PublicKey Cryptography
From Proprofs
You are here: Home > Schools > Comptia > Security+ Certification > Wiki Home > Study Guide


Contents 
[edit section] Public Key Cryptography
Public Key Cryptography is a widelyapplied form of cryptography commonly utilized in many network transactions. The Security+ exam will test you on your both your understanding of how public key systems work as well as your ability to discern between different types of public key algorithms. The exam will also cover PKI, or publickey infrastructure.
[edit section] The workings of Public Key Cryptography
Unlike private key systems, in which two communicating users share a secret key for encryption and decryption, public key systems utilize widelyavailable and unique “public keys,” as well as “private keys,” to securely transmit confidential data.
Here’s how a public key transaction works: Assume we have two users, Pat and Jill, and that Pat wishes to send Jill a secret love note. Pat encrypts the love note using Jill’s public key. The message is sent via email to Jill. Jill then can read the message by decrypting the message with her private key. Note that in order for this transaction to take place, only Jill has to know her private key. This is the beauty of a public key (or asymmetric) system. Through this transaction, known as secure message format, the confidentiality of the message is assured: only Jill can read it!
Publickey cryptography can also be applied to validate the authenticity of a message. In this formulation, Pat would send Jill a message using his private key (therefore encrypting the message). To read the message, Jill would use Pat’s public key. In doing so, Jill has affirmed that the message was in fact sent by Pat. This is known as open message format.
In order to ensure both information authenticity and confidentiality, signed and secure message format may be employed. Extending the love note example, Pat would first encrypt the message with Jill’s public key and then encrypt that encrypted message with his own private key. When the message is sent to Jill, she can use Pat’s public key to verify the message was indeed from Pat. But the message is still encrypted! To overcome this, she can use her own private key to decrypt the message.
[edit section] Public Key Protocols
 RSA is an asymmetric key transport protocol that can be used to transmit private keys between hosts. The algorithm utilizes large prime numbers for effectiveness. The process can be explained very simply – Pat encrypts the private key with Jill’s public key, and Jill decrypts the message with her private key to reveal the private key.
 DiffieHellman is a key agreement protocol that can be used to exchange keys. It uses logarithms to ensure security in the algorithm. In the DiffieHellman operation, Pat and Jill each use their own private keys with the public key of the other person to create a shared secret key. Note that DiffieHellman is vulnerable to maninthemiddle attacks.
 El Gamal is an extension of DiffieHellman that includes encryption and digital signatures.
[edit section] Message Digesting
A message digest is something of an unreadable, condensed version of a message. More specifically, a message digest utilizes a oneway hash function to calculate a setlength version of a message that cannot be deciphered into clear text. Message digests are usually employed in situations in which it would be undesirable to be able to decrypt the message. One such application is in modern username/password systems, in which the password is stored using a hash function or digest. After the password has been hashed, it cannot be unhashed. When a user attempts to login with a password, the password he types is also hashed so that the two hashes (rather than the two passwords) are compared against each other. Note that the hash assumes that a hashed value cannot be deciphered and that no two messages will produce the same hash.
[edit section] Hashing Protocols
 MD5 is the most commonlyused hash protocol and uses a 128bit digest. It is very fast in hashing a message and is also opensource.
 SHA1 is a more secure implementation of a hashing protocol that uses a 160bit digest and “pads” a message to create a more difficulttodecipher hash.
[edit section] Quick Review
1. Which of the following ensures message confidentiality, but not authenticity?
a. Secure message format
b. Open message format
c. Signed and secure message format
d. Symmetric cryptography
2. Which of the following is not an asymmetric protocol?
a. DiffieHellman
b. El Gamal
c. 3DES
d. RSA
3. Why is a hash more difficult to decipher than a standard encryption protocol?
a. It is a oneway function
b. It uses strong encryption techniques
c. It uses large prime numbers
d. It uses discrete logarithms
[edit section] Answers
1. Secure message format works by encrypting a message with the public key of the intended recipient, ensuring confidentiality but not integrity. The answer is A.
2. 3DES is the only listed protocol that does not utilize a public key system. The answer is C.
3. Because a hash is a oneway function, the only way to decipher it is to try a large number of hashes of cleartext until one matches the original hash. The answer is A.
Top 5 Contributors to this article
