Info.

256-bit encryption

uses a 256-bit key to encrypt and decrypt data

symmetric key cryptography

Cipher Encoding Algorithm:

AES       # AES encryption (successor of DES)
IDEA      # IDEA encryption
3DES     #

openssl support ciphers

openssl ciphers -v

Difference between CBC and GCM mode

CBC: Cipher-Block-Chaining

GCM: Galois/Counter Mode

They both involve a block cipher and an XOR, but they use them in different ways.

In CBC mode

you encrypt a block of data by taking the current plaintext block and exclusive-oring that wth the previous ciphertext block (or IV), and then sending the result of that through the block cipher; the output of the block cipher is the ciphertext block.

In GCM mode

provides both privacy (encryption) and integrity. To provide encryption, GCM maintains a counter; for each block of data, it sends the current value of the counter through the block cipher. Then, it takes the output of the block cipher, and exclusive or's that with the plaintext to form the ciphertext.

ECDH, ECDHE, ECDSA, RSA, DH, DHE

DHE

Hellman key exchange

enables two systems to exchange a symmetric key securely without requiring a prior arrangements

S = (g^y)^x and (g^x)^y

S = secret

g is generator of some group

DH

always uses the same DH keys

ECDHE

elliptic curve diffie-hellman key exchange,

where DHE suites use normal diffie-hellman.

This exchange is signed with RSA, in the same way in both cases.

The main advantage of ECDHE is that it is significantly faster than DHE.

ECDSA

Elliptic Curve Digital Signature Algorithm

Used by Bitcoin to ensure that funds can only be spent by their rightful owners.

private key:
public key:
signature: A number that proves that a signing operation took place.

sweet32

https://sweet32.info/