Symmetric and Asymmetric Cryptography - SY0-601 CompTIA Security+ : 2.8

00:02

Let's begin our conversation of the differences

00:04

between symmetric encryption and asymmetric encryption,

00:08

by focusing first on symmetric encryption.

00:11

This is encryption where you use a single key

00:14

to encrypt the data, and when you want to decrypt the data,

00:18

you use exactly the same key to decrypt it.

00:21

This means that if this key does become available for others

00:24

to see, that you'll have to completely redo

00:27

all of your encryption because now everyone has

00:30

a copy of the key that can be used to decrypt this data.

00:33

You'll sometimes hear symmetric encryption

00:35

referred to as a secret-key algorithm or a shared secret.

00:39

That's because that single key is the secret

00:42

that everyone needs to know, to be able to decrypt

00:45

the information.

00:46

One of the challenges you have with symmetric encryption

00:48

is it's difficult to scale.

00:50

How do you share a key with others,

00:53

when you don't currently have a way

00:55

to encrypt that information.

00:56

You can think of this as somebody

00:58

carrying the key in a locked case,

01:00

they're protecting the key until they get to their destination,

01:03

and only then can they share that key with another person.

01:06

But across the network, you don't have a locked case.

01:10

And since you don't have a key that both sides can share,

01:13

you don't have a way to encrypt the key, to be able to send it

01:16

to the other side.

01:17

This means we have to find other ways

01:20

to be able to share this key so that we

01:23

can use symmetric encryption.

01:25

One way to get around this problem of scalability

01:28

is to use asymmetric encryption.

01:30

The problem, though, is that asymmetric encryption

01:33

requires more overhead and more work by the CPU.

01:36

Symmetric encryption requires relatively fewer resources

01:40

than asymmetric encryption.

01:42

Often, you'll see the two combine,

01:44

where you'll use asymmetric encryption in order

01:47

to transfer a symmetric key to someone else.

01:50

So very often those two algorithm types

01:52

are used in conjunction with each other.

01:56

Unlike symmetric encryption, where there is a single key,

01:59

with asymmetric encryption, there are multiple keys.

02:03

You'll sometimes hear this referred

02:04

to as public-key cryptography, because, there is

02:08

a public key and a private key.

02:10

In some situations, there can even be more than two keys,

02:13

but for the examples that will give today,

02:16

we'll deal with the two keys, a public key,

02:18

and the private key.

02:20

The private key as the name implies,

02:22

is the key that only you have access to.

02:25

It is a private key because nobody else

02:28

knows what that key is.

02:29

There is another key that is mathematically

02:31

related to the private key called the public key.

02:34

This is the key that you give to everybody.

02:37

You can post the public key on a public key server,

02:40

you can hand it out to people in email messages,

02:43

you can put it on your website, and everyone

02:45

who wants to be able to encrypt information and send it to you

02:49

needs to have your public key.

02:51

Once somebody encrypts data with that public key,

02:53

the only way to decrypt that information

02:56

is by using the corresponding private key,

02:59

and of course, that's the key that only you have access to.

03:02

Interestingly enough, you can also do this the opposite way.

03:06

You can encrypt information with your private key,

03:09

and the only people that would be able to decrypt it,

03:12

are the people that have the public key.

03:14

This is the process that we would

03:15

use for doing something like, a digital signature, for example.

03:19

So although we've named these keys public and private,

03:22

they're really only named that way,

03:24

because that's how we're using them.

03:26

The two keys are mathematically related and depending

03:29

on which one you choose when you create the keys,

03:32

is the one that becomes the private key,

03:34

and the one that becomes the public key.

03:36

Although these two keys are mathematically related,

03:39

you still can't derive one key from the other.

03:42

If everyone has access to the public key,

03:45

they still would not be able to determine

03:47

what the private keys should be, even

03:49

though they have full access to every part of the public key.

03:53

It's this interesting relationship

03:55

between the public and the private key,

03:57

that enables us to use the encryption that we

03:59

have today on the internet.

04:01

To better understand this relationship between the public

04:04

and the private key, let's go back

04:06

to when we originally create this key pair when

04:09

using asymmetric cryptography.

04:11

We would build both of these keys at the same time.

04:15

We have a large random number, there's

04:16

a key generation program, that is input,

04:19

and the output to that program, creates

04:21

the two keys, the public key, and the private key.

04:25

By running this key generation program, which

04:27

uses large random numbers, and prime numbers as input,

04:31

it runs it through a generation program,

04:33

and it outputs two separate keys.

