CompTIA Security+ Exam Notes

CompTIA Security+ Exam Notes
Let Us Help You Pass

Encryption methods Symmetric vs Asymmetric

Symmetric encryption uses the same key to encrypt and decrypt. Because this is a shared key, the keys have to be kept private. Symmetric Encryption is known as Private Key encryption. Remember, "YOU HAVE TO KEEP YOUR PRIVATES: PRIVATE".

With symmetric encryption, you do not want to send the key with the message, if the message were to be intercepted, they would have access to the key and be able to read (decrypt) the message.

The keys are exchanged out-of-band. For a secure exchange of symmetric keys, you would use some form of Diffie Hellman (DH, ECDHE, DHE).

Symmetric encryption uses less overhead than asymmetric encryption and decryption.

Stream ciphers and block ciphers are forms of symmetric encryption, The following are all symmetric encryptions:

Stream Cipher: 
RC4 (encrypts one bit at a time, used for audio & video streaming. WEP, WPA (TKIP), and SSL/TLS are built on RC4). Considered weak encryption and has been deprecated.

Block Ciphers:
DES: Data Encryption Standard - a symmetric block cipher that encrypts in 64-bit blocks. It uses a 56-bit key. 
Considered weak encryption and has been deprecated.

3DES: Triple-DES - uses 3 different keys to encrypt 3 different times. Encrypts in 64-bit blocks, easy upgrade from DES without changing hardware. Considered weak encryption and has been deprecated.

AES: Advanced Encryption Standard - encrypts data in 128-bit blocks. It has 3 different key sizes, 128-bit, 192-bit, and 256-bit. The most widely used encryption.

Blowfish: Encrypts in 64-bit blocks and uses key sizes between 32-bit and 64-bit.
Twofish: Encrypts data in 128-bit blocks and uses key sizes of 128-bit, 192-bit, or 256-bit.


IF THE ENCRYPTION IS A STREAM CIPHER OR BLOCK CIPHER, THEN IT IS SYMMETRIC ENCRYPTION:



Asymmetric encryption uses two different keys, a public key and a private key, which are mathematically paired to work together. Asymmetric encryption is commonly called "Public Key" encryption. You will need a Certificate Authority to use asymmetric encryption.

It only encrypts small bits of data. The data or message must be smaller than the asymmetric key. 

Only used to encrypt symmetric keys (used for encrypting data at rest, and encrypting the hashes (combined this creates the "Digitial Signature".


The Public Key is available to everyone, the Private Key is only available to you. Users are not to share their Private Key with anyone. My way of telling people how to remember who gets the Private Key, "YOU HAVE TO KEEP YOUR PRIVATES: PRIVATE" keys. 

ENCRYPTION & DECRYPTION: is performed with the recipient's keys:
1. If you were to send an email (Message, document, or file) to Dave, and you want only Dave to read it, you would encrypt with Dave's Public Key. 

2. Dave would then decrypt the email (Message, document, or file) with his Private Key. 

DIGITAL SIGNATURE: is always perform with the sender's keys.
1. First, the email (Message, document, or file) is hashed, the encrypted (Signed: Digitally signed) whit the sender Private Key. This Digital Signature will include the sender's Public Key.

2. The recipient will use the sender's Public Key to verify that the digital signature is valid. The recipient validates the Public key to the issuing Certificate Authority.

Common asymmetric encryptions:
RSA: Typically used with X.509 certificates, it encrypts the certificate.

DSA:  Digital Signature Algorithm

ECC: Elliptic Curve Cryptography, mainly used with mobile devices due to less processing power. ECC128 is stronger than RSA 1024.

1 comment: