Asymmetric Algorithms – CompTIA Security+ SY0-501 – 6.2

Asymmetric encryption has enabled the exchange of symmetric keys, encryption of data, digital signatures, and other significant security features. In this video, you’ll learn about these asymmetric algorithms and their use.

One popular form of asymmetric cryptography is the Diffie-Hellman key exchange. This key exchange allows us to transfer a symmetric key between two people, but do this over an insecure communications channel. This is a method of change that’s been around since 1976. Diffie-Hellman exchange is a form of asymmetric cryptography, but not a form of asymmetric encryption.

This key exchange allows two devices to decide on a common symmetric key that can then be used for symmetric encryption. It’s common to see Diffie-Hellman key exchange used in many ways today. One common use is with web browsers that use ephemeral Diffie-Hellman keys, EDH or DHE keys we call that. And we can combine this with elliptic curve cryptography to have elliptic curve Diffie-Hellman key exchange.

Here’s how Diffie-Hellman key exchange uses asymmetric cryptography to be able to create a symmetric key. We know with asymmetric cryptography that everyone will have a public key and a private key. The public key is something that anyone would be able to see, and the private key is one that is private only to ourselves.

So we know that Bob is going to have a private key that he keeps to himself, and Alice is going to have a private key that she keeps for herself. No one is going to have access to Bob’s private key except for Bob, and no one will have access to Alice’s private key except for Alice. As I mentioned, the public keys are available for anyone.

So Bob can get a copy of Alice’s public key very easily, and Alice can get a copy of Bob’s public key very easily. If Bob combines his private key and Alice’s public key, he will get a symmetric key. And if Alice combines her private key and Bob’s public key, she gets exactly the same symmetric key that Bob was able to derive.

This is the benefit of having this Diffie-Hellman key exchange is that both of these devices are able to derive exactly the same symmetric key without ever having to send that symmetric key to each other. One of the first forms of asymmetric encryption was the RSA algorithm.

RSA stands for Ron Rivest, Adi Shamir, and Leonard Adelman. This was published in 1977. It was really the very first practical use of public key cryptography. We can use RSA to encrypt information, decrypt information, and we can use it for digital signatures. One of the foundations of RSA is that it uses very large prime numbers to be able to accomplish this public private key encryption method.

It’s a method of encryption that’s now part of the public domain. So you’ll see RSA used for web site encryption, digital rights management, and many other uses. If you need to provide some type of digital signature, you may want to use DSA or digital signature algorithm. This is a modification of the Diffie-Hellman key exchange for use with digital signatures.

It’s also part of the Federal Information Processing Standard for Digital Signatures or FIPS. To be able to use digital signatures on mobile devices with the minimum amount of resources, we could combine DSA with elliptic curve cryptography to create ECDSA or elliptic curve digital signature algorithm.

This use of elliptic curve cryptography, or ECC, is incredibly useful in today’s world, especially with so many mobile devices that need an efficient form of cryptography. Although asymmetric encryption is very secure, it uses very large key sizes and it uses a lot of resources. And on our mobile devices, which have a limited amount of CPU power and a limited amount of battery, we want to be able to have the most efficient form of cryptography.

So instead of using very large prime numbers, we’ll use curves. That’s the foundation of elliptic curve cryptography. The advantage for mobile devices is that it uses smaller keys than GP curve cryptography encryption, which means we’ll use smaller amounts of sleep cycles and use less battery.

Another other popular form of asymmetric encryption is PGP, or pretty good privacy. This was written in 1991 by Phil Zimmerman. You can find out all about why he wrote PGP by visiting ProfessorMesser.link/pgp. Today PGP is commercial software that’s owned by Symantec. But there is an open standard called open PGP. This is referred to as RFC 4880. It’s implemented as software called Gnu privacy guard, or GPG. And there’s versions of GPG available for Windows, for Linux, for Mac OS and many other operating systems.