Cryptographic Solutions and Lifecycle

Choosing the Right Lock for the Right Door

Cryptography appears on the CISSP exam more than almost any other technical topic. But here is what catches people off guard: the exam rarely asks you to calculate anything. It does not care whether you can explain the Feistel structure of DES or the mathematics behind elliptic curves. What it cares about is whether you can select the right cryptographic tool for a given situation and manage the keys properly over their entire lifetime.

Cryptography provides confidentiality, integrity, authentication, and non-repudiation. The skill the exam tests is knowing which combination a scenario requires and which algorithm delivers it.

This module covers CISSP exam objective 3.6: select and determine cryptographic solutions. Think of this as the manager’s guide to cryptography — when to use what, why the key management decisions matter more than the algorithm choice, and how the landscape is shifting with quantum computing.

Symmetric Encryption

Symmetric encryption uses a single shared key for both encryption and decryption. The sender and receiver must both possess the same key, and the security of the system depends entirely on keeping that key secret.

Characteristics

• Fast — Symmetric algorithms are orders of magnitude faster than asymmetric ones, making them the standard choice for encrypting large volumes of data
• Key distribution problem — Both parties need the same key, but transmitting that key securely is itself a challenge. This is the fundamental weakness of symmetric encryption.
• Scalability — In a group of n users, symmetric encryption requires n(n-1)/2 unique keys for every pair to communicate privately. Ten users need 45 keys. A hundred users need 4,950.

Key Algorithms

• AES (Advanced Encryption Standard) — The current standard. Supports 128, 192, and 256-bit key lengths. AES-256 is the default choice for most organizations and compliance frameworks. Block cipher with 128-bit blocks.
• 3DES (Triple DES) — Applies DES three times with two or three different keys. Deprecated by NIST as of 2023 — still appears on the exam but you should know it is being phased out.
• Blowfish / Twofish — Alternative block ciphers. Twofish was an AES finalist. Seen in some legacy systems.
• ChaCha20 — A stream cipher gaining adoption for TLS connections, especially on mobile devices where AES hardware acceleration may not be available.

Block vs. stream ciphers: Block ciphers (AES, 3DES) encrypt fixed-size blocks of data. Stream ciphers (ChaCha20, RC4) encrypt data one bit or byte at a time. Block ciphers are more common in practice. RC4 is deprecated — do not select it for any scenario on the exam.

Asymmetric Encryption

Asymmetric encryption uses a mathematically related key pair: a public key (shared openly) and a private key (kept secret). What one key encrypts, only the other can decrypt.

Characteristics

• Solves key distribution — The public key can be shared with anyone. Only the private key holder can decrypt messages encrypted with the public key.
• Slower than symmetric — Significantly more computationally expensive. Not practical for bulk data encryption.
• Enables digital signatures — Signing with the private key allows anyone with the public key to verify authenticity and integrity.
• Scalability — Each user needs only one key pair regardless of how many people they communicate with. A hundred users need 100 key pairs, not 4,950 shared keys.

Key Algorithms

• RSA — The most widely deployed asymmetric algorithm. Used for encryption and digital signatures. Key sizes of 2048 or 4096 bits are standard. Security is based on the difficulty of factoring large prime numbers.
• ECC (Elliptic Curve Cryptography) — Achieves equivalent security to RSA with much smaller key sizes. A 256-bit ECC key provides comparable security to a 3072-bit RSA key. Preferred for mobile and IoT environments where processing power is limited.
• Diffie-Hellman (DH) — Not an encryption algorithm — it is a key exchange protocol. Allows two parties to agree on a shared secret over an insecure channel. Used in TLS, IPSec, and many VPN implementations. ECDH is the elliptic curve variant.
• DSA (Digital Signature Algorithm) — Used only for digital signatures, not encryption. Being replaced by ECDSA in most implementations.

