CompTIA Security Plus Mock Test Q1099

Which of the following is true about PKI? (Select TWO).

A. When encrypting a message with the public key, only the public key can decrypt it.
B. When encrypting a message with the private key, only the private key can decrypt it.
C. When encrypting a message with the public key, only the CA can decrypt it.
D. When encrypting a message with the public key, only the private key can decrypt it.
E. When encrypting a message with the private key, only the public key can decrypt it.


Correct Answer: D,E
Section: Cryptography

Explanation:
E: You encrypt data with the private key and decrypt with the public key, though the opposite is much more frequent.
Public-key cryptography, also known as asymmetric cryptography, is a class of cryptographic protocols based on algorithms that require two separate keys, one of which is secret (or
private) and one of which is public. Although different, the two parts of this key pair are mathematically linked.
D: In a PKI the sender encrypts the data using the receiver’s public key. The receiver decrypts the data using his own private key.
PKI is a two-key, asymmetric system with four main components: certificate authority (CA), registration authority (RA), RSA (the encryption algorithm), and digital certificates.
Messages are encrypted with a public key and decrypted with a private key.
A PKI example:
You want to send an encrypted message to Jordan, so you request his public key.
Jordan responds by sending you that key.
You use the public key he sends you to encrypt the message.
You send the message to him.
Jordan uses his private key to decrypt the message.

Incorrect Answers:
A: The private and the public key are mathematically linked and make a key pair. You cannot use two public keys to encrypt and decrypt the data.
B: The private and the public key are mathematically linked and make a key pair. You cannot use two private keys to encrypt and decrypt the data.
C: If you encrypt the data with the public key, the data must be decrypted with the private key. The CA would not be able to decrypt the data by itself.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 279-285