Symmetric algorithms offer fast, efficient encryption while ensuring data confidentiality. However, both parties must share the same secret key. In this chapter, we'll discuss the other main form of encryption: asymmetric (or public-key) encryption. We'll learn how asymmetric encryption was developed to solve the problem of securely exchanging the shared secret key, but then evolved to provide other benefits. You'll understand the two ways to obtain a shared secret key, by using encryption or using a key agreement protocol, such as Diffie-Hellman. We'll also outline how using Diffie-Hellman helps provide perfect forward secrecy.

We'll then cover other uses for public-key encryption, such as securing email and creating a digital signature. We'll discover how using standards, such as the Public Key Cryptography Standards (PKCS), helps provide interoperability among vendors. To understand what is necessary...

We use symmetric encryption to secure our data transactions using a single shared secret key. When using symmetric encryption, it's best practice to change the key often to prevent it from being compromised. As a result, we need to generate and distribute the secret key securely to both parties when needed.

Because symmetric encryption uses a shared secret key, the question remains: how do both parties securely obtain the same key? The answer is to use a hybrid system that employs both symmetric and asymmetric encryption.

The components for asymmetric encryption, such as plaintext, ciphertext, and the encryption algorithm are similar to those used in symmetric encryption. However, instead of using the same shared key, asymmetric encryption uses two keys, a public and a private key, as shown in the following diagram:

Figure 5.1 – Asymmetric key pair

The two keys are mathematically related...

When using asymmetric encryption, we need an algorithm that can generate a mathematically related key pair. In this section, we'll take a look at some of the cryptographic requirements of using an asymmetric algorithm, and we'll see an example of generating a key pair. We'll then discuss the importance of managing the public and private key, and finish with ways we can use asymmetric encryption.

Let's start with some requirements when generating a key pair.

Designing a strong algorithm

When something is strong it is resistant to being broken, such as an impenetrable fortress. An encryption algorithm is no exception, in that we want one that is able to withstand a brute-force attack and continue to provide data confidentiality and integrity. Some of the considerations when designing a strong asymmetric algorithm include the following:

• It must be effortless to generate a mathematically related public and private...

We understand what is required to create a strong algorithm and see the value in using a key pair. In this section, we'll take a look at a few public-key algorithms, such as RSA and ECC. We'll also see how PGP and GPG can secure our email with little or no effort. Finally, we'll discuss methods we use to ensure trust when using a public key.

Let's start with outlining how RSA is used to secure data.

Outlining RSA

In 1977, Ron Rivest, Adi Shamir, and Len Adleman developed RSA, a widely recognized cipher that is used in a number of different applications.

RSA uses a variety of encryption key lengths that include the following: 1,024-bit, 2,048-bit, and 4,096-bit lengths. The algorithm is used when sending a shared secret key in symmetric encryption. However, it can also be used to encrypt documents and create a digital signature.

Let's step through what is involved when calculating private and public keys using...

A digital signature is a cryptographic technique that uses asymmetric encryption to provide several services for both sender and receiver. Instead of encrypting an entire document, a digital signature encrypts only a hash of the message, therefore using a smaller footprint.

In this section, we'll see how a digital signature can ensure message authentication, integrity, and non-repudiation. Then, we'll step through the process so that you can see how all of these are accomplished when creating a signature.

Let's start with how we can provide three core security services.

Providing core security services

Because of the vast anonymous nature of the internet, many felt that there needed to be a way of creating and signing a document, using a digital format. The method was to address the issue of being able to complete transactions on the internet without requiring a physical or wet signature, whereby someone physically marks...

In this chapter, we saw how asymmetric encryption solved the problem of securely sharing a secret key in a data transaction. We compared two methods to achieve this, by using encryption or Diffie-Hellman, a key agreement protocol. We also saw how standards such as the PKCS assure vendor interoperability.

By now, you understand some of the requirements needed to create a strong algorithm, along with the importance of effectively managing both public and private keys. We saw the many uses for asymmetric encryption, which include key exchange, securing our email, generating a blockchain, and creating digital signatures.

We then compared a few asymmetric algorithms, such as RSA, PGP, and ECC. We also recognized that there are two main methods to provide trust when using a public key. The two ways to assure trust are the CA in a large environment such as the internet, or the Web of Trust in a smaller environment, such as an office. Finally, we saw how public-key encryption...

Now, it's time to check your knowledge. Select the best response to the following questions and then check your answers, found in the Assessment section at the end of the book:

1. _____is a key agreement protocol, designed to have each party generate the same shared secret key that will be used in the session.

   a. PGP

   b. Diffie-Hellman

   c. GPG

   d. Rivest, Shamir, Adleman

2. PKCS _____defines the construct of an X.509 certificate from the CA, and includes components such as a public key, a distinguished name, and a digital signature of the CA.

   a. #1

   b. #5

   c. #7

   d. #10

3. _____ uses a variety of encryption key lengths that include 1,024-bit, 2,048-bit, and 4,096-bit lengths.

   a. DES

   b. ECC

   c. RSA

   d. AES

4. Most encryption systems are ____ and use both symmetric and asymmetric encryption.

   a. hybrid

   b. ElGamal

   c. public

   d. elliptical

5. The dominant operation in ECC cryptographic schemes is _____multiplication.

   a. Diffie

   b. ElGamal

   c. point

   d. certificate

6. The _____ works when assigning...

Please refer to the following links for more information:

• To view a list of the PKCS, visit https://www.educba.com/pkcs/.
• For Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms, visit https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-175b.pdf.
• Read about RSA here: https://gonitsora.com/rsa-elegant-code/
• To learn more about Phil Zimmermann, you can visit https://philzimmermann.com/EN/background/index.html.
• To view a primer on ECC go to: https://arstechnica.com/information-technology/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/2/.