CyberPathCompTIA Security+ Study Guide1.4 Cryptographic Solutions

Domain 1

1.4 Cryptographic Solutions

Explain the importance of using appropriate cryptographic solutions.

0% Complete

1

1.4.1 Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI) is the framework of technology, policies, and procedures used to create, distribute, store, and revoke digital certificates and manage public-key encryption.

Asymmetric Cryptography Fundamentals PKI is built on asymmetric encryption, which uses a mathematically related key pair to deliver security services. - Key pairs: a public key shared openly with anyone, and a private key kept strictly secret by the owner. - Directional property: data encrypted with the public key can only be decrypted by the matching private key, and vice versa. - Scalability: each user needs only one key pair to talk to anyone, while symmetric encryption needs N(N-1)/2 keys for N users. - Key exchange: PKI solves the key-distribution problem — public keys can travel over insecure channels like the Internet without exposing the private key.

Core PKI Operations PKI supports three goals through specific key-usage patterns: - Confidentiality: the sender encrypts with the recipient's public key; only the recipient's private key can decrypt it. - Digital signatures: the sender encrypts a hash of the message with their own private key, giving non-repudiation (they cannot deny sending it) and integrity (the message has not changed). - Authentication: the recipient verifies a signature with the sender's public key, confirming the sender's identity.

Digital Certificates and Trust To stop an attacker from substituting a bogus public key, PKI binds keys to identities with certificates. - Certificate Authority (CA): the trusted third party that issues and signs certificates, binding a public key to a verified identity. - Trust anchor: the Root CA certificate that all other certificates ultimately chain back to. - Validation: when a browser opens an HTTPS site, it checks that the server's certificate was signed by a trusted CA and belongs to the legitimate owner.

Quick recall - Encrypt for secrecy → use the recipient's public key. - Sign for identity → use the sender's private key. - Decrypt → use your own private key. - Verify a signature → use the sender's public key. - Digital signature → provides authentication, integrity, and non-repudiation. - Scalability → asymmetric beats symmetric for large groups because it avoids the N(N-1)/2 key-management overhead.

2

1.4.2 Encryption

Levels, transport, symmetric vs asymmetric.

3

1.4.3 Cryptographic Tools

TPM, HSM, KMS, secure enclave.

4

1.4.4 Obfuscation

Steganography, tokenization, data masking.

5

1.4.5 Hashing, Salting & Signatures

6

1.4.6 Key Stretching & Blockchain

7

1.4.7 Certificates

CA, CRL, OCSP, CSR, wildcard.