently authenticated wired networks using an ATECC608A and PKCS11 over EAP-TLS. Same deal.

Do you grok cryptography? Do you use it? Has it fascinated you or passed you by as opaque? You can reach me on the Fediverse where I'm @lawik@fosstodon.org or by responding to this email to lars@underjord.io.

Thank you for reading. I appreciate it.