Your supervisor asks you to configure a local CA to help secure digital communications.
Which of the following best describes what your company is most likely implementing? (Select the best answer.)
- a PKI
- symmetric encryption
- asymmetric encryption
- a oneway hash algorithm
Of the available choices, your company is most likely implementing a public key infrastructure (PKI) if you have been asked to configure a local certificate authority (CA) to help secure digital communications. A PKI enables encrypted communication by using a combination of a public and a private key pair. A certificate is bound to a user’s public key, which is the key that is made available to anyone who wishes to send a message to the owner of the key pair. The private key is a secret key that is not shared. If a private key becomes compromised or is no longer needed, the associated CA should be notified immediately so that the certificate revocation list (CRL) can be updated. Certificates typically contain information, such as the owner’s name and contact information, the public key, the key validity period, the digital signature of the certificate, and the location where the CRL can be retrieved.
Although asymmetric encryption is used in a PKI infrastructure, in this scenario you are more specifically implementing a PKI. DiffieHellman (DH), Elliptical Curve Cryptography (ECC), and RSA are asymmetric algorithms. DH is an asymmetric key exchange method. ECC and RSA are asymmetric encryption algorithms. Asymmetric encryption, also known as public key encryption, uses a public key to encrypt data and a different, yet mathematically related, private key to decrypt data. PKI uses a certificate authority to tie a public key to a user ID to further ensure the confidentiality of data. Asymmetric encryption algorithms use more complex mathematical functions than symmetric encryption algorithms. As a result, asymmetric encryption algorithms take longer to encrypt and decrypt data than symmetric encryption algorithms. Other examples of asymmetric encryption algorithms include Digital Signature Algorithm (DSA) and ElGamal.
Your company is not implementing symmetric encryption. Advanced Encryption Standard (AES), RC4, and Triple Data Encryption Standard (3DES) are examples of symmetric encryption algorithms. When symmetric encryption algorithms are used, the same encryption key is used to encrypt and decrypt data. Two types of symmetric algorithms exist: block ciphers and stream ciphers. Block ciphers derive their name from the fact that they encrypt blocks of data. For example, AES encrypts 128bit blocks of data. By contrast, stream ciphers are typically faster than block ciphers because stream ciphers encrypt text of variable length depending on the size of the frame to be encrypted? stream ciphers are not limited to specific block sizes. For example, RC4, a stream cipher, can encrypt data in streams of 8 through 2,048 bits. Other examples of symmetric encryption algorithms include International Data Encryption Algorithm (IDEA), Skipjack, and Blowfish.Your company is not implementing a oneway hash algorithm. Oneway hash algorithms, such as Message Digest 5 (MD5) can be used to create checksums that represent every bit of data that is stored in a file. Future hashes created from the same file can then be compared to the original hash to determine whether anything has changed. Secure Hash Algorithm 1 (SHA1) is another hash algorithm that produces a fixedlength value that corresponds to the content being parsed.