Cryptography and PKI
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing CompTIA Security+ premium course — no separate purchase.
Included in this chapter:
- Encryption and key strength: symmetric, asymmetric, key length
- Hashing, salting, key stretching, signatures, obfuscation
- PKI: CAs, trust chains, certificates, revocation
- Exam-pattern recognition: pick the right primitive
Symmetric encryption vs. asymmetric encryption vs. hashing
| Aspect | Symmetric encryption | Asymmetric encryption | Hashing |
|---|---|---|---|
| Keys used | One shared secret key for both encrypt and decrypt | Public/private key pair (encrypt with one, decrypt with the other) | No key (keyed variants are MACs/HMAC) |
| Reversible | Yes: ciphertext decrypts back to plaintext | Yes: ciphertext decrypts back to plaintext | No: one-way, cannot recover input |
| Relative speed | Fast; suited to bulk data | Slow; suited to small payloads and key exchange | Fast |
| Security goal | Confidentiality | Confidentiality, key exchange, digital signatures | Integrity (and password storage with salt) |
| Typical use | Encrypting data at rest and in transit | Exchanging/wrapping a symmetric key, signing | File/download verification, password storage |
| Example algorithms | AES, ChaCha20 | RSA, ECC, Diffie-Hellman (key exchange) | SHA-256, SHA-3 |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
Also tested in
References
- FIPS 197: Advanced Encryption Standard (AES)
- NIST SP 800-57 Part 1 Rev. 5: Recommendation for Key Management
- FIPS 180-4: Secure Hash Standard (SHS)
- NIST SP 800-132: Recommendation for Password-Based Key Derivation (PBKDF2)
- FIPS 186-5: Digital Signature Standard (DSS)
- CompTIA Security+ (SY0-701) Certification