Public Key Infrastructure and Encryption Methods

Questions and Answers

Which of the following is NOT a direct application of Public Key Infrastructure (PKI)?

• Securing encrypted communication between devices
• Authenticating the identity of a website or user
• Generating encryption keys for use with symmetric algorithms (correct)
• Verifying digital signatures on software downloads

In the context of asymmetric encryption, what is the primary function of the private key?

• Generating a public key that is mathematically linked to the private key
• Decrypting data that was encrypted using the corresponding public key (correct)
• Securing the private key by creating a digital signature
• Encrypting data that can only be decrypted by the corresponding public key

Why is symmetric encryption considered challenging to manage in situations with many individuals or devices?

• The same key is used for both encryption and decryption, requiring secure distribution to all parties (correct)
• Symmetric encryption is computationally expensive, making it impractical for large-scale use
• The symmetric key needs to be frequently changed to maintain security
• The public key can be used by anyone, making it difficult to ensure confidentiality

Which of the following is a true statement about public and private keys in asymmetric encryption?

The two keys are mathematically related but cannot be derived from each other (D)

What is the main purpose of using a Certificate Authority (CA) in the context of PKI?

To issue and verify digital certificates that bind an identity to a public key (D)

In a large organization, why is key management a crucial aspect of asymmetric encryption?

To prevent unauthorized individuals from accessing sensitive data using private keys (C)

Which of the following is NOT a common need for key management within a large organization?

Encrypting data with a private key to ensure only authorized individuals can decrypt it (A)

What is the primary difference between symmetric and asymmetric encryption?

Symmetric encryption uses a single key for both encryption and decryption, while asymmetric encryption uses two separate keys (B)

What is the purpose of third-party key escrow in a large organization?

To ensure that sensitive data can be decrypted if employees leave the company or lose their keys (D)

Which of the following scenarios best demonstrates the need for key management in an organization?

A former employee tries to access sensitive data after leaving the company (A)

Flashcards

Public Key Infrastructure (PKI)

A system that manages digital certificates for authentication and encryption.

Digital Certificates

Electronic documents that prove the ownership of a public key.

Certificate Authority (CA)

An entity that issues digital certificates and verifies identities.

Symmetric Encryption

Encryption that uses the same key for both encrypting and decrypting.

Asymmetric Encryption

Encryption using a pair of keys: a public key for encrypting and a private key for decrypting.

Key Pair

A set of two keys: one public and one private used in asymmetric encryption.

Public Key Generation

The process of creating public keys using randomization and cryptography.

Key Management

The administration of cryptographic keys in a cryptosystem.

Key Escrow

A security arrangement where a third party holds a user's private key.

Public Key Usage

The process of utilizing a public key to encrypt data.

Study Notes

Public Key Infrastructure (PKI)

• A set of policies, procedures, hardware, and software that manage digital certificates for authentication and encryption.
• Key aspects include creation, distribution, management, storage, and revocation of digital certificates.
• Real-world application: Establishes trust in online interactions by verifying user and device identities.
• Example: Linking a certificate to a person or device, often through a Certificate Authority (CA).

Symmetric Encryption

• Uses the same key for encryption and decryption.
• Analogy: A secret key locked in a briefcase attached to a security guard.
• Key characteristic: The key must be securely shared for decryption.
• Challenges: Secure key management and sharing become difficult with many users or devices.

Asymmetric Encryption

• Uses separate keys for encryption (public key) and decryption (private key).
• Key relationship: Public and private keys are mathematically linked but one cannot be derived from the other.
• Process: Keys created simultaneously.
  • Public key is accessible to everyone.
  • Private key is kept secret, accessible only to the owner.
• Security advantage: Data encrypted using the public key can only be decrypted by the corresponding private key.
• Uses: PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard).

Public Key Generation

• Method involves randomization, large prime numbers, and complex cryptography.
• Frequency: Typically performed once initially.

Encrypting and Decrypting with Public and Private Keys

• Example: Alice creates a public/private key pair.
  • Makes the public key available to everyone.
  • Bob uses Alice's public key to encrypt a message (ciphertext).
  • Alice uses her private key to decrypt the ciphertext back into the original message (plaintext).

Managing Public and Private Keys

• Individual user: Each user manages their own key pair.
• Large organizations: Managing keys for numerous users requires a system.
  • Third-party key escrow: Private keys stored and managed by a third party.
  • Key escrow: Private keys stored locally for future access.
• Common needs for key management: Decrypting data of departed employees, data decryption in collaborative projects involving multiple organizations.
• Controversy: Giving private keys to a third party for management is a potential security risk.
• Justification: May be necessary for maintaining data accessibility and uptime in organizations.