Public Key Cryptography is a widely-applied form of cryptography commonly utilized in many network transactions. The Security+ exam will test you on your both your understanding of how public key systems work as well as your ability to discern between different types of public key algorithms. The exam will also cover PKI, or public-key infrastructure.
The workings of Public Key Cryptography
Unlike private key systems, in which two communicating users share a secret key for encryption and decryption, public key systemsutilize widely-available and unique “public keys,” as well as “private keys,” to securely transmit confidential data.
Here’s how a public key transaction works: Assume we have two users, Pat and Jill, and that Pat wishes to send Jill a secret love note. Pat encrypts the love note using Jill’s public key. The message is sent via email to Jill. Jill then can read the message by decrypting the message with her private key. Note that in order for this transaction to take place, only Jill has to know her private key. This is the beauty of a public key (or asymmetric) system. Through this transaction, known as secure message format, the confidentiality of the message is assured: only Jill can read it!
Public-key cryptography can also be applied to validate the authenticity of a message. In this formulation, Pat would send Jill a message using his private key (therefore encrypting the message). To read the message, Jill would use Pat’s public key. In doing so, Jill has affirmed that the message was in fact sent by Pat. This is known as open message format.
In order to ensure both information authenticity and confidentiality, signed and secure message format may be employed. Extending the love note example, Pat would first encrypt the message with Jill’s public key and then encrypt that encrypted message with his own private key. When the message is sent to Jill, she can use Pat’s public key to verify the message was indeed from Pat. But the message is still encrypted! To overcome this, she can use her own private key to decrypt the message.
Public Key Protocols
- RSA is an asymmetric key transport protocol that can be used to transmit private keys between hosts. The algorithm utilizes large prime numbers for effectiveness. The process can be explained very simply – Pat encrypts the private key with Jill’s public key, and Jill decrypts the message with her private key to reveal the private key.
- Diffie-Hellman is a key agreement protocol that can be used to exchange keys. It uses logarithms to ensure security in the algorithm. In the Diffie-Hellman operation, Pat and Jill each use their own private keys with the public key of the other person to create a shared secret key. Note that Diffie-Hellman is vulnerable to man-in-the-middle attacks.
- El Gamal is an extension of Diffie-Hellman that includes encryption and digital signatures.
A message digest is something of an unreadable, condensed version of a message. More specifically, a message digest utilizes a one-way hash function to calculate a set-length version of a message that cannot be deciphered into clear text. Message digests are usually employed in situations in which it would be undesirable to be able to decrypt the message. One such application is in modern username/password systems, in which the password is stored using a hash function or digest. After the password has been hashed,it cannot be un-hashed. When a user attempts to login with a password, the password he types is also hashed so that the two hashes (rather than the two passwords) are compared against each other. Note that the hash assumes that a hashed value cannot be deciphered and that no two messages will produce the same hash.
- MD5 is the most commonly-used hash protocol and uses a 128-bit digest. It is very fast in hashing a message and is also open-source.
- SHA-1 is a more secure implementation of a hashing protocol that uses a 160-bit digest and “pads” a message to create a more difficult-to-decipher hash.
**Source by wikipedia**
To Become Certified For CompTIA Security+ Please Visit This Link ;