Encryption for confidential
Applications in a network
environment
Introduction ......................................................................................................................... 3
Symmetric Cryptography ................................................................................................. 3
Public Key Cryptography .................................................................................................. 3
Encryption Software ............................................................................................................ 4
AxCrypt ............................................................................................................................. 4
PGP ................................................................................................................................... 6
AES ................................................................................................................................... 8
The SubBytes step ........................................................................................................ 8
The ShiftRows step....................................................................................................... 8
The MixColumns step .................................................................................................. 8
The AddRoundKey step ................................................................................................ 9
How easy it AES to break? ......................................................................................... 10
RSA ................................................................................................................................. 10
Key Generation .......................................................................................................... 10
Encryption .................................................................................................................. 10
Decryption.................................................................................................................. 11
How easy is RSA to break? ............................................................................................. 11
Which program to choose ................................................................................................. 12
AxCrypt ........................................................................................................................... 12
Good points................................................................................................................ 12
Bad Points .................................................................................................................. 12
PGP ................................................................................................................................. 13
Good points................................................................................................................ 13
Bad Points .................................................................................................................. 13
References ......................................................................................................................... 14
Introduction
There are two main types of cryptography Symmetric and Public Key. In this paper I
am going to do some research into different free-ware programs that use these types of
cryptography. When I have found a list of a few of them I shall look into the algorithms that
they use. Then once I have all the facts I shall decide which program is the best and
recommend that one.
Symmetric Cryptography
This type of cryptography is also known as secret key cryptography. This type of
cryptography has been around for thousands of years. One of the first and simplest to crack
was the Caesar Cipher, in this all the letters in the alphabet were shifted three places so a
became D and b became E and so on, the key for this would be something like 3. It uses one
private key that the sender, Bob, and the intended receiver, Jane, both know. This means
that Bob can send an encrypted message over and unsecure network without the risk of a
listener being able to pick the information up and Jane is able to decrypt the message at the
other end. These keys are exactly the same. If Bob wants to know that he is actually talking
to Jane they can both select a number at random then Bob would send that number to Jane.
Jane will then use the key that they both agreed on, to encrypt that number and send it
back to Bob. Bob will then decrypt it so he now knows that he is talking to Jane. Jane then
does the same thing so she knows that she is talking to Bob. “Symmetric ciphers are now
usually implemented using block ciphers” Mactaggart M. (2001) Block ciphers convert a
fixed length block of plain text into cipher text of the same length. These ciphers include
DES, IDEA, Skipjack and Blowfish.
Public Key Cryptography
There is one major problem with symmetric cryptography and that is the distribution
of the keys in the first place and this can be difficult to overcome. To get around this
problem, in 1976, Whitfield Diffie and Martin Hellman came up with a completely different
system which they called Public Key Cryptography. Basically this is the idea behind it:
“An encryption method E is applied to the plaintext P giving E(P), the ciphertext.
A decryption method D can be applied to the ciphertext to yield the plaintext, thus:
P=D(E(P))
It is exceedingly difficult to deduce D from E.
E cannot be broken by any standard attack.” Minai A. (2009)
This turned out to not be strong enough to create a security system around it. There was
enough of an idea there that it was used for further work into this type of cryptographic
system.
What came out of this further research was the public key system we now know.
This is where there are two different keys, a key pair. The two keys are a public key, which is
used to encrypt the data, and a private key, which can only decrypt. The this works is

Each person/company involved creates their individual key pair.

The public key is the published into the world, normally on the internet, so all
communicating partners know where it is.

The private key on the other hand is kept within the companies system safe from the
outside world.

If company A wants to communicate with company B firstly A gets a hold of B’s
public key and uses that to encrypt the data. Then send it to B.

