Show understanding of how encryption works

17.1 Encryption, Encryption Protocols and Digital Certificates

What is Encryption? 🔐

Think of encryption as putting a secret message inside a lockbox. The key is the combination that unlocks it. Only someone with the correct key can read the original message. In maths we write it as: $E_{k}(m)$ for encryption and $D_{k}(c)$ for decryption, where $m$ is the message and $c$ is the ciphertext.

Symmetric vs. Asymmetric Encryption 🗝️

  • Symmetric: Same key for encryption & decryption. Fast but key must be shared secretly.
  • Asymmetric: Public key (anyone can use) & private key (only owner). Slower but no secret key exchange.

Analogy: Symmetric is like a shared diary with a single lock; asymmetric is like a mailbox where anyone can drop a letter, but only the owner can open it with a private key.

Common Encryption Algorithms 🔧

Algorithm Type Key Length
AES Symmetric 128/192/256 bits
RSA Asymmetric 1024/2048/4096 bits
ECC Asymmetric 256 bits (curve)

Encryption Protocols 📡

Protocols define how encryption is used in real communication. The most famous is SSL/TLS (Secure Sockets Layer / Transport Layer Security). It uses a mix of symmetric and asymmetric encryption to create a secure channel over the internet.

  1. Client sends a hello with supported cipher suites.
  2. Server replies with its certificate (public key) and chosen cipher.
  3. Client verifies the certificate, generates a pre‑master secret, encrypts it with the server’s public key and sends it.
  4. Both sides derive symmetric keys from the pre‑master secret and use them to encrypt the session data.

Analogy: It’s like two people meeting in a crowded room. They first agree on a secret handshake (cipher suite), then each sends a locked box (certificate) to prove who they are, and finally they exchange a tiny key (pre‑master secret) that they keep hidden while talking.

Digital Certificates 📜

A digital certificate is like an online ID card. It contains the holder’s public key, identity details, and is signed by a trusted Certificate Authority (CA). The CA’s signature proves the certificate’s authenticity.

  • Components: Subject, Issuer, Validity period, Public key, Signature.
  • Purpose: Enables secure key exchange, authentication, and non‑repudiation.
  • Chain of Trust: Browser trusts root CA → verifies intermediate CA → verifies website certificate.

Exam Tips & Tricks 📝

  • Remember the three‑way handshake in TLS: ClientHello → ServerHello → Certificate + Key Exchange.
  • When asked about public key infrastructure (PKI), mention the trust chain and role of CAs.
  • For algorithm comparison, note that RSA uses exponentiation, while ECC uses elliptic curves – ECC gives similar security with smaller keys.
  • Use the analogy of a mailbox for asymmetric encryption and a shared diary for symmetric encryption to explain key concepts quickly.

Key Takeaway for the Exam 🎯

• Encryption transforms readable data into unreadable form using a key. • Symmetric uses one key; asymmetric uses a public/private pair. • TLS combines both to secure web traffic. • Digital certificates prove identity and enable secure key exchange. • Always be ready to explain the handshake process and the role of the CA.

Revision

Log in to practice.

3 views 0 suggestions