← All Modules
Domain 2 Β· SY0-701

Cryptography & PKI

Symmetric vs asymmetric encryption, hashing, digital signatures, PKI, TLS handshakes, and certificate management. Weight: ~12% of exam.

0 / 6 concepts
Visual Explainers β€” Read, then collapse and test yourself
πŸ”‘
Symmetric vs Asymmetric Encryption
AES Β· 3DES Β· RSA Β· ECC Β· Diffie-Hellman
β–Ό
FeatureSymmetricAsymmetric
KeysOne shared secret keyPublic + Private key pair
SpeedFast β€” good for bulk dataSlow β€” good for key exchange
Key problemHow to share the key securely?Solves the key distribution problem
Common algorithmsAES, 3DES, ChaCha20RSA, ECC, Diffie-Hellman
Use caseEncrypt file contents, disk encryptionTLS handshake, digital signatures

In practice, TLS uses both: asymmetric encryption to exchange a symmetric session key, then symmetric encryption for the actual data β€” best of both worlds (Rescorla, 2018; Stallings, 2022).

AES-128, AES-192, and AES-256 were standardized as the replacement for DES following the Rijndael block cipher competition (National Institute of Standards and Technology [NIST], 2001). The Diffie-Hellman key exchange protocol solved the foundational key distribution problem (Diffie & Hellman, 1976), while RSA established the practical basis for public-key cryptography and digital signatures (Rivest et al., 1978). ECC provides equivalent security to RSA with much shorter key lengths, making it preferred in constrained environments (Barker, 2020). 3DES is deprecated for new encryption uses (Barker & Roginsky, 2019).

AES-256AES-1283DES Symmetric β†’ RSA-2048ECC P-256DH Asymmetric β†’ SHA-256SHA-3MD5 ⚠️ Hashing
Memory Hook
Symmetric = Same key, Speedy. Asymmetric = Acts with A pair. When you see "fast bulk encryption" β†’ AES. When you see "key exchange" or "signature" β†’ RSA/ECC.
πŸ”’
Hashing & Integrity
MD5 Β· SHA-1 Β· SHA-256 Β· HMAC Β· Salting Β· Rainbow Tables
β–Ό

A hash function takes any input and produces a fixed-length output (digest). It is one-way β€” you cannot reverse it to get the original data. Used to verify integrity, not encrypt (Stallings, 2022; Ferguson et al., 2010).

AlgorithmOutput SizeStatus
MD5128-bit (32 hex chars)Broken β€” collision attacks. Do NOT use for security.
SHA-1160-bitDeprecated β€” collision found. Avoid.
SHA-256256-bitCurrent standard. Use for file integrity, certificates.
SHA-3Variable (224-512)Modern, different design from SHA-2. Very secure.
HMACDepends on hash usedHash + secret key = message authentication code (integrity + authenticity)

Salting adds a random value to a password before hashing β€” defeats rainbow table attacks. Rainbow tables are precomputed hash lookup tables used to crack unsalted passwords (Ferguson et al., 2010; Barker, 2020).

SHA-256 and SHA-512 are part of the SHA-2 family standardized in FIPS 180-4 (NIST, 2015a). SHA-3 uses a fundamentally different sponge-function construction (NIST, 2015b). MD5 was shown to produce collisions in under an hour via differential cryptanalysis (Wang & Yu, 2005), and SHA-1 was subsequently demonstrated to be practically breakable (Stevens et al., 2017). HMAC combines a hash with a shared secret key to provide both integrity and authenticity (NIST, 2008). The CompTIA Security+ SY0-701 exam objectives flag MD5 and SHA-1 as cryptographically broken (CompTIA, 2023).

Key Rule
MD5 and SHA-1 = broken for security but MD5 is still used for non-security checksums (file download verification). The exam will try to trick you β€” always flag MD5/SHA-1 as insecure options.
✍️
Digital Signatures & Non-Repudiation
Sign with private key Β· Verify with public key
β–Ό

A digital signature provides three things: Authentication (who sent it), Integrity (wasn't tampered), and Non-repudiation (sender can't deny it) (Diffie & Hellman, 1976; Rivest et al., 1978).

