CompTIA Security Plus Mock Test Q1008

In order to securely communicate using PGP, the sender of an email must do which of the following when sending an email to a recipient for the first time?

A. Import the recipient’s public key
B. Import the recipient’s private key
C. Export the sender’s private key
D. Export the sender’s public key

Correct Answer: A
Section: Cryptography

Explanation:
See step 4 below.
1. When a user encrypts plaintext with PGP, PGP first compresses the plaintext.
2. PGP then creates a session key, which is a one-time-only secret key.
3. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext.
4. Once the data is encrypted, the session key is then encrypted to the recipient’s public key. This public key-encrypted session key is transmitted along with the ciphertext to the
recipient.

Incorrect Answers:
B: The recipient’s public key, not the private key, is used.
C, D: The sender’s key is not used.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 251, 272-273
http://www.pgpi.org/doc/pgpintro/