Encryption

Was hoping to get a little help with the concepts of encryption.

As I understand it there are a couple of hashing algorithms, MD5, SHA, and HMAC. Now, these are hashing tools, and do not provide any encryption, they just verify file integrity.

There are two different types of encryption, symetric and asymmertric. Symetric uses a key, say 123, to make James into Kcpix. While this is a form of encryption, how does this key get shared between the two parties? Is it shared before hand, or is it encrypted with asymetric encryption?

Asymmetric encryption uses a private key and a public key for encryption. I have a private key I use wto lock and unlock data and my public key can lock and unlock the data as well. If I encrypt a message I am using someones public key to encrypt the message, and they are using their private key to decrypt it. Similarily, if I digitially sign a message, I use my private key to sign the message, and they use my public key to veryify the message came from me.

Now, curious about combination of symmetric and asymmetric encryption. A symmetric key of 123 is use to encrypt a message like James. The key can not be sent in the clear, so asymmetric encryption is used. I encrypt the 123 symmetric key using my private key and the 123 symmetric key scrambles the message. The recipient then receives the scrambled message, uses my public key to get the 123 symmetric key, and finally uses the 123 symmetric key to read the message James. Is that the proper understanding?

Thanks

Find more posts tagged with

Comments

beads

I think your over analyzing some of this. Lets start over and see if this helps.

Not to be overly complicated here but to create a starting point only. Keep the list simple at first then add on as you learn the differences. Then make this more complicated with all the other details.

Symmetric - Serial. Only (that I have ever seen) used on hardware. One key between machines. Confidentiality

Asymmetric - Both ways. Public and Private Keys. Generally used between parties, PGP would be the most obvious example but there are many. Confidentiality, Authentication.

Hashes - Only verifies integrity. Numerous examples: MD5, SHA-1, etc.

I just think people learn this backwards is all, starting with asymmetric first, then symmetric which is easier to understand. Symmetric: Simple; Serial. Hardware based or machine to machine.

Hashes are used for file integrity. Find google hash checker and play with it.

The rest is asymmetric and most difficult as it has the most "moving parts". By process of elimination of the first two becomes very easy to identify. The rest is simply learning the details of individual systems. Bit levels and names and all that. I wish I could point you to numerous ways of practical practice out on some virtual server somewhere but so much of encryption is built in or in some proprietary interface, I can't.

Hopefully, this dumb-down start guide will help.

- beads

quinnyfly

For some very good and easy to understand explanations, have a look at Darril Gibson's Youtube videos, also refer to his forum and obviously his books. He has provided perhaps the best explanations to date. Links Below:

DG's Vids:
Security+ Encryption - YouTube
Security+ Hashing - YouTube
Security+ HTTPS and SSL - YouTube
Security+ Digital Signatures - YouTube

Darril's Books (Security+ Get ahead get certified):
Amazon.com: CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide (9781463762360): Darril Gibson: Books

As a side note, Asymmetric encryption uses PKI (Public Key Infrastructure) that makes use of a public and private keys <two keys/or key pair>, one encrypts (locks), while the other decrypts (unlocks). Symmetric key encryption <single/same key> is used for large files and is most often used, asymmetric encryption is primarily used to exchange the symmetric key, this key can also be hashed for another layer of security.

I remember symmetric keys this way:
AES and DES CAST IDEAS about RC and OTP.

Encryption and hashing covers three very important information security concepts often refered to as CIA: Confidentiality, Integrity and Availability.

Remember that the strength of a key equals its: Key length, secrecy of the key and this is also based on the algorithms strength. Algorithms are those complex mathematical formulas that encrypt or decrypt data using a secret key.

Hashes are one-way and are used to maintain data integrity, a message or file is hashed <or a hash value is created at the source, and this is then recalculated at the destination, if they match, integrity is maintained>.

Keep in mind that much of this takes place at the Presentation and Session layers of the OSI.

Hope this helps

ChooseLife

Now, I actually read your message

jwads wrote: »

Is that the proper understanding?

Yes, everything you wrote is correct - except that in the last paragraph's example the symmetric key would be encrypted with the other party's private key, otherwise anybody could decrypt it with your public one.

jwads wrote: »

how does this key get shared between the two parties? Is it shared before hand, or is it encrypted with asymetric encryption?

Either method can be used

jwads

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

I appreciate you verifiying my thoughts are correct. One thing though, what do you mean about the symetric key bieng encrypted with the other party's private key?

ChooseLife

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST
I'm following your example of communicating a symmetric key using asymmetric encryption and just pointing out that the party sending they key uses encryption, and therefore has to use the other party's public key to encrypt so that only the other party can decrypt the message.

Let me copy-paste your example and edit some parts:

A symmetric key of "123" is use to encrypt a message like "James". The key can not be sent in the clear, so asymmetric encryption is used. I encrypt the "123" symmetric key using the recipient's public key and the "123" symmetric key scrambles the message. The recipient then receives the scrambled message, uses his private key to get the "123" symmetric key, and finally uses the symmetric key to decrypt the message "James".

Darril

jwads wrote: »

While this is a form of encryption, how does this key get shared between the two parties? Is it shared before hand, or is it encrypted with asymetric encryption?

It can be shared beforehand but much more often asymmetric encryption is used to privately share a symmetric key.

jwads wrote: »

Is that the proper understanding?

Overall, I think you've got it except (as ChooseLife points out), you have the public and private keys swapped in the last paragraph.

If you encrypted your message with your private key anyone with your public key could decrypt it. Since your public key is public, anyone can decrypt it. Instead, you encrypt the message with the recipient's public key.

Good luck.

jwads

Ok, I see my mistake. Instead of encrypting with my private key, I wold encrypt with their public key, which I have access to, and then they decrypt with their private key, which only they have access to.

I appreciate the assistance, I am getting this bit by bit

Darril

Good to hear. Also, Quinnyfly gave some great tips on what to know and remember for the Security+ exam.

DarthVader

@beads

Symetric does not have to be serial, for example all HAIPE devices are symetric it just means that the key was pre-shared in some way.

You actually do Symetric encryption all the time withou even knowing it. In many cases Diffie-Helman or RSA is used for secure key exchange. Once they key has been exchanged...you're up and running symetric encryption!!