Public Key Infrastructure - CompTIA Security+ Sy0-701 - 1.4
Public Key Infrastructure and Cryptography Overview
Understanding Public Key Infrastructure (PKI)
- PKI refers to the policies, procedures, hardware, and software involved in managing digital certificates.
- It encompasses creating, distributing, managing, storing, revoking digital certificates essential for secure communications.
- Even small companies require significant planning regarding encryption methods and certificate management.
- The term PKI is often associated with Certificate Authorities (CAs), which help establish trust in users or devices.
Symmetric vs Asymmetric Encryption
Symmetric Encryption
- Symmetric encryption uses a single secret key for both encryption and decryption processes.
- This method can be visualized as a secured suitcase containing the key that only authorized individuals can access.
- Sharing the symmetric key among multiple users leads to scalability issues as the number of users increases.
- Despite its challenges, symmetric encryption remains popular due to its speed and low overhead compared to asymmetric encryption.
Asymmetric Encryption
- Asymmetric encryption employs two mathematically related keys: a public key for encryption and a private key for decryption.
- The private key is kept secret by one individual or device while the public key is available for anyone to use.
- Data encrypted with the public key can only be decrypted using the corresponding private key, ensuring security even if others have access to the public key.
- The mathematical relationship between keys prevents deriving one from another, enhancing security in asymmetric cryptography.
Key Generation Process
Creating Public and Private Keys
- Generating a public-private key pair involves randomization and large prime numbers through cryptographic algorithms.
- This process typically occurs once at the beginning of using asymmetric cryptography; thereafter, users maintain their keys securely.
Understanding Asymmetric Encryption
The Process of Sending an Encrypted Message
- Bob wants to send Alice an encrypted message, starting with the plaintext "Hello, Alice." He uses Alice's public key, which is accessible to anyone.
- Using asymmetric encryption software, Bob creates ciphertext from the plaintext and Alice's public key. This ciphertext can be sent to Alice and viewed by anyone without revealing the original message.
- Only Alice can decrypt the ciphertext using her private key, restoring it back to the original plaintext. The decrypted message matches what Bob initially sent.
Key Management in Asymmetric Encryption
- Individuals manage their own public and private key pairs; they use their private keys for decryption whenever needed.
- In larger environments with many users, managing numerous public/private key pairs becomes complex. Solutions include third-party management or local storage of keys for future access.
Implications of Key Management
- Organizations may need access to encrypted data even after a user leaves. Proper key management ensures that data remains accessible despite personnel changes.