Part 2 Cryptography Foundations

 

This part of the book is a practical introduction to cryptography for application developers. Computer security is built on a foundation of cryptographic algorithms that form the building blocks of higher-level protocols such as Transport Layer Security (TLS), OAuth2 OpenID Connect (OIDC) … etc. If you want to write code against security libraries that implement these protocols, you will need to understand the protocols. To understand the protocols, you will need to understand the following cryptography primitives:

  • Cryptographic hash function
  • Message Authentication Code (MAC)
  • Hashed Message Authentication Code (HMAC)
  • Symmetric Key Encryption
  • Authenticated Encryption
  • Authenticated Encryption with Associated Data (AEAD)
  • Public key encryption
  • Key exchange protocol

You will learn the cryptography concepts in the list above through sample applications that make use of the following algorithms and industry standards:

  • Standard Hash Algorithm (SHA-2, SHA-3)
  • Advanced Encryption Standard (AES)
  • RSA public key crypto systems
  • Elliptic Curve Cryptography (ECC) crypto system
  • Diffie-Helman Key Exchange using ECC cryptography
  • JSON Object Signing and Encryption (JOSE) suite of standards
    • JSON Web Algorithm (JWA)
    • JSON Web Key (JWK)
    • JSON Web Signature (JWS)
    • JSON Web Encryption (JWE)
    • JSON Web Token (JWT)