CertiGuide to Security+  9  Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)       9  4.2  Concepts in Using Cryptography

4.2  Concepts in Using Cryptography 1 4.2.2  Integrity

Confidentiality involves passing a message among authorized parties without any unauthorized parties who obtain it, through eavesdropping or other techniques, being able to understand it.³⁹⁵ Cryptography provides confidentiality by scrambling the message before it is passed, so that even if unauthorized individuals get a copy of the scrambled message, it isn’t feasible for them to figure out its original contents in ample time. Only the intended receiver of a message can decrypt it.

This works provided the key is not detected or broken. As we mentioned earlier, keys come in two flavors, secret key (symmetric encryption) or public/private key (asymmetric encryption), and either type can be used to enforce confidentiality.

To enforce confidentiality with asymmetric encryption, you would obtain the recipient’s public key and encrypt the message with the public key of its recipient before sending it; the recipient would decrypt it with his private key upon receipt. Since you can only encrypt a message with a single public key at a time, this allows you to send a specific confidential message to only one person at a time. If you want to communicate confidentially with multiple people using asymmetric cryptography, you have to send a separate message to each recipient, each encrypted with the receiver’s public key.

To enforce confidentiality with symmetric encryption, you would encrypt the message with the shared secret key, and the intended receivers would decrypt it using the same shared-secret key. Because anyone who possesses the shared secret key can decrypt the message, messages encrypted with symmetric encryption can be sent to multiple people at a time, rather than requiring a separate message per recipient, as with asymmetric methods.

4.2  Concepts in Using Cryptography 1 4.2.2  Integrity