Cryptography

Question 1

Cipher text

Answer 1

encrypted text that you cannot read

Question 2

Encryption/Decryption Algorithm

Answer 2

the process of encrypting/decrypting plain text to cipher text

Question 3

Symmetric Algorithm

Answer 3

uses the same key to encrypt and decrypt

Question 4

Asymmetric Algorithm

Answer 4

one key for encryption, and another key for decryption

Question 5

Data Encryption Standard (DES)

Answer 5

key size 56 bit - symmetric algorithm

Question 6

Triple DES

Answer 6

same as DES but using it 3 times to make the algorithm more secure

Question 7

Advanced Encryption Standard (AES)

Answer 7

key size 128 bit - symmetric

Question 8

RSA (Rivest-Shamir-Adleman)

Answer 8

asymmetric cryptographic algorithm with a key size 1024, 2048, 3072, 4096

Question 9

Why not use Asymmetric Algorithm for everything instead of Symmetric?

Answer 9

the resources that you need to handle asymmetric keys is much more (CPU pwer). The speed for asymmetric algorithm is much slower than symmetric algorithm

Question 10

Hash Algorithm

Answer 10

a one-way algorithm (once you encrypt your message you can not decrypt it)

Question 11

What is a Digest or Digital Fingerprint?

Answer 11

the result of a hashing algorithm. Also can be called a hash file.

Question 12

What is the purpose of hashing?

Answer 12

just for the integrity of the message

Question 13

What are some common hash algorithms?

Answer 13

MD5, SHA, SHA-2, RIPEMD

Question 14

Hashed Message Authentication Code (HMAC)

Answer 14

cryptographic authentication technique that uses a hash function and a secret key. verify that data is correct and authentic with shared secrets.

Works by first sharing a private key. Then, generating a hash of the private key and message/file together as one hash. Then, sending it to end user. End user then hashes that file with their shared private key included, and compares that hash to the hash that the sender sent.

Question 15

Digital Signature

Answer 15

hashing the message and then encrypting the hash using a private key and providing the end user with the public key so that they can decrypt the hash and rehash the message to compare with the sender hash.

Question 16

What is the difference between a Digital Signature and HMAC?

Answer 16

HMAC uses symmetric encryption and a Digital Signature uses asymmetric encryption

Question 17

Certificate Authority (CA)

Answer 17

3rd party that provides certificates to users to confirm that they are actually them. they also keep track of the status and can revoke the digital certificate

Question 18

Intermediate Certificate Authority

Answer 18

certificate authorities that are placed between a root CA to issue certificates on its behalf. The intermediate CA is also responsible for verifying the identity of the entity requesting the certificate and issuing the certificate.

Question 19

How does a Digital Certificate work?

Answer 19

user generates a public-private key pair, creates a Certificate Signing Request (CSR) which contains their public key and other identifying information. The user sends the CSR to the CA which then verifies the user’s identity and encrypts the CSR with its private key to create a digital certificate (which contains the user’s public key and additional info about the user and the CA). The CA then sends the signed digital certificate back to the user.

Question 20

How does a server or user verify a Digital Certificate?

Answer 20

by checking its validity, the CA’s signature, and ensuring the CA is trusted. Then extracting the public key from the CA and use it to decrypt the hash that was encrypted in the digital certificate. then compare the hash with the hash that was received earlier.

Question 21

Registration Authority (RA)

Answer 21

subordinate entities that are designed to handle some intermediate CAs tasks such as : identify and authenticate requesters, and then passes it to intermediate CAs.

Question 22

Certificate Repository (CR)

Answer 22

Publicly accessible centralized database of digital certificates. Can be used to view certificate status

Question 23

What are the 2 types of certificate revocation technologies?

Answer 23

Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP)

Question 24

Certificate Revocation List (CRL)

Answer 24

a list of revoked digital certificates that is maintained by the CA. It contains a list of revoked certificates along with their serial numbers and other relevant information.

Question 25

Online Certificate Status Protocol (OCSP)

Answer 25

a protocol that allows the user to query the CA directly for the status of a certificate. It provides real-time responses and can quickly determine whether a certificate is valid or not. When a user requests the status of a certificate, the OCSP responder sends a signed response indicating the certificate’s status.

Question 26

Domain Digital Certificate

Answer 26

also know as an SSL/TLS certificate, is a digital certificate used to establish a secure connection between a web server and a client.

Question 27

What are the different types of Domain Digital Certificates?

Answer 27

Domain Validation - verify the domain ownership and encrypt the connection between a website and its visitors.

Extended Validation - provide the highest level of security by validating the legal, physical, and operational existence of the website owner.

Wildcard - secure a domain and its subdomains with a single certificate, allowing for cost savings and simplified certificate management.

Subject Alternative Names (SAN) - secure multiple domains or subdomains with a single certificate, making them ideal for multi-domain environments.

Question 28

Public Key Infrastructure (PKI)

Answer 28

a system of hardware, software, policies, and procedures that allows entities (such as individuals, organizations, or devices) to securely exchange digital information over the internet.

Question 29

Hierarchical Trust Model

Answer 29

where you can trust the digital certificate because it is issued by a root CA that certified the intermediate CAs who certified the leaf CAs who issued the certificate.

Question 30

Distributed Trust Model

Answer 30

trust is distributed across multiple parties, which collaborate to verify the authenticity of digital certificates and establish trust in the public keys associated with them. For example, in a distributed trust model like PGP, each user can choose who they trust based on their own criteria, rather than relying on a central authority.

Question 31

Bridge (Hybrid) Trust Model

Answer 31

multiple hierarchical trust models are linked together through a series of bridge CAs, which act as intermediaries between the different trust domains. allow different organizations or communities with their own PKI hierarchies to establish trust relationships with each other. The bridge CAs act as trusted intermediaries, issuing cross-certificates that allow entities in one hierarchy to trust entities in another hierarchy.

Question 32

Certificate Policy (CP)

Answer 32

a document that defines the rules, procedures, and standards for issuing and managing digital certificates within a Public Key Infrastructure (PKI).

Question 33

Certificate Practice Statement (CPS)

Answer 33

a document that describes the detailed procedures and practices for implementing the policies defined in the Certificate Policy (CP) within a Public Key Infrastructure (PKI). While a Certificate Policy defines the general rules and requirements for issuing and managing digital certificates, the Certificate Practice Statement provides more detailed information about the specific practices and procedures that are used to implement the policy

Question 34

What is the certificate life cycle?

Answer 34

Certificate generation
Certificate distribution
Certificate validation
Certificate usage
Certificate renewal
Certificate revocation
Certificate expiration

Question 35

Diffie-Hellman key exchange

Answer 35

allows two parties to agree on a shared secret key over an insecure communication channel by generating and exchanging different random numbers and using a shared prime number. The shared secret key is derived using modular exponentiation, which ensures that both parties will end up with the same key.