3.4: Cryptosystems

Question 1

On what is a private key cryptosystem based?

Answer 1

On a symmetric cryptographic algorithm.

Question 2

The primary characteristic of a private key cryptosystem

Answer 2

The necessity for both parties to possess a common encryption key that is used to encrypt and decrypt messages.

Question 3

The main challenge with the private key cryptographic

Answer 3

• Key exchange - which must occur over a secure channel. The exchange o the encrypted key mush happens before the message is transmitted
• Scalability - Private key cryptosystems require that each sender-receiver pair exchange an encryption key.

Question 4

Secure key exchange

Answer 4

Secure key exchange refers to methods used by two parties to securely establish a symmetric encryption key without actually transmitting the key over a channel.

Question 5

On what is a public key cryptosystem based?

Answer 5

Public key cryptosystems are based on asymmetric, or public key, cryptographic algorithms.

Question 6

The encryption keys used in public key cryptography

Answer 6

The encryption keys that are used in public key cryptography are called the public key and the private key; called key pair.

Question 7

symmetric encryption keys vs asymmetric encryption keys

Answer 7

• For symmetric - User must first establish and communicate symmetric encryption keys through a secure channel. After that, the same key is used for encryption and decryption

• For asymmetric encryption - No need to establish a secure channel to exchange key. Encryption uses one key, and decryption uses another key.
• Public key cryptography also supports encryption of a message with more than one user’s public key.

Question 8

Handling of keys in asymmetric encryption keys

Answer 8

A public key can be shared or posted online

A private key is not shared. It should be kept secret.

Question 9

What can Public key cryptography achieve

Answer 9

• To protect the confidentiality of the message
• To verify the integrity and authenticity of the message

Public key cryptography can be used to both encrypt and digitally sign a message, which will guarantee its confidentiality as well as its authenticity.

Question 10

Vulnerabilities of public keys

Answer 10

It is possible for a fraudster to claim the identity of another person and even publish a public key that claims the identity of that person.

Question 11

Method for verifying a public key

Answer 11

• Certificate authority
• E-mail address - user’s email address
• Directory infrastructure - Microsoft Active Directory
• Key fingerprint

Question 12

Hashing

Answer 12

Hashing is the process of applying a cryptographic algorithm on a block of information that results in a compact, fixed-length “digest.”

Question 13

Purpose of hashing

Answer 13

The purpose of hashing is to provide a unique “fingerprint” for the message or file—even if the file is very large.

Question 14

A message digest

Answer 14

A message digest, called has is a fixed size numeric representation of the contents of a message, computed by a hash function. A message digest can be encrypted, forming a digital signature.

Question 15

Digital Signatures

Answer 15

A digital signature is a cryptographic operation where a sender “seals” a message or file using his identity.

A digital signature is using asymmetric cryptography, in reverse order.

Question 16

The purpose of a digital signature

Answer 16

The purpose of a digital signature is to authenticate a message and to guarantee its integrity.

Question 17

Symmetric and asymmetric cryptography

Answer 17

Symmetric cryptography - Private Key

Asymmetric cryptography - Public key

Question 18

A digital envelope

Answer 18

A secure electronic data container that is used to protect a message through encryption and data authentication.

Question 19

How a digital envelope works

Answer 19

A digital envelope uses two layers for encryption: Secret (symmetric) key and public key encryption. Secret key encryption is used for message encoding and decoding. Public key encryption is used to send a secret key to a receiving party over a network

Question 20

How to decrypt a digital envelope

Answer 20

A digital envelope may be decrypted by using a receiver’s private key to decrypt a secret key, or by using a secret key to decrypt encrypted data

Question 21

Public key infrastructure (PKI)

Answer 21

Public key infrastructure (PKI) distributes digital certificates.
A PKI is a centralized function that is used to store and publish public keys and other information.

Question 22

Certificate authority (CA)

Answer 22

A CA is a business entity that issues digital certificates and publishes them in the PKI.

The primary role of the CA is to digitally sign and publish the public key bound to a given user.

A public key that has been obtained from a trusted, reputable certificate authority can be considered genuine.

Question 23

Registration authority

Answer 23

Take the burden off of a CA by handling verification when a request for a new digital certificate is made.

Question 24

Certificate Revocation List

Answer 24

A CRL is an electronic list of digital certificates that have been revoked prior to their expiration date.

Question 25

Certification Pratice Statement

Answer 25

This is a published statement that describes the practices used by the CA to issue and manage digital certificates. This helps determine the relative strength and validity of digital certificates that are issued by the CA.

Question 26

X.509

Answer 26

International standard for the format and information contained in a digital certificate.
X.509 is the most used type of digital certificate in the world.

Question 27

Encryption Key Management

Answer 27

• Key generation

* Key Protection

Question 28

What is a Key compromise

Answer 28

A key compromise is any event where a private encryption key has been disclosed to any unauthorized third party.

Question 29

Key encrypting Keys

Answer 29

Use of encryption to protect the encryption key.

Question 30

Key Custody

Answer 30

refers to the policies, processes, and procedures regarding the management of keys.

Question 31

Key rotation

Answer 31

Key rotation is the process of issuing a new encryption key and re-encrypting data protected with the new key.

Question 32

When can key rotation occur?

Answer 32

• If Key is comprmised
• If key is expired
• in case of rotation of staff

Question 33

Encryption application - SSL/TLS

Answer 33

The encryption protocols used to encrypt web pages requested with HTTPS protocol.

SSL/TLS uses public key encryption, private key encryption, and hash function.

Question 34

Weaknesses of SSL/TLC

Answer 34

All versions of SSL and the early version of TLS are now considered deprecated, and should no longer be used.

Question 35

Encryption application: S-HTTP

Answer 35

S-HTTP also provides encryption of web pages between web servers and web browsers.

The main difference between HTTPS and S-HTTP is that HTTPS secures the entire channel, regardless of the data that is transmitted through it. S-HTTP protects only individual pieces of data or messages.

Question 36

Secure Shell (SSH)

Answer 36

Secure Shell is a multipurpose protocol that is used to create a secure channel between two systems.

Question 37

Internet Protocol Security (IPsec)

Answer 37

IPsec is a protocol used to create a secure, authenticated channel between two systems. IPsec operates at the Internet layer in the TCP/IP protocol suite;

Question 38

Secure Multipurpose Internet Mail Extensions (S/MIME)

Answer 38

S/MIME is an e-mail security protocol that provides sender and recipient authentication and encryption of message content and attachments. S/MIME is most often used for encryption of e-mail messages.