We have different types of symmetric encryption each one has its characteristics:

For examples

ECB (electronic code block)[less secure]

Each block is encrypted separately and one block is not effect the another block but the same method applied to all block and here is the weakness when ever the hack can protect ourselves so here he can hack ourself easily so the idea behind the Cyber Security is the randomization  and this achieved in the CBC method but this method make us to run the crypto algorithm in parallel 

This is the best description for why ECB is not widely used in encryption as you see for the same bit or color the same encryption result will be generated so we add a level of randomization.

CBC (cypher block chaining)

This type of encryption add another layer of encryption to make this encrypted message is difficult to hacked here we add IV (initialization vector) the previous block will used as a key to encrypt the next block so this method is make the generated block is default to hacked but this method make all blocks depended on the previous one so if one block is corrupted the whole message is corrupted and this may effect the Availability concept that we need to maintain in the CIA triad but the confidentiality is increased and the processing power also this method can run only sequentially block after block so we chose depend our need 

Now we will talk about the Asymmetric encryption method 

We need to add a security to our Cyber so we need to ensure that at the all time we are secured from the outside world so as we disused before Symmetric encryption need to share Same key imagine that you are on the internet and all the unsecured communication are knowing your encryption key are can view your key while you are sharing it or you shared it with untrusted one so we have a lot of weakness in the Symmetric encryption method so that we introduces the Asymmetric encryption algorithms you share your key with every one in the world but you have unshared private key that not share even with the sender so this is the great idea we have two keys one shared with every one need to send me a message so he will use it in encryption but I there is only way to return back this cypher messages into original message through 

Private key only but this method introduce a new challenge to us it is the who is the owner of the received key ? so we will talk about digital signature and digital certificate later in upcoming discussions

Now as you think is there another way to get the advantages of both types 

Of course there is a new method it is hybrid method 

The first algorithm Symmetric encryption we have an issue is that we need to protect our key only the key during the sending through unsecured communication medium 

The second algorithm Asymmetric we solved this issue and now we can share our public keys without any problem but it is not suitable for encrypt large data

So we can use the Asymmetric method during sharing the key of the Symmetric encryption so the remaining communication now can be done through Symmetric encryption method so we now can decrypt and encrypt with fast speed with less key size and low processing 

Let’s move to another important topic it is PKI and Digital Certificate

Now we introduce a new issue MITM (man in the middle ) this is a famous concept in Cyber Security we need to understand it to get the importance of the Digital certificate 

As we discussed before first we need the public key of the receiver to encrypt message with it 

But if the sender sent it we lost the important info it is the “proof of the identity” Who the owner of this received Key? 

Would this key belong to who I need to communicate with ? 

So the Digital Certificate as a standardized and trusted  way to answer the identity question

And fix Non - Repudiation issue in Cyber Security 

Here PKI is came into picture as a frame work that define the processes for managing Digital Certificates 

This hierarchical process help in many things first if intermediate certificate  Authority  is compromised (compromised mean the private key of the Certificate Authority is lost or stolen ) then all issued Certificates with this CA will be comprised only not all the network 

Also help in the concept of trust store we will discuss more about it later 

Ok now we need to talk more about the digital certificates 

Now we know why digital certificate is mandatory let’s talk about how it is work and established and maintained 

Digital Certificate works as your Identity ID in core to the Digital network environment 

Digital Certificate follow X.509 Standard

Digital Certificate: Key Elements

A digital certificate is a crucial component for online security, and its main elements provide essential information:

• Version: Indicates the specific X.509 standard version used.

• Serial Number (S/N): A unique identifier assigned to each digital certificate.

• Signature Algorithm: The algorithm employed to sign the digital certificate, ensuring its authenticity.

• Issuer: The Certificate Authority (CA) responsible for signing and issuing the certificate.

• Subject: The entity (person, organization, or device) to whom the certificate is issued.

• Public Key: The cryptographic key associated with the subject, used for encryption and digital signatures.

• Validity Period: Specifies the start and end dates during which the certificate is active.

• Extensions: Additional information about the certificate, such as key usage, enhanced key usage, and alternative subject names.

• Certificate Signature: Used to verify the identity and integrity of the digital certificate itself.

Before the intermediate bind your public key it is relies on RA ( registration authority ) so this organization will check your identity online or offline whatever the method and the way but after this step the CA can relies on RA to bind your public key and verification name with its own private key 

How does a Digital Certificate bind your public key ?

CA use some information's that create Hash on them first ( Public key - name - issuer - S/N - validity period) then after that bind this hash with CA private Key 

But let’s think of this processes a lit bit 

There is still