🔐

PKI and Encryption Types

Jul 11, 2025

Overview

This lecture explains public key infrastructure (PKI), covering both symmetric and asymmetric encryption, key management, and the importance of digital certificates in organizations.

Public Key Infrastructure (PKI)

  • PKI refers to the policies, procedures, hardware, and software for managing digital certificates.
  • PKI handles the creation, distribution, management, storage, and revocation of digital certificates.
  • A certificate authority (CA) is central to PKI, associating certificates with users or devices to establish trust.
  • PKI is fundamental for verifying identities before granting access.

Symmetric Encryption

  • Symmetric encryption uses the same secret key for both encryption and decryption.
  • The secret key must be securely shared among all parties who need to decrypt the data.
  • Managing keys becomes complex as the number of users grows.
  • Symmetric encryption is fast and efficient but can be difficult to scale.
  • It is also called secret key algorithm or shared secret.

Asymmetric Encryption

  • Asymmetric encryption uses two mathematically related keys: a public key (shared) and a private key (kept secret).
  • Data encrypted with the public key can only be decrypted with the private key.
  • The private key cannot be derived from the public key.
  • Applications like PGP/GPG require users to generate a public/private key pair.
  • The public key can be distributed openly, while the private key should be protected, often with a password.

Example: Encrypted Communication

  • Alice generates a public/private key pair and distributes her public key.
  • Bob uses Alice's public key to encrypt a message (plain text), creating cipher text.
  • Only Alice can decrypt the message using her private key, ensuring confidentiality.

Key Management and Escrow

  • In large organizations, managing many key pairs requires planning and possibly third-party key escrow solutions.
  • Key escrow allows organizations to retain private keys for data recovery if users leave or data access is required.
  • Key escrow is sometimes mandatory to maintain data availability.

Key Terms & Definitions

  • Public Key Infrastructure (PKI) — The framework for managing digital certificates and keys.
  • Certificate Authority (CA) — An entity that issues and manages digital certificates.
  • Symmetric Encryption — Encryption using a single secret key for both encryption and decryption.
  • Asymmetric Encryption — Encryption using a pair of related keys: public and private.
  • Key Escrow — Storing private keys with a trusted third party for backup or recovery.

Action Items / Next Steps

  • Review the differences between symmetric and asymmetric encryption.
  • Understand the role and responsibilities of a certificate authority in PKI.
  • Explore how key management and escrow policies impact organizational security.

Full transcript