Not the number theory — how to use cryptography correctly and how it fails. Hashing and integrity, safe password storage, authenticated symmetric encryption, asymmetric keys and digital signatures, then TLS and PKI — certificates, chains of trust, the handshake — and running a certificate lifecycle with ACME, rotation, revocation, and mTLS.
Before you start
The golden rule of this course: never roll your own crypto— use vetted libraries. Examples use Python's cryptography library and OpenSSL. Pairs with the Authentication course.
Hashing & Integrity
A cryptographic hash is a one-way fingerprint of data. Learn what SHA-256 guarantees, what it does not, how to verify integrity, and why HMAC — not a bare hash — proves a message is authentic.
Storing Passwords Safely
Never store passwords, and never hash them with SHA-256. Use a slow, salted password hash — bcrypt or Argon2 — designed to resist cracking. Learn why, and how to do it and verify correctly.
Symmetric Encryption
Symmetric encryption protects confidentiality with one shared key. Use authenticated encryption (AES-GCM) so data is both secret and tamper-evident, and handle nonces and keys correctly — the parts that actually break.
Asymmetric Keys & Signatures
Public-key crypto uses a key pair: share the public key, keep the private key secret. It solves key exchange and enables digital signatures — the basis of TLS, code signing, and JWTs.
TLS & Public Key Infrastructure
A certificate binds a public key to a verified identity, and a chain of trust up to a root CA is what makes HTTPS trustworthy. Understand the TLS handshake and issue your own certificate with a local CA.
Certificate Lifecycle & mTLS
Certificates expire — an expired cert is a self-inflicted outage. Automate issuance and renewal with ACME, plan for revocation and rotation, and use mutual TLS so services authenticate each other.