Cryptography Policy

Cryptography

Cryptography is the practice of secure communication in the presence of third parties. It is used in a
variety of applications, including email, file sharing, and secure communications. Cryptography is a
mathematical science that uses mathematical algorithms to encode and decode data. These algorithms
are designed to ensure the security of the data and to prevent unauthorized access. Cryptography is
used to protect information from unauthorized access and to ensure the privacy of communications.

Cryptography is used in a variety of applications, including email, file sharing, and secure
communications. Cryptography is a mathematical science that uses mathematical algorithms to
encode and decode data. These algorithms are designed to ensure the security of the data and to
prevent unauthorized access. Cryptography is used to protect information from unauthorized access
and to ensure the privacy of communications.

Cryptographic Controls and Encryption Policy

Encryption and cryptographic controls are often seen as one of the key weapons in the security
arsenal, however, on its own it is not the “silver bullet” that solves every problem. Incorrect selection
of cryptographic technologies and techniques or the poor management of cryptographic material (e.g.,
keys and certificates) can create vulnerabilities themselves.

Encryption can slow processing and transmission of information down, so it is important to

understand all the risks and balance out the controls to an adequate level whilst also still meeting
performance goals.

A policy on the use of encryption can be a good place to identify the business requirements for when
encryption must be used and the standards that are to be implemented. Consideration must also be
given to the legal requirements around encryption.

A cryptographic control and encryption policy is a set of rules that helps you protect and manage your
organization’s cryptographic identifiers. Cryptographic identifiers are data tags that allow businesses
to store and share information. The documents that govern cryptographic control and encryption
policies should tell employees who must create, store, and destroy them. These documents should also
have rules for encryption, data use, and the deterrence of theft or misuse. Strong cryptographic
controls are necessary to keep data safe and secure. Without them, hackers can easily access your
systems and steal sensitive information.
Cryptographic control is a mechanism for controlling the use, generation, and management of
cryptography. The specific requirements/guidelines of each organization will determine adequate
controls. Some examples include defining who can generate keys, rules for secure key storage, and
audit trails for essential changes.

Cryptographic control is distinct from an encryption policy. Encryption policies specify the type of
encryption to be used, the conditions that necessitate the need to encrypt data, and the individuals in
charge of putting encryption controls in place.

Key Management

A good control describes how a policy on the use and protection of Cryptographic Keys should be
developed and implemented throughout their whole lifecycle. One of the most important aspects is
around the creation, distribution, changes, back up and storage of cryptographic key material through
to its end of life and destruction.

Management of key material is often the weakest point for encryption and attackers may seek to
attack this rather than the encryption itself. It is therefore important to have robust and secure
processes around it.

Benefits of Cryptography

In cryptography, a policy is a set of rules that determines how cryptographic keys are generated,
distributed, used, and managed. A good cryptographic policy can help to ensure the security of your
data and communications. Here are some benefits of having a cryptographic policy:

 Cryptographic policies can help to ensure the security of your data and communications.
 Cryptographic policies can help to protect your privacy.
 Cryptographic policies can help to prevent identity theft and fraud.
 Cryptographic policies can help to ensure the integrity of your data.
Cryptographic Devices

Cryptographic devices are physical devices used to perform cryptographic operations. Common
examples include security tokens, hardware security modules, and smartcards. Cryptographic devices
usually contain one or more cryptographic processors and often include additional features such as
tamper-resistant packaging, keypads, and displays. A hardware security module (HSM) is a
specialized cryptographic processor that provides cryptographic services to applications and secure
storage for private keys. Smartcards are credit card-sized devices that contain either a microprocessor
with internal memory or a memory chip with no processing capabilities. Smartcards can be used for
identification, authentication, and data storage. Common applications include access control, e-
commerce, and public key infrastructure (PKI).

Cryptographic devices usually operate in one of two modes:

 Fundamental mode, where the device does not have direct access to any host resources other
than power and clock signals; all input/output (I/O) must go through the application using the
device. In this mode, the device is considered tamper resistant.
 Non-Fundamental mode, where the device has direct access to some host resources; typically,
this means that it can perform direct I/O with a keyboard or display. This mode is considered
less tamper resistant than Fundamental mode.

Concepts of cryptography

To better understand how to use cryptography, it is important to know some concepts:

 cryptography: it is the science of writing in secret code so that only the sender and intended
recipient of a message can understand its content.
 encryption: it is the specific mechanism to convert usable information (known as plain text)
into a format that is useless if not decrypted.
 decryption: it is the specific mechanism to convert cyphertext to plain text.
 cryptographic key: it is a string of characters used with encryption and/or decryption
mechanisms to convert information from plain text to cyphertext or vice-versa.

Types of Cryptography

1. Symmetric Key Cryptography

Also known as Secret Key Cryptography, private key encryption encrypts data using a single
key that only the sender and receiver know. The secret key must be known by both the sender
 and the receiver but should not be sent across the channel; however, if the hacker obtains the
key, deciphering the message will be easier. When the sender and the receiver meet on the
handset, the key should be addressed. Although this is not an ideal method. Because the key
remains the same, it is simpler to deliver a message to a certain receiver. The data encryption
framework (DES Algorithm) is the most widely used symmetric key system.

2. Asymmetric key cryptography

Asymmetric key cryptography, also known as public-key cryptography, consists of two keys,
a private key, which is used by the receiver, and a public key, which is announced to the
public. Two different keys are used in this method to encrypt and decrypt the data. These two
distinct keys are mathematically linked. They are sold in pairs. The public key is accessible to
anyone, whereas the private key is only accessible to the person who generates these two
keys.