Hybrid Cryptography

In practice, symmetric and asymmetric encryption are used together. This is how TLS, S/MIME, PGP, and most real-world cryptographic systems work:

1. Asymmetric encryption (or key exchange like DH) establishes a shared session key securely
2. Symmetric encryption (AES) encrypts the actual data using that session key
3. This combines the key distribution advantage of asymmetric with the speed of symmetric

When the exam describes a protocol that “uses RSA and AES,” this is hybrid cryptography. RSA handles the key exchange; AES handles the bulk encryption.

Hashing

A hash function takes input of any size and produces a fixed-size output (the hash or digest). Hashing is a one-way function — you cannot reverse the hash to recover the original input.

Properties of a Secure Hash

• Deterministic — The same input always produces the same output
• Fixed output length — Regardless of input size, the hash length is constant
• Avalanche effect — A tiny change in input produces a dramatically different hash
• Pre-image resistance — Given a hash, it should be computationally infeasible to find the original input
• Collision resistance — It should be computationally infeasible to find two different inputs that produce the same hash

Common Hash Algorithms

• SHA-256 / SHA-3 — Current standards. SHA-256 is part of the SHA-2 family and is widely used in TLS certificates, code signing, and blockchain. SHA-3 is the newest standard, based on a different internal structure (Keccak).
• MD5 — Broken. Collision attacks are trivial. Should never be selected for security purposes. Still appears on the exam as a “what went wrong” answer.
• SHA-1 — Deprecated. Collision attacks demonstrated in 2017. Certificate authorities no longer issue SHA-1 certificates.

HMAC (Hash-based Message Authentication Code) — Combines a hash function with a secret key to provide both integrity and authentication. HMAC-SHA256 is a common choice. Unlike a plain hash, HMAC proves that the message was created by someone who knows the shared secret.

Digital Signatures

A digital signature provides three things that a hash alone cannot: integrity (the message was not modified), authentication (the message came from the claimed sender), and non-repudiation (the sender cannot deny having signed it).

The signing process:

1. The sender creates a hash of the message
2. The sender encrypts the hash with their private key — this is the signature
3. The receiver decrypts the signature with the sender’s public key
4. The receiver independently hashes the received message and compares the two hashes
5. If they match, the message is authentic and unmodified

Key point for the exam: encryption with the public key provides confidentiality. Signing with the private key provides authentication and non-repudiation. These are different operations using different keys from the same pair.

Public Key Infrastructure (PKI)

PKI is the framework that binds public keys to identities. Without PKI, you have no way to confirm that a public key actually belongs to who claims to own it.

PKI Components

• Certificate Authority (CA) — The trusted third party that issues, signs, and revokes digital certificates. The CA vouches for the binding between a public key and an identity.
• Registration Authority (RA) — Verifies the identity of certificate requestors before the CA issues the certificate. The RA handles the vetting; the CA handles the signing.
• Digital Certificate (X.509) — Contains the subject’s public key, identity information, the CA’s signature, validity dates, and the serial number. X.509 is the standard format.
• Certificate Revocation List (CRL) — A published list of certificates that the CA has revoked before their expiration date. Checked by relying parties to ensure a certificate is still valid.
• Online Certificate Status Protocol (OCSP) — A real-time alternative to CRLs. Instead of downloading a full list, the client queries the CA about a specific certificate’s status.
• OCSP Stapling — The server periodically obtains its own OCSP response from the CA and “staples” it to the TLS handshake, so the client does not need to contact the CA separately.

Certificate Trust Models

• Hierarchical (single root) — One root CA at the top, with subordinate CAs beneath it. Most common in enterprise environments. If the root CA is compromised, the entire trust chain fails.
• Cross-certification (mesh) — Two or more CAs agree to trust each other’s certificates. Used when separate organizations need to establish trust without a common root.
• Web of Trust — Users vouch for each other’s identities without a central CA. Used in PGP/GPG. Not scalable for enterprise use.

Key Management Lifecycle

The algorithm you choose matters far less than how you manage the keys. A perfectly implemented AES-256 deployment is worthless if the keys are stored in a plaintext file on a shared drive. The key management lifecycle is where most real-world cryptographic failures occur.