04:35

Of those two keys, we choose one of them to be the public key,

04:39

and one of them to be the private key,

04:41

and then we share the public key with everybody,

04:44

and we keep the private key private to us.

04:47

Let's look at the process that's involved

04:49

in encrypting and decrypting information

04:52

using asymmetric cryptography.

04:54

Let's take a scenario, where Bob and Alice are communicating

04:57

to each other, and Bob would like to send some information

05:00

to Alice that is encrypted.

05:02

Bob will need a way to create this encrypted message,

05:05

like a laptop.

05:06

He'll need the original plain text.

05:08

This plain text says, Hello Alice,

05:10

and then he'll need Alice's public key.

05:13

To obtain this key, Bob can ask Alice for her public key,

05:17

he can retrieve her public key from a public key server,

05:20

or he can visit Alice's home page or anywhere else

05:23

Alice may have posted the key and download

05:25

the key from there.

05:27

Bob then combines the plaintext, with Alice's public key,

05:30

to create the ciphertext.

05:33

Once the ciphertext has been created,

05:35

the only way to obtain the original plaintext

05:38

is to decrypt it with the private key.

05:41

You cannot use the public key to somehow undo the encryption

05:45

process that you've already done.

05:47

This means that Alice will receive the ciphertext message,

05:50

and will apply her private key, to be

05:53

able to decrypt that ciphertext, and once that's decrypted,

05:57

she'll be able to see the plain text that says, Hello Alice.

06:01

This is the process that occurs every time someone wants

06:03

to send information using asymmetric encryption.

06:07

If we wanted to reverse this process

06:09

and have Alice send encrypted information to Bob,

06:12

she would need Bob's public key, she would encrypt the data,

06:16

send that ciphertext to Bob, and Bob would use his private key,

06:20

to decrypt that ciphertext.

06:23

We spoke earlier of the difficulties

06:25

in being able to scale asymmetric key,

06:28

because there's no easy way to transmit

06:30

that symmetric key across the network,

06:33

without first encrypting it.

06:34

And since you haven't sent the key across the network,

06:37

there's no way to have a known key on both sides,

06:40

that you can use for the encryption process.

06:43

One way to get around this problem

06:44

is to use asymmetric encryption, in order

06:47

to create a symmetric key on both sides,

06:50

without having to send that symmetric key

06:53

across the network.

06:54

To be able to do that, you use public and private keys

06:58

on both sides.

06:59

Let's take the example again of Bob and Alice.

07:01

We know that Bob and Alice use asymmetric encryption, which

07:05

means, that Bob has a private key,

07:07

and Alice has a private key, and of course those private keys

07:10

are only known to their owners.

07:13

You can combine your private key,

07:15

with someone else's public key, to create a symmetric key.

07:20

And if you use the related public and private keys

07:23

on both sides, you end up with a symmetric key

07:26

that's identical to each other.

07:27

So even though Bob's private key and Alice's public key

07:30

created the symmetric key, it's exactly the same symmetric key,

07:34

if you combine Alice's private key and Bob's public key.

07:38

By doing this, the same symmetric key

07:41

can be created on both sides of the conversation,

07:44

without ever having to send the symmetric key

07:47

across the network.

07:48

In fact, this is the process used

07:50

for Diffie-Hellman key exchange, and it's

07:52

a key exchange process that's used extensively every day.

07:57

Hopefully, you're starting to see that asymmetric encryption,

08:00

can provide us with functionality

08:02

that symmetric encryption simply can't do.

08:04

But there are some drawbacks to using asymmetric encryption.

08:08

We're using very large integers of very large prime factor

08:12

numbers, and that calculation requires CPU overhead

08:16

and resources on a machine, to be able to encrypt and decrypt

08:20

that information.

08:21

Of course, we have mobile devices, and internet

08:24

of things devices, that may not have the computing

08:27

power that our local workstations have,

08:29

but they still need to be able to encrypt and decrypt

08:32

information.

08:33

For those, we would use, Elliptic-Curve Cryptography,

08:36

or ECC.

08:37

Instead of using these very large prime numbers,

08:40

we'll use curves, to be able to create,

08:43

the asymmetric keys that we would

08:45

use for public and private key encryption and decryption.

08:48

ECC can use smaller keys, to maintain the same security

08:52

as non-ECC algorithms, and they require,

08:55

a smaller amount of storage and a smaller amount

08:58

of data that would need to be transmitted across the network.

09:01

This allows us to have access to the powerful features

09:04

available with asymmetric encryption,

09:06

while we're using our mobile devices and IoT devices.