How to Implement PKI Solutions and Cryptography

PKI stands for public key infrastructure. It’s a generic catch-all term for IT systems that handle encryption mechanisms. It can mean many things. 

Encryption is essential for today’s information systems. We didn’t always practice safe IT, however. In the early days of the web, public and private networks weren’t very secure. Connecting to and accessing remote systems without any authentication whatsoever was possible. 

Today, that’s changed. We’ve learned our lessons through the school of hard knocks. Security has become the number one concern for most organizations, and encryption is the heart that powers security mechanisms. 

A typical example of PKI is the use of SSL and TLS certificates. SSL certs use encryption as digital signatures. Because of how that type of encryption works, browsers can use those encrypted digital signatures to verify the true identity of a website. Likewise, SSL certs enable secure communication between a client’s browser and a web server. 

Before digging into the various types of PKI and how to implement them, you need to understand how encryption works first. Take a look at Bob Salmans’ cryptography fundamentals course for more info. 

All forms of encryption use certain mathematic principles. Generally, each type of encryption algorithm is divided into one of two super high-level categories:

• Symmetric Cryptography

• Asymmetric Cryptography

A Video Overview of PKI Solutions and Cryptography Implementations

In this video, CBT Nuggets trainer Bob Salmans discusses what PKI and cryptography are, how they intertwine, and why they are so crucial for IT pros to understand.

What is Symmetric Cryptography?

Symmetric cryptography uses the same key to both encrypt and decrypt data.

A classic example of symmetric cryptography is the Caesar Cipher. The Caesar Cipher replaces each letter in a message with a different letter in the alphabet. For example, the letter ‘A’ might be replaced with ‘C.’ The same key to switch those letters back and forth is used to encode and decode the message. 

The Caesar Cipher doesn’t use memorable passwords and is not remotely secure. A modern symmetric encryption algorithm is AES 256. There’s a good chance you either heard of it or used it in the past. 

AES-256 is much more complicated than the Caesar Cipher. The AES-256 algorithm XORs each bit of data and then replaces each bit with a different blob of information. The same key, or password, is still used to encode and decode information. 

What is Asymmetric Cryptography?

Asymmetric cryptography uses two different keys to encode and decode data. These keys are often referred to as public and private keys. As you might have guessed, the public key is safe for anyone to possess, while the private key should be tightly secured. 

When data is encrypted using asymmetric cryptography, the public key is used to scramble that data. The private key is used to decrypt that data. The public key cannot decode information. Because of this, asymmetric cryptography is excellent for things like communication. 

SSL certifications are a great example of asymmetric cryptography. When a secure connection is made between a client web browser and a web server, the web browser requires a secure method of communication to initiate the 4-way handshake for that connection. In this case, the web browser uses a public key provided by the SSL cert for the webserver to send that first initiating message. 

A well-known example of an asymmetric encryption algorithm is RSA. RSA is a tried and true encryption method, though more secure and robust forms of asymmetric encryption exist today. 

The RSA algorithm works with factoring prime numbers. This is a subject we all hated in grade school. Factoring prime numbers can be complicated. The math problems we worked on in school are literally child’s play compared to the size of the numbers that the RSA algorithm uses. 

Here’s a quick refresher. A prime number is the value of two numbers multiplied together. Those two numbers are the only ones that can equate to that value. For example, 5 is a prime number because the value of 5 can only be produced by multiplying 1 and 5 together. The process of factoring the prime number 5 is figuring out that only 1 and 5 can be multiplied to get that value. 

In the RSA algorithm, the public key represents that prime number while the private key represents its factors. 

Start Learning More About Cryptography with CBT Nuggets

In my humble opinion, studying cryptography is a lot of fun. There’s a certain James Bond aspect to it that I have always loved. If you’re feeling the same way, or you need to learn about PKI for your career or the CASP+, take a look at Bob Salmans’ cryptography training at CBT Nuggets.