1. Generation — Keys must be generated using a cryptographically secure random number generator (CSPRNG). Predictable key generation undermines the entire system. Hardware Security Modules (HSMs) are the standard for generating keys in high-assurance environments.
2. Distribution — Keys must be transmitted securely to authorized parties. Out-of-band distribution (delivering keys through a separate channel from the encrypted data) reduces interception risk. Asymmetric encryption solves this for symmetric key exchange.
3. Storage — Keys must be protected at rest. HSMs, key vaults (AWS KMS, Azure Key Vault, HashiCorp Vault), and hardware tokens provide secure storage. Keys should never be stored alongside the data they protect.
4. Usage — Keys should be used only for their intended purpose. A key used for encryption should not also be used for signing. Separation of key usage reduces the impact of compromise.
5. Rotation — Keys should be changed periodically. Rotation limits the amount of data encrypted with any single key, reducing the impact of a key compromise. Automated rotation reduces operational risk.
6. Revocation — When a key is compromised or no longer needed, it must be revoked immediately. For certificates, this means CRL or OCSP updates. For symmetric keys, this means distributing a new key to all parties.
7. Destruction — When a key reaches end of life, it must be destroyed securely. Crypto-shredding — destroying the encryption key to render encrypted data permanently unrecoverable — is a valid data disposal technique (covered in Module 14).

Key escrow — Storing a copy of the encryption key with a trusted third party. This enables data recovery if the key holder is unavailable. Government and law enforcement have historically pushed for key escrow, which creates tension with privacy. The exam may present this as a policy decision.

Cryptographic Protocols in Practice

TLS (Transport Layer Security)

TLS protects data in transit. TLS 1.3 is the current standard, with significant improvements over TLS 1.2:

• Reduced handshake to one round trip (from two in TLS 1.2)
• Removed support for weak cipher suites (RC4, 3DES, static RSA key exchange)
• Mandatory Perfect Forward Secrecy (PFS) — even if the server’s private key is compromised later, past session traffic cannot be decrypted because each session used a unique ephemeral key

SSL (Secure Sockets Layer) is the predecessor to TLS. All SSL versions (including SSLv3) are deprecated and vulnerable. When the exam mentions “SSL/TLS,” the correct answer always involves TLS, not SSL.

IPSec

IPSec operates at the network layer (Layer 3) and provides two modes:

• Transport mode — Encrypts only the payload of each IP packet. The original IP header remains visible. Used for host-to-host communication.
• Tunnel mode — Encrypts the entire original IP packet and encapsulates it with a new header. Used for site-to-site VPNs where the original source and destination addresses must be hidden.

IPSec protocols:

• AH (Authentication Header) — Provides integrity and authentication but not confidentiality. Does not encrypt data.
• ESP (Encapsulating Security Payload) — Provides confidentiality, integrity, and authentication. This is what most VPN implementations use.
• IKE (Internet Key Exchange) — Handles the key exchange and security association negotiation. IKEv2 is the current version.

S/MIME (Secure/Multipurpose Internet Mail Extensions)

S/MIME provides email encryption and digital signatures using PKI certificates. It differs from PGP in that S/MIME relies on a hierarchical CA trust model, while PGP uses a web of trust. S/MIME is more common in enterprise environments because it integrates with existing PKI infrastructure.

Blockchain and Cryptography

Blockchain uses cryptographic hashing to chain blocks together, creating an immutable ledger. Each block contains a hash of the previous block, so modifying any block would break the chain from that point forward.

For CISSP purposes, understand that blockchain provides integrity (tamper evidence through hashing) and non-repudiation (transactions are signed with private keys). It does not inherently provide confidentiality — most blockchain data is visible to all participants.

Quantum Computing and Cryptography

Quantum computing threatens the mathematical assumptions that underpin current asymmetric cryptography:

• RSA and ECC are vulnerable — Shor’s algorithm, running on a sufficiently powerful quantum computer, can factor large primes and solve the elliptic curve discrete logarithm problem in polynomial time. This would break RSA, ECC, DH, and DSA.
• Symmetric encryption is partially affected — Grover’s algorithm effectively halves the key length. AES-128 provides only 64 bits of security against quantum attack. AES-256 provides 128 bits, which remains considered sufficient.
• Hashing is partially affected — Grover’s algorithm also applies to hash functions, but the impact is manageable by using longer hash outputs (SHA-256 and above).

Post-quantum cryptography — NIST is standardizing quantum-resistant algorithms. Organizations should begin inventorying their cryptographic dependencies and planning for migration. The concept of “harvest now, decrypt later” means adversaries may be collecting encrypted data today with the intent of decrypting it once quantum computers are available.

Pattern Recognition

Cryptography questions on the CISSP follow these patterns:

• “Which provides non-repudiation?” — Digital signatures (private key signing). Symmetric encryption alone cannot provide non-repudiation because both parties share the same key.
• “How to securely share a symmetric key?” — Asymmetric encryption or Diffie-Hellman key exchange. Out-of-band delivery is the alternative.
• “What is the FIRST step when a CA is compromised?” — Revoke all certificates issued by that CA.
• “Which algorithm for bulk data encryption?” — AES (symmetric). Never RSA or ECC for bulk data.
• “What protects data integrity without encryption?” — Hashing (SHA-256) or HMAC. Integrity does not require confidentiality.
• “Key management failure” — Keys stored in plaintext, keys never rotated, keys not destroyed at end of life, same key used for multiple purposes.

Trap Patterns

Watch for these wrong answers:

• “RSA for encrypting large files” — RSA is too slow for bulk encryption. It is used for key exchange or signing, not for encrypting data directly.
• “MD5 or SHA-1 for integrity verification” — Both are deprecated. Any scenario asking for a current hashing solution should use SHA-256 or SHA-3.
• “Longer key length is always better” — Key length must be balanced against performance. ECC achieves equivalent security to RSA with much shorter keys. The exam values selecting appropriate key length over maximum key length.
• “Encryption provides non-repudiation” — Only digital signatures provide non-repudiation. Symmetric encryption provides confidentiality. Even asymmetric encryption alone does not provide non-repudiation without the signing process.
• “The algorithm is the most important decision” — Key management is more important. A well-managed AES implementation is far more secure than a poorly managed one using a theoretically stronger algorithm.

Scenario Practice

Question 1

A healthcare organization needs to send patient records to an external research partner. The data must remain confidential during transmission, and the research partner must be able to verify that the records were not modified in transit and that they originated from the healthcare organization.

What cryptographic approach satisfies ALL of these requirements?

A. Encrypt the records with the research partner’s public key
B. Encrypt the records with AES and share the key via secure email
C. Digitally sign the records and encrypt them with the research partner’s public key (or a hybrid approach using TLS with mutual authentication)
D. Hash the records with SHA-256 and send the hash alongside the data

Question 2

An organization discovers that the private key for its root Certificate Authority was stored on an unencrypted file share accessible to 50 employees for the past six months. There is no evidence of unauthorized access, but the exposure cannot be ruled out.

What is the FIRST action?

A. Move the private key to an HSM and restrict access
B. Revoke all certificates issued by the compromised CA and issue new certificates from a new CA with a properly protected key
C. Monitor for suspicious certificate usage before taking action
D. Change the passphrase on the private key file

Question 3

A security architect is designing a VPN solution to connect two corporate offices. The requirements specify that the original IP addresses of internal hosts must not be visible to anyone monitoring the connection between sites, and both data confidentiality and integrity are required.

Which IPSec configuration meets these requirements?

A. Transport mode with AH
B. Transport mode with ESP
C. Tunnel mode with AH
D. Tunnel mode with ESP

Key Takeaway

Think of cryptography on the CISSP as a selection problem, not a math problem. For every scenario, ask four questions: What security service do I need (confidentiality, integrity, authentication, non-repudiation)? Symmetric or asymmetric — or both? Which specific algorithm fits this use case? And most importantly — how will the keys be generated, stored, distributed, rotated, and destroyed? If you can answer those four questions, you can answer any cryptography question on the exam. The algorithm is the easy part. The key management is where organizations succeed or fail.