How Digital Signing Works:
Sender: [Message] β†’ Hash β†’ [Digest] β†’ Encrypt with PRIVATE key β†’ [Signature]

Receiver: [Message] + [Signature] β†’ Hash message β†’ [Digest A] β†’ Decrypt signature with PUBLIC key β†’ [Digest B] β†’ Compare: if A == B β†’ βœ“ Valid signature

Critical exam rule: You sign with your PRIVATE key (proves it came from you). Others verify with your PUBLIC key. This is the opposite of encryption (where you encrypt with recipient's public key) (Stallings, 2022; CompTIA, 2023). The sender hashes the message, then encrypts the digest with their private key to form the signature; the receiver independently hashes the received message and decrypts the signature with the sender's public key to compare digests (Ferguson et al., 2010).

Memory Hook
"Sign with Private, Verify with Public" β€” SVPP. Encryption is the reverse: "Encrypt with Public, Decrypt with Private" β€” EPDP.
πŸ›οΈ
PKI & Certificate Management
CA Β· RA Β· CRL Β· OCSP Β· X.509 Β· Certificate types
β–Ό

PKI (Public Key Infrastructure) is the system for issuing, managing, and revoking digital certificates (Cooper et al., 2008; Barker, 2020).

ComponentRole
CA (Certificate Authority)Issues and signs digital certificates. Root CA is the ultimate trust anchor.
RA (Registration Authority)Verifies identity before requesting certificate from CA. Offloads CA workload.
CRL (Certificate Revocation List)Published list of revoked certificates. Checked periodically β€” can be outdated.
OCSPOnline Certificate Status Protocol β€” real-time certificate validity check. Better than CRL.
X.509Standard format for digital certificates (contains public key, subject, issuer, validity).

Certificate types: DV (domain-only), OV (org validated), EV (extended validation β€” green bar). Wildcard cert: *.domain.com β€” covers all subdomains. SAN: Subject Alternative Name β€” multiple hostnames on one cert. X.509 v3 is the standard certificate format specifying public key, subject, issuer, validity period, and extensions (Cooper et al., 2008). CRL and OCSP revocation mechanisms are both profiled in RFC 5280, with OCSP providing real-time status rather than a periodically updated list (Cooper et al., 2008; CompTIA, 2023).

CRL vs OCSP
CRL = old list, may be stale. OCSP = real-time check. The exam prefers OCSP for freshness. OCSP Stapling = server caches OCSP response to reduce latency.
🀝
TLS Handshake
How HTTPS establishes a secure connection
β–Ό

TLS (Transport Layer Security) uses asymmetric encryption to establish trust and exchange a session key, then switches to fast symmetric encryption for all data (Rescorla, 2018; McKay & Cooper, 2019).

CLIENTSERVER
ClientHello
β†’
TLS version, cipher suites supported, random nonce
Chosen cipher, server certificate (public key)
←
ServerHello
Verify cert
β†’
Client verifies cert against trusted CAs
Key Exchange
β†’
Encrypted pre-master secret using server's public key
Both derive session key from pre-master secret
β‡Œ
Session Key
Encrypted Data (AES)
β‡Œ
Encrypted Data (AES)

TLS 1.3, defined in RFC 8446, eliminates static RSA and Diffie-Hellman key exchange, requiring ephemeral key exchange for all sessions, thereby enforcing Perfect Forward Secrecy (Rescorla, 2018). NIST SP 800-52 Rev. 2 mandates TLS 1.2 as the minimum for federal systems and requires support for TLS 1.3 by January 1, 2024 (McKay & Cooper, 2019). TLS 1.0 and 1.1 are deprecated (McKay & Cooper, 2019; CompTIA, 2023).

Key Point
TLS 1.3 removed weak cipher suites (RC4, 3DES, SHA-1) and requires forward secrecy. The exam expects you to flag TLS 1.0/1.1 as deprecated and recommend TLS 1.2 minimum, TLS 1.3 preferred.
πŸ—‚οΈ
Encryption Use Cases & Key Management
Data at rest Β· Data in transit Β· Data in use Β· Key escrow
β–Ό
StateWhat It MeansControls
Data at RestStored on disk, database, USBAES disk encryption (BitLocker, FileVault), database encryption
Data in TransitMoving across networkTLS, HTTPS, IPSec, SSH, SFTP
Data in UseBeing processed in memory/CPUTrusted Execution Environment (TEE), memory encryption

Key Escrow: A copy of the encryption key is held by a trusted third party β€” enables recovery if key is lost, but creates a risk if the escrow is compromised (Barker, 2020; Stallings, 2022).

