A company uses PGP to ensure that sensitive email is protected. Which of the following types of
cryptography is being used here for the key exchange?
A.
Symmetric
B.
Session-based
C.
Hashing
D.
Asymmetric
Explanation:
PGP combines symmetric-key encryption and public-key encryption. The message is encrypted
using a symmetric encryption algorithm, which requires a symmetric key. Each symmetric key is
used only once and is also called a session key.
“Instead of using only symmetric encryption, most email applications use asymmetric encryption
to privately share a session key. They then use symmetric encryption to encrypt the data…” from Darril Gibson Study Guide. Is PGP an exception?
0
0
Hi Mike, trust you’re well. Please can you send me the copy of the Darril Gibson Study Guide you’ve got, lemme go through. thanks
0
0
Download it from there : http://www.evenetworks.com/download-comptia-security-study-guide-by-darril-gibson-free/
0
0
BTW, NEW SY0-401 PDF Dumps from Google Drive for Free: https://drive.google.com/open?id=0B-ob6L_QjGLpcG9CWHp3bXlNTTg
0
0
PGP can be used to send messages confidentially. For this, PGP combines symmetric-key encryption and public-key encryption. The message is encrypted using a symmetric encryption algorithm, which requires a symmetric key. Each symmetric key is used only once and is also called a session key. The message and its session key are sent to the receiver. The session key must be sent to the receiver so they know how to decrypt the message, but to protect it during transmission it is encrypted with the receiver’s public key. Only the private key belonging to the receiver can decrypt the session key.
So D!
0
0
I concur with DC. the Answer is D
The key word in here are: “Key Exchange”.
PGP uses both symmetric and asymmetric keys.
To encrypt data, PGP generates a symmetric key to encrypt data which is protected by the asymmetric key.
Asymmetric encryption uses two different keys for the encryption and decryption processes of sensitive information. Both keys are derived from one another and created at the same time
So:
(1) The data is encrypted via a symmetric key,
(1) yet the key exchange is encrypted via an asymmetric key
PRETTY GOOD PRIVACY (PGP)
PGP combines the advantages of both asymmetric and symmetric encryption, while also ownplaying the disadvantages of both.
HOW PGP WORKS
When a user encrypts plaintext with PGP, PGP first compresses the plaintext.
Data compression, among other things, strengthens cryptographic security because it reduces the patterns found in languages.
PGP then creates a session key; this key is a random number generated from the movements of the user’s mouse and the keystrokes he/she types.
Then the random number is run through a symmetric encryption algorithm such as Triple DES, Twofish, CAST, or AES (Rijndael), which generates a one-time-only secret key.
If there is not enough information gathered a window will pop up asking the user to move his/her mouse and type on the keyboard until sufficient random data have been gathered.
The session key works with a very secure, fast conventional (symmetric) encryption algorithm to encrypt the plaintext; the result is ciphertext.
Once the data is encrypted, the session key is then encrypted to the recipient’s public key, using ASYMMETRIC ENCRYPTION such as Diffie-Hellman or RSA.
This public key-encrypted session key is TRANSMITTED along with the ciphertext to the recipient.
https://www.sans.org/reading-room/whitepapers/vpns/pgp-hybrid-solution-717
0
0