# Encryption - provides confidentiality - symmetric key: shared key - AES - faster, less scalable - key distribution is crucial - asymmetric crypto: pubkey+privkey - RSA factoring of primes - ECC discrete logorithm problem - slower, more secure # Hashing - provides integrity - one-way algorithm that creates a digest for input data - MD5, SHA-1, SHA-2 - `md5sum file_name` to generate md5 digest for target file - `sha512sum file_name` to generate SHA512 digest for target file # Digital Signature - provides non-repudiation - sending end: run a hash on data and encrypt with privkey to generate signature - receiving end: decrypt with pubkey and compare hashes # HTTPS - leverages TLS 1.3 - TLS 1.3 uses hybrid crypt: initiates session with asymmetric crypto and provides traffic with symmetric crypto during session - client validates server cert during TLS handshake - usually signed by a CA - may be self-signed but you get a warning page in web browser even though the traffic will be encrypted - server cert may be domain specific or a wildcard cert for `*.domain.com`