HSM (Hardware Security Module): Physical device that stores and manages cryptographic keys. Tamper-resistant. Used for CA private keys, payment systems (Ferguson et al., 2010; CompTIA, 2023).

Perfect Forward SecrecyKey StretchingPBKDF2bcrypt

Perfect Forward Secrecy (PFS): Each session uses a unique key β€” even if a long-term key is compromised, past sessions remain safe. Required by TLS 1.3 (Rescorla, 2018). Key stretching algorithms such as PBKDF2 and bcrypt increase the computational cost of brute-force and dictionary attacks against stored password hashes (Ferguson et al., 2010; Barker & Roginsky, 2019).

πŸ§ͺ Knowledge Check
0 / 12 answered
0/12
Cryptography & PKI Quiz
Next: Network Security β†’ All Modules
References β€” APA 7th Edition

Barker, E. (2020). Recommendation for key management: Part 1 β€” General (NIST SP 800-57 Part 1 Rev. 5). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-57pt1r5

Barker, E., & Roginsky, A. (2019). Transitioning the use of cryptographic algorithms and key lengths (NIST SP 800-131A Rev. 2). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-131Ar2

CompTIA. (2023). CompTIA Security+ SY0-701 certification exam objectives (Version 5.0). CompTIA. https://assets.ctfassets.net/82ripq7fjls2/6TYWUym0Nudqa8nGEnegjG/0f9b974d3b1837fe85ab8e6553f4d623/CompTIA-Security-Plus-SY0-701-Exam-Objectives.pdf

Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., & Polk, W. (2008). Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile (RFC 5280). Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/rfc5280

Diffie, W., & Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654. https://doi.org/10.1109/TIT.1976.1055638

Ferguson, N., Schneier, B., & Kohno, T. (2010). Cryptography engineering: Design principles and practical applications. Wiley. https://onlinelibrary.wiley.com/doi/book/10.1002/9781118722367

McKay, K. A., & Cooper, D. A. (2019). Guidelines for the selection, configuration, and use of Transport Layer Security (TLS) implementations (NIST SP 800-52 Rev. 2). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-52r2

National Institute of Standards and Technology. (2001). Advanced encryption standard (AES) (FIPS 197). U.S. Department of Commerce. https://doi.org/10.6028/NIST.FIPS.197-upd1

National Institute of Standards and Technology. (2008). The keyed-hash message authentication code (HMAC) (FIPS 198-1). U.S. Department of Commerce. https://doi.org/10.6028/NIST.FIPS.198-1

National Institute of Standards and Technology. (2015a). Secure hash standard (SHS) (FIPS 180-4). U.S. Department of Commerce. https://doi.org/10.6028/NIST.FIPS.180-4

National Institute of Standards and Technology. (2015b). SHA-3 standard: Permutation-based hash and extendable-output functions (FIPS 202). U.S. Department of Commerce. https://doi.org/10.6028/NIST.FIPS.202

Rescorla, E. (2018). The Transport Layer Security (TLS) protocol version 1.3 (RFC 8446). Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/rfc8446

Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126. https://doi.org/10.1145/359340.359342

Stallings, W. (2022). Cryptography and network security: Principles and practice (8th ed.). Pearson. https://www.pearson.com/en-us/subject-catalog/p/cryptography-and-network-security-principles-and-practice/P200000003477/9780135764213

Stevens, M., Bursztein, E., Karpman, P., Albertini, A., & Markov, Y. (2017). The first collision for full SHA-1. In Advances in Cryptology β€” CRYPTO 2017 (pp. 570–596). Springer. https://shattered.io

Wang, X., & Yu, H. (2005). How to break MD5 and other hash functions. In Advances in Cryptology β€” EUROCRYPT 2005 (Lecture Notes in Computer Science, vol. 3494, pp. 19–35). Springer. https://doi.org/10.1007/11426639_2