B then uses its own private key to decrypt and because the private key is secret this
is completely secure.
There are a few problems with this system though; the process is quite lengthy compared to
symmetric cryptography and there can be big problems with authenticating the public keys
or the keys being out of date/bogus. Because of all this the main use of this is the safe
distribution of secret keys for use in single key cryptography.
Encryption Software
There are three freeware encryption programs that use Symmetric or public key
cryptography; these are AxCrypt and PGP.
AxCrypt
At first look this program seems to be very easy to use. Once installed go to the file in
question, right click and select encrypt under the AxCrypt sub-menu:
It will then ask you to either enter a passphrase or use a key file; this key file is
automatically generated by AxCrypt and saved as a text file. To gain the full strength of
AxCrypt you will need to use the key file function to lock the encrypted file. Once the file is
encrypted double click the file and enter either the passphrase or key file to view the file.
You can also right click and decrypt entirely by clicking decrypt in the AxCrypt sub menu:
AxCrypt uses 128-bit AES for encryption.
The way that this program works is using symmetric cryptography because there is one
passphrase/key-file that encrypts and decrypts the data. To transfer this encrypted data you
can transfer the data over a network and when it gets to the required destination it can be
opened, so long as that computer has AxCrypt installed and they have the proper
passphrase/key-file. If they do not have the appropriate program then this message will
appear when the file is opened:
As you can see the AxCrypt program has attached a file extension .axx to the jpeg.
PGP
This is also an easy to use program. The only main difference between the two programs
is that PGP is more of a business type program. To use PGP install the program and go
through the setup up wizard selecting the appropriate settings you need, create a passphrase to be used to secure data after it has been encrypted and before it is decrypted. Also
when it is being setup you also create your own private and public key. The private key is
kept in your personal file on the computer/server and the public key is uploaded to the PGP
web server and it is filed under your personal email address.
https://keyserver2.pgp.com/vkd/GetWelcomeScreen.event this is the website to search for
the public key needed when decrypting data. When you go on to the website you are
greeted with:
You type in the name/email address/key id number and search for the public key
associated with it and download the key into your PGP directory:
Then from here you can encrypt data that you want to send to that person quickly and
easily using the right-click button on your mouse and select encrypt from the PGP desktop
selection in the menu. One of the other things that come with this program is the incredibly
useful PGP Shredder that is located on your desktop after you install. To use it just drag a file
into the icon and the PGP program will completely destroy the file so there is absolutely no
trace of the file afterwards. This is very useful when you have files on the computer that are
too private to get rid of using the recycle bin that comes with windows operating system.
This makes the entire process even more secure.
PGP desktop uses RSA (up to 4096-bit keys) for its Public Key Algorithms.
AES
AES (Advanced Encryption Standard) is the standard that was adopted by the U.S.
Government. It’s comprised of three block ciphers, AES-128, AES-192 and AES-256. These
have been adopted from the larger collection that was originally published as Rijndael. The
version used for AxCrypt is AES-128. All these ciphers have been studied and analysed extensively
and are now used worldwide, just like its predecessor DES (Data Encryption Standard).
AES is based on the design principle of Substitution Permutation network. It works quickly in
hardware and software. AES, unlike DES, does not use a Feistel network. It has a fixed block size of
128 bits and a key size of 128, 192 or 256 bits. It operates on a 4x4 array of bytes, which is called the
state. This is a specific number of repetitions of transformations the convert the plaintext into cipher
text, one of which is dependent on the encryption key. To convert back from cipher text to plaintext
AES just uses the same repetitions in reverse. There are four steps used to encrypt these are
The SubBytes step
The ShiftRows step
The MixColumns step
The AddRoundKey step
How easy it AES to break?
Up until May 2009 there were only side channel attacks that were successful, and
published on specific implementations. The U.S. government reviewed all of the AES finalists
and found that they were suitable for use within the government to protect classified
information. “The design and strength of all key lengths of the AES algorithm (i.e., 128, 192
and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET
information will require use of either the 192 or 256 key lengths. The implementation of AES
in products intended to protect national security systems and/or information must be
reviewed and certified by NSA prior to their acquisition and use." Lynn Hathaway (June
2003). This shows that AES is a very secure algorithm protocol.
RSA
RSA (Rivest, Shamir and Alderman) is a public-key algorithm. It was the original
algorithm suitable for signing and encryption. It was the first great leap in public-key
cryptography. It is widely used in e-commerce protocols, and it is believed to be secure
providing a long enough key is used and the use of up to date implementations.
The using RSA includes three steps.
Key Generation
The private and public keys are generated by
1. Choosing two distinct prime numbers, for the purpose of this call them A and B.
2. Create N by putting those two together, N=AB, N is the modulus for both keys.
3. Then φ(pq) = (p − 1)(q − 1).. (φ is Euler's totient function).
4. Choose a number, e, so that it is 1<e< φ(pq), also e and φ(pq) cannot share no divisible
apart from 1.
5. Create d (using modular arithmetic) to satisfy the congruence relation de ≡ 1.
The public key includes the modulus n and the public exponent e. The private key
includes the modulus n and the private exponent d, this has to be kept secret.
Encryption
Let’s say Katy and Brian would like to exchange information, Katy would create and
publish her public key (n,e). Brian wants to send message M to Katy. First Brian turns M into
an integer 0<m<n by using an agreed upon padding scheme. Then the cipher is created
using
This can be done easily using exponentiation by squaring. Brian then transmits c to Katy.
Decryption
Katy can then turn c back into m by using the private key exponent d using this
When finding m, Katy can recover M by reversing the padding scheme.
How easy is RSA to break?
This is two-key cryptography so it is possible for one of the encryption or decryption
functions which mean that whilst one of them can be very secure the other can be
venerable. When considering using RSA you cannot forget the “RSA problem”. This is
defined as the task of taking eth roots modulo a composite n: recovering a value m such
that c = me mod n, where (n,e) is an RSA public key and c is an RSA cipher text. Currently the
most promising approach to solving the RSA problem is to factor the modulus n. With the
ability to recover prime factors, an attacker can compute the secret exponent d from a
public key (n,e), then decrypt c using the standard procedure. To accomplish this, an
attacker factors n into p and q, and computes (p − 1) (q − 1) which allows the determination
of d from e. No polynomial-time method for factoring large integers on a classical computer
has yet been found, but it has not been proven that none exists. As of 2010, the largest
known number factored by a general-purpose factoring algorithm of 768 bits long, using
state of the art implementation. Normally RSA keys are 1024-2048 bits long; people believe
that the 1024-bit keys will become breakable in the near future. But most people believe
that a 4096-bit key would not be able to be broken in the foreseeable future. So RSA can be
very secure so long as the bit length is long enough. If it is 300-bit length it can be broken
easily using a personal computer, using software freely available. Keys of 512 are also
breakable using a bank of computers, several hundred, all working at the same time.
As PGP is using RSA (up to 4096-bit keys) this would be more than sufficient to keep data
secure, for the foreseeable future anyway.
Which program to choose
This is a very hard decision to make both programs have good points. So to give this
more of a finite ending, this is going to be suggested for a new, small, business that has
started up. It deals with very private information that has to be sent over the internet to
different companies.
So the drawback with both of the programs is that every person you want to get in
contact with have to have the same program to hand. So let’s take them one by one;
AxCrypt
Good points

