How Can We Help?

CompTIA Section 8 – Cryptographic Solutions

You are here:
< All Topics





Cryptographic Solutions – Study Revision Guide


Cryptographic Solutions – Detailed Study Revision Guide

Core Objectives

  • Explain and distinguish between symmetric and asymmetric encryption algorithms.
  • Understand key management lifecycle and its impact on secure communications.
  • Evaluate hashing algorithms and their application in integrity assurance.
  • Understand the structure and purpose of digital signatures and PKI.
  • Compare data protection mechanisms at rest, in transit, and in use.
  • Identify and explain cryptographic vulnerabilities and related attacks.

1. Cryptographic Fundamentals

Symmetric Encryption

  • Uses one key for both encryption and decryption.
  • Examples: AES (standard), DES (deprecated), Blowfish, ChaCha20
  • Efficient for bulk data encryption.
  • Drawback: Requires secure key exchange method.

Asymmetric Encryption

  • Uses key pairs (public/private).
  • Examples: RSA (widespread), ECC (efficient), Diffie-Hellman (key exchange)
  • Enables digital signatures and non-repudiation.
  • Slower than symmetric but critical for secure negotiation.

2. Hashing Algorithms

  • Converts data into a fixed-length hash value.
  • One-way: cannot be decrypted.
  • Common algorithms: MD5 (obsolete), SHA-1 (insecure), SHA-256 (recommended)
  • Applications: Password storage, digital signatures, file integrity verification
  • Properties: Deterministic, collision-resistant, fast computation

3. Digital Signatures

  • Hash of message is encrypted with sender’s private key.
  • Recipient uses sender’s public key to verify authenticity.
  • Ensures integrity, authenticity, and non-repudiation.
  • Often used in software distribution and secure email.

4. Public Key Infrastructure (PKI)

  • Framework for managing digital certificates and key pairs.
  • Key components:
    • Certificate Authority (CA) – issues certificates
    • Registration Authority (RA) – verifies identities
    • Certificate Revocation List (CRL)
    • Online Certificate Status Protocol (OCSP)
  • Trust model: Hierarchical vs. Web of Trust

5. Encryption Use Cases

Data at Rest

  • Protects stored data (e.g., disk, file, database encryption)
  • Tools: BitLocker, VeraCrypt, FDE solutions

Data in Transit

  • Protects data moving across networks
  • Protocols: TLS/SSL, IPSec, SSH, HTTPS

Data in Use

  • Protects data while being processed
  • Tools: Encrypted memory, HSMs

6. Cryptographic Attacks

  • Birthday Attack – exploits hash collisions
  • Replay Attack – retransmits captured data
  • Man-in-the-Middle – intercepts and alters communications
  • Known-plaintext / Ciphertext-only – targets algorithm weaknesses
  • Downgrade Attack – forces use of weaker protocol
  • Implementation Flaws – e.g., weak random number generators

Study Strategy

Tool Action
Flashcards Define terms and algorithm characteristics
Diagrams Visualize asymmetric encryption and PKI flow
Practice Questions Run 10–15 quiz questions per sub-topic
Summary Sheets Create 1-page summary for each subsection

Exam Tips

  • Watch for keywords: “shared key” = symmetric, “pair” = asymmetric
  • Always consider purpose: encryption, hashing, signing
  • PKI questions often test role of CA and OCSP
  • Distinguish between data states: rest, transit, use


Table of Contents