1-2 Oracle Fusion Middleware Reference for Oracle Security Developer Tools original text is present, its appearance changes into a form that is unintelligible if intercepted. The message recipient likewise uses a cryptographic tool to decrypt the ciphertext into its original readable format. Cryptography secures communications over a network such as the internet by providing: ■ Authentication, which assures the receiver that the information is coming from a trusted source. Authentication is commonly achieved through the use of a Message Authentication Code MAC , digital signature , and digital certificate . ■ Confidentiality, which ensures that only the intended receiver can read a message. Confidentiality is commonly attained through encryption. ■ Integrity, which ensures that the received message has not been altered from the original. Integrity is commonly ensured by using a cryptographic hash function. ■ Non-repudiation, which is a way to prove that a given sender actually sent a particular message. Non-repudiation is typically achieved through the use of digital signatures.

1.1.1 Types of Cryptographic Algorithms

The mathematical operations used to map between plaintext and ciphertext are identified by a cryptographic algorithm also known as a cipher. Cryptographic algorithms require the text to be mapped, and, at a minimum, require some value which controls the mapping process. This value is called a key . Essentially, there are three types of cryptographic algorithms which can be categorized by the number of keys used for encryption and decryption, and by their application and usage. The basic types of cryptographic algorithms are: ■ Symmetric Cryptographic Algorithms ■ Asymmetric Cryptographic Algorithms ■ Hash Functions Each type is optimized for certain applications. Hash functions are suited for ensuring data integrity. Symmetric cryptography is ideally suited for encrypting messages. Asymmetric cryptography is used for the secure exchange of keys, authentication, and non-repudiation. Asymmetric cryptography could also be used to encrypt messages, although this is rarely done. Symmetric cryptography operates about 1000 times faster, and is better suited for encryption than asymmetric cryptography.

1.1.1.1 Symmetric Cryptographic Algorithms

A symmetric cryptography algorithm also known as secret key cryptography uses a single key for both encryption and decryption. The sender uses the key to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key to decrypt the message and recover the plaintext. The key must be known to both the sender and receiver. The biggest problem with symmetric cryptography is the secure distribution of the key. Symmetric cryptography schemes are generally categorized as being either a block cipher or stream cipher . A block cipher encrypts one fixed-size block of data usually 64 bits at a time using the same key on each block. Some common block ciphers used today include Blowfish , AES , DES , and 3DES . Stream ciphers operate on a single bit at a time and implement some form of feedback mechanism so that the key is constantly changing. RC4 is an example of a stream cipher that is used for secure communications using the SSL protocol. Introduction to Oracle Security Developer Tools 1-3

1.1.1.2 Asymmetric Cryptographic Algorithms

An asymmetric cryptography algorithm also known as public key cryptography uses one key to encrypt the plaintext and another key to decrypt the ciphertext. It does not matter which key is applied first, but both keys are required for the process to work. In asymmetric cryptography, one of the keys is designated the public key and is made widely available. The other key is designated the private key and is never revealed to another party. To send messages under this scheme, the sender encrypts some information using the receiver’s public key. The receiver then decrypts the ciphertext using her private key. This method can also be used to prove who sent a message non-repudiation. The sender can encrypt some plaintext with her private key, and when the receiver decrypts the message with the sender’s public key, the receiver knows that the message was indeed sent by that sender. Some of the common asymmetric algorithms in use today are RSA , DSA , and Diffie-Hellman .

1.1.1.3 Hash Functions