CertiGuide to Security+  9  Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)       9  4.2  Concepts in Using Cryptography

4.2.1  Confidentiality 1 4.2.2.1  Digital Signatures

Integrity is the assurance that data has not been tampered with – i.e., that it has been unchanged during some period of time since it was created.

Both public/private keys and symmetrical (secret) keys are acceptable for providing confidentiality. Other methods must be employed to ensure full data integrity. Why? Anyone with access to both the key used to decrypt the message (so that they can decrypt it) and the original key used to encrypt the message (so that they can encrypt a substitute message after changing it) can tamper with a message.

In a symmetric key system, this means that anyone with access to the shared secret key can tamper with the message, and change it without being detected.

In an asymmetric key system, because the private is held by only one person (unless someone’s managed to compromise it), it is increasingly difficult to tamper with a message. Usually, if you’re able to decrypt it, because it was encrypted with a public key you have access to, you can’t encrypt it again because you don’t have access to the private key that was used to encrypt it. However, it’s possible to decrypt the message and then use a different public/private key pair to distribute it, misrepresenting that new key pair as the original sender’s key pair. This misrepresentation might involve social engineering, or replacing a user’s public key posted to their web site with the new public key, etc.

4.2.1  Confidentiality 1 4.2.2.1  Digital Signatures