Public Key Infrastructure (PKI)

sy0-701 1.4

PKI

Policies, procedures, hardware, software and people responsible for the creation, distribution, management, storing and revoking of digital certs.

Lots of planning required to determine the encryption and methods used within the organization.

May also be used to describe public keys bound to people or devices by the cert authority.

Symmetric encryption

Decryption uses same key used to encrypt info

Referred to as secret key algorithm or shared secret

(-) Does not scale well above 10 people or devices

(+) Very fast (less overhead than asymmetric encryption)

May be combined with asymmetric encryption

Asymmetric cencrypion

Rusty and Hank are both given wwo or more mathematically related keys (cannot gain the other key through reverse engineering)

A private (only one person/device has access) and public key (for anyone to use)

Private key decrypts and public key encrypts

Public key crypto

Large random number used to generate both keys

One is designated as public and the other private

Private key is protected through password

asymmetric encryption process

Rusty has public key given by Hank

Rusty uses public key and encryption software to convert the plaintext data into encrypted ciphertext

Rusty’s ciphertext is sent to Hank

Hank uses private key to decrypt ciphertext

Key escrow

Someone else (3rd party software) holds decryption keys or keys are stored locally

Handing keys off to another person may be required to maintain uptime and availability of organization’s data.