Question
Key Management” Please respond to the following:
Key management is a concept that often causes people anxiety when it comes to test preparation. After reviewing the material this week, describe briefly what digital keys are to you and how you think about them when you are doing your exercises. This may help some of your classmates. Read and comment on your classmates’ posts as well, and see if any of their analogies help you to master this concept.
Sample paper
Key Management
Digital keys refer to a particular way of securing data in transit. Digital keys help in ensuring the security of information between systems. Digital keys help in establishing trust between ecosystems (Tipton & Krause, 2007). The creation of digital keys involves the application of mathematical concepts to encrypt and decrypt raw data. This eliminates eavesdropping by third parties or hackers during the communication process. Digital keys have three major objectives in an information system: confidentiality, integrity, and authentication. Confidentiality involves ensuring that unauthorized parties do not gain access to the data. Integrity of data involves ensuring that there is no alteration of data or information between the sender and the receiver. Authentication ensures that both the sender and the receiver can ascertain each other’s identity.
Digital keys rely on the creation of an algorithm that transforms plain data into decrypted form or ciphertext. The key comprises of a sequence of alphanumeric variables developed through an algorithm (Tipton & Krause, 2007). The sequence of alphanumeric variables is converted back into plaintext through a decryption process. Digital cryptography guarantees parties in the communication process the same level of confidence like parties communicating in the physical world. For instance, two parties communicating through a letter in the physical world may use signature and a sealed envelope to assure the integrity and confidentiality of the information. The sealed envelope helps in ensuring that unauthorized persons do not gain access to the information, while the signature is a way of verifying the sender’s identity. Digital keys work in a similar manner.
There are two key methods of cryptography. These are symmetric and asymmetric cryptography. Symmetric cryptography was the earliest of the methods. Symmetric cryptography involves using a single key in both the encryption and decryption processes (Tipton & Krause, 2007). Both the sender and the receiver share a single key. However, symmetric cryptography brings issues with key management, whereby a small number of users require a very large number of keys for effective communication. The number of keys required for a particular number of users increases almost exponentially, bringing complexities in key management. This has led to the use of asymmetric cryptography. This involves the application of two keys to management the encryption and decryption process. In particular, it involves the application of a public key and private key.
The public key and the private key are interdependent, yet none can work without the other. The public key helps in encrypting data while on the other hand, the private key decrypts data (In Cruz-Cunha, & In Portela, 2015). Public keys are made available to all users, while private keys are confidential to the authorized users only. All individuals having access to the public key can encrypt data but they cannot be able to decrypt the same. Those having the public key cannot be able to derive the private key from it. This makes the system more secure and able to withstand brute-force attacks. Users having the private key must ensure they safeguard it least third parties gain access to information using a leaked private key. During communication, the private keys of users cannot be share or transmitted with the information.
References
In Cruz-Cunha, M. M., In Portela, I. M., & IGI Global,. (2015). Handbook of research on digital crime, cyberspace security, and information assurance.
Tipton, H. F., & Krause, M. (2007). Information security management handbook (6th edition). CRC Press.
Related:
