Pass your certification exam. Faster. Guaranteed.

Asymmetric Cryptography Transcription

Welcome to our cryptographic fundamentals asymmetric or public key cryptography module. Asymmetric cryptography is also known as public key cryptography. Asymmetric cryptography uses two keys whereas symmetric cryptography only uses one key. With asymmetric cryptography we use a key pair. One is called the public key and one is called the private key.

As you can imagine the public key can be publicly shared and can be given to anyone. The private key needs to be kept confidential and only the owner should have access to the private key for the system to function properly. The key sizes are very large, either 1,024 bits or 2,048 bits.

Compared to the 256 bit keys used with AES symmetric encryption. We always use the keys as a pair so the public and private keys work together. The keys are mathematically related so something that is encrypted with one key can be decrypted with the other key. However, it's not possible to determine what the public key is by having the private key, for example.

And it's not possible to determine what the private key is by having the public key. Here we have a visual depiction of how asymmetric or public key cryptography functions. In this example the sender would like to send a message about a secret meeting. The sender uses the recipient's public key, which is widely available and can be shared with anyone, either sent in an email message or posted on a website.

The sender takes that recipient's public key and encrypts the message content using that recipient's public key. This creates cypher text which can be safely transmitted without the worry of someone intercepting it and being able to read the message. When the recipient obtains the message, they can then use their private key, which only they have access to, to decrypt the contents of the message, and now they are aware of the secret meeting that the sender was trying to tell them about.

RSA is the defacto asymmetric algorithm that is most widely used, it's named after it's founders Rivest, Shamir, and Aldamen. It requires the support of public key infrastructure. As we discussed previously, there's very long key lengths such as 10, 24, or 2048 bits and these keys are generated by factoring very large prime numbers.

They keys are mathematically related so each key is able to decrypt data that's encrypted by the opposite key. But there is no way to determine one key by having the other key. The key exchange is handled by RSA, we generally don't use the asymmetric cypher to encrypt large amounts of data because it's very slow. So the best way to encrypt a large amount of data is to use symmetric encryption and then send the symmetric encryption key securely to the recipient using asymmetric cypher so that it can not be intercepted while in transit. An alternative to asymmetric encryption is elliptical curve coptogrophy or ECC.

This is used when you have limited hardware resources such as on a smartphone. And it allows you to encrypt data without using asymmetric encryption and its high overhead. You want to be familiar with elliptical curve cryptography on the CISSP exam because you may see a question that asks you the type of encryption that may be used on a smartphone.

And the answer would be elliptical curve cryptography, or ECC. There are many advantages to public key cryptography. It allows parties to communicate securely even though they have never shared any secret information such as a key. This was our primary problem with symmetric cryptography, as we had to figure out a way to get this secret key to the recipient.

Without having someone intercept it while it was being transmitted. So this solves one of the biggest problems with symmetric cryptography. It also scales very well. Even in a large enterprise you only have the number of key pairs for the numbers of users you have. So for example, if you have 1,000 users, you would have 1,000 key pairs, or 1,000 combinations of public and private keys.

We typically use asymmetric algorithms for data integrity authentication and non repudiation such as digital signatures and for key exchange. There are some disadvantages to public key cryptography. The biggest disadvantages is its speed. It is approximately 100 to 1000 times slower. Than symmetric cryptography, and it requires a lot more resources.

Asymmetric cryptography is not suitable for encrypting large amounts of data, because of performance considerations. It would take a significant amount of time to encrypt a large amount of data. So you want to remember for the CISSP exam that symmetric encryption is very fast and asymmetric encryption is much slower.

You also wanna remember that asymmetric encryption uses two keys, where symmetric encryption only uses one key. There are several different algorithms that can be used for asymmetric encryption. One easy way to remember this is AREAD. In this pneumonic, A stands for asymmetric. R stands for RSA, which is our primary standard for asymmetric encryption.

E stands for ECC< which you should remember is used by smart phones. The next E stands for which is used primarily for key exchange, and D stands for Diffy which is also used for key exchange. We also have an asymmetric digital signature standard, which is DSA, or digital signature algorithm, and this is used for digital signatures.

This concludes our cryptography fundamentals module. Thank you for watching.