Security

1

Mastering Cryptography in One Article

9 minute

“Good Enough” IoT Cryptography

Goal: Application, understanding, and ability to design solutions. No complex math, just essential concepts, parameters, and a checklist of pitfalls to avoid.

Essential Concepts

  • Confidentiality: Prevent unauthorized access (encryption)
  • Integrity: Prevent undetected modification (authentication)
  • Identity Non-repudiation: Who is in the conversation (signatures/certificates)
  • Symmetric Key: Same key for encryption/decryption (AES/ChaCha20-Poly1305)
  • Asymmetric Key: Private/Public keys (ECDSA/Ed25519, ECDH/X25519)
  • AEAD (Authenticated Encryption with Associated Data): Encryption + authentication in one go (GCM/CCM, ChaCha20-Poly1305)
  • MAC (Message Authentication Code): Authentication only (HMAC/AES-CMAC), no encryption
  • KDF (Key Derivation Function): Transform “raw secrets” (e.g., ECDH/X25519 shared secret) into “usable keys”
  • Key Formats: SPKI (public key)/PKCS8 (private key) containers, DER (binary)/PEM (text) encoding

Diagram

[A private key + B public key] --(ECDH/X25519)--> [Shared secret S]
[S] --(HKDF salt, info, L)--> [Symmetric key K]
[Message M, AAD] --(AEAD:K, nonce)--> [C || tag]
[M] --(HMAC/CMAC:K)--> [tag]
[M] --(Sign:Private Key)--> [signature]
  • AEAD output is always “ciphertext + tag”, verify tag before decryption
  • MAC/signature does not encrypt data
  • Shared secrets cannot be used directly as keys, must use KDF

Parameter Cheat Sheet (Length & Format)

  • Nonce/IV: GCM=12 bytes; ChaCha20-Poly1305=12 bytes; CCM=13 bytes (common); CBC=16 bytes
  • Key: AES=16/24/32 bytes; ChaCha20-Poly1305=32 bytes
  • Signature Encoding: ECDSA=DER or RAW(r||s 64 bytes); Ed25519=RAW
  • Public/Private Key Containers: SPKI (public key)/PKCS8 (private key), DER bytes can be converted to PEM text

When to Use What

  • Constrained devices/wireless protocols: AES-CCM (hardware accelerated) or ChaCha20-Poly1305 (software-friendly)
  • Web/general purpose: AES-GCM (Galois/Counter Mode) or ChaCha20-Poly1305
  • Integrity only: HMAC-SHA256 (Hash-based Message Authentication Code) or AES-CMAC
  • Firmware/long message signing: Ed25519 or ECDSA-P256
  • Session establishment: ECDH-P256 or X25519 β†’ HKDF β†’ AEAD

Attack/Defense Quick Cards

  • Never reuse AEAD nonce under the same key
  • CBC itself doesn’t authenticate, must “add MAC”, recommend switching to AEAD
  • Key exchange must include signatures to prevent man-in-the-middle attacks (MITM)

Quick Start

Quickly verify on CryptoBox web version:

Read More