Encryption at Rest, in Transit, in Use, and Key Management

Encryption by Data State

Encryption transforms readable plaintext into ciphertext that is useless without the correct key, protecting confidentiality. Security+ SY0-701 Objective 3.3 wants you to identify where encryption is needed (the data state) and how the keys are protected.

Think stolen laptop or exposed storage bucket for at rest; interception, downgrade, or man-in-the-middle for in transit; and protecting a workload while it is actively decrypted in memory for in use.

Symmetric vs Asymmetric

Real systems combine both: TLS uses asymmetric keys to exchange a symmetric session key, then encrypts the bulk traffic with AES. Knowing that hybrid model answers many stems.

Hashing, Salting, and Signatures

A hash (SHA-256, SHA-3) is a one-way digest used for integrity; identical input always yields identical output, but you cannot reverse it. A salt is a unique random value added before hashing a password to defeat precomputed rainbow tables. Key stretching (bcrypt, PBKDF2, Argon2) deliberately slows hashing to resist brute force. A digital signature hashes a message then encrypts the digest with the sender's private key, giving integrity, authenticity, and non-repudiation at once.

The verifier decrypts the signature with the sender's public key and re-hashes the message; if the digests match, the content is unaltered and provably came from the private-key holder.

Watch the directionality trap. For confidentiality you encrypt with the recipient's public key (only their private key decrypts). For a signature you encrypt the digest with your own private key (anyone with your public key verifies). Reversing those is the single most common cryptography mistake on the exam.

PKI and Certificates

A certificate binds a public key to an identity and is issued by a Certificate Authority (CA). The chain runs root CA → intermediate CA → leaf certificate; clients trust the root and validate the chain. Revoked certificates appear on a Certificate Revocation List (CRL) or are checked in real time via Online Certificate Status Protocol (OCSP), often with OCSP stapling so the server presents a signed status. A wildcard certificate (*.example.com) covers all first-level subdomains; a SAN certificate lists multiple specific names.

Key Management Concepts

Worked Scenario

A finance app stores payment records in a database and exports nightly backups to cloud object storage; users reach it through a web portal. The layered answer:

Common Exam Traps

• "Hashing encrypts data" — hashing is one-way integrity, not reversible encryption.
• "Share the private key with a partner" — share public keys; private keys never leave control.
• "TLS protects data after it reaches the server" — TLS protects transit only; once decrypted at the endpoint you need at-rest and in-use controls.
• "A strong algorithm makes hardcoded keys safe" — key exposure defeats any cipher.

Quick Drill

1. Protect a stolen laptop → encryption at rest (FDE/TPM).
2. Protect an API call over the internet → TLS in transit.
3. Prove a publisher signed an installer → digital signature.
4. Store root keys tamper-resistant → HSM.
5. Make records unrecoverable without wiping disks → destroy the key (crypto-shredding).

Cipher Modes and Common Pitfalls

Block ciphers like AES need a mode of operation. ECB encrypts each block independently and leaks patterns, so it is the textbook "wrong" choice; CBC, CTR, and GCM are preferred. GCM (Galois/Counter Mode) is widely tested because it provides authenticated encryption — confidentiality plus integrity in one step — which is why TLS 1.3 mandates AEAD ciphers such as AES-GCM and ChaCha20-Poly1305.

Perfect forward secrecy, achieved with ephemeral Diffie-Hellman (DHE/ECDHE), ensures that compromising a server's long-term key does not let an attacker decrypt past captured sessions, because each session used a unique, discarded key.