Cryptography is a subject that I personally find fascinating. It really is one of the mathematical branches of computer science that really does seem to have a sense of magic to it. But this “magic” normally comes at a price, and that is the need for some really heavy duty mathematics. This normally puts people off, including myself as I am no math genius.
Lots of cryptography books are very heavy on the math and theoretical aspects of encryption, like Applied Cryptography by Bruce Schneier, which is great if you want to delve that deep, but most people including software developers just need to understand at a higher level how the algorithms work and how best to apply them in real life. That is where this book, Everyday Cryptography: Fundamental Principles and Applications by Keith M. Martin, comes in. The book is structured as follows :
- Part 1 : Setting the Scene
- Basic Principles
- Historical Cryptosystems
- Theoretical versus Practical Security
- Part 2 : The Cryptographic Toolkit
- Symmetric Encryption
- Public-Key Encryption
- Data Integrity
- Digital Signature Schemes
- Entity Authentication
- Cryptographic Protocols
- Part 3 : Key Management
- Key Management
- Public-Key Management
- Part 4 : Applications
- Cryptographic Applications
- Cryptography on the Internet
- Cryptography for wireless local area networks
- Cryptography for secure payment card transactions
- Cryptography for video broadcast
- Cryptography for identity cards
- Cryptography for home users
- Closing Remarks
- Mathematics Appendix
Part 1, covers a bit of history about cryptography and gets you ready for the rest of the book.
Part 2 talks about the standard tools available to you today for securing your applications and systems. It is important to use standard algorithms in practice as they will have be subjected to rigorous testing by private industry, academia, and governments around the world. This section of the book does go in to quite a lot of detail on how the algorithms work, but you don’t need to fully understand the finer details unless you really want too.
Part 3 covers one of the harder aspects of practical cryptography, and that is of key management. Most algorithms are only as secure as the protection of the encryption key. If that key gets into the wrong hands, the your encrypted data is exposed. Key management is the toughest and normally the most expensive part of cryptography to solve for an organisation.
Part 4 talks about different use cases of cryptography for solving specific problems. All the sections of the book previously are preparing you for this section and it is a great read. This section really goes to show you how hard application security can be.
The book ends with a mathematical appendix that covers all the math needed to understand how the encryption algorithms work in the first sections of the book. If you really are interested in how the math works, then this appendix will help you. If you are not interested in that level of detail, then you can skip this part.
I really do recommend this book. I think it is such a good book I have actually read it twice. I re-read it recently as I am currently doing a lot of work around PCI-DSS card tokensation, and some of the concepts in this book around hybrid encryption really helped me, so if you are embarking on a project that has heavy security requirements, and most enterprise applications these days do, then I recommend buying and studying this book.