This is an extremely simple to use program only needing three clicks, at most, to
either encrypt or decrypt a file.

It is completely free to use on any level of business.

Hardly takes up any space on computers.

In my opinion it would be very easy to get a complete computer novice to use it.

After a great amount of testing the American government, the most paranoid of
all governments, decided that it was a safe enough algorithm to protect
information all the way up to TOP SECRET level.

There have only been side channel attacks that have succeeded in breaking it.
Bad Points

Having to get all companies you trade information to, to have the same software.

The main difficulty with this type is that there is only one key to encrypt and
decrypt. So that would have to be traded face to face to keep it as safe as
possible.
PGP
Good points

This is a very professional, looking, piece of software able to do so many different
things from creating new files all the way to destroying them.

There is an actual company you can go to if you have any problems using the
product.

Because of its own popularity it is more likely to be in use already in other
companies.

There isn’t the need to physically exchange keys with the companies you need to
be in contact with, which is especially good if you are dealing with international
affairs.

The use of the PGP shredder to destroy sensitive documents.
Bad Points

To use the program you have to pay for a license.

To use it on more than one computer you need to pay even more money for the
right to do this

Because of its complicated look, training a computer novice to use the program
would take longer than expected. This is only my personal opinion from trying to
teach my Mum and my Grandma how to use any program on computers.
Final Decision
When I take all these points into appreciation I have to think about my own experience with
them both and if I was starting out my own business I would go for the AxCrypt solution, for
its free availability and complete ease of use. I would be able to get any company I’m
dealing with to use this software because it wouldn’t cost them anything to get it up and
running on their systems, even if they only had it working on one machine.
References
Mactaggart M. (2001) Introduction to cryptography, Part 2: Symmetric cryptography [Online]
Available from: http://www.ibm.com/developerworks/library/s-crypt02.html [Accessed
13/01/2010]
Minai A. (2009) Encryption – Public Key Systems, BSC Computing; Internet Security, CSY3023.
Northampton University, Fri 13th November.
Lynn Hathaway (June 2003). "National Policy on the Use of the Advanced Encryption
Standard (AES) to Protect National Security Systems and National Security
Information" (PDF). [Accessed 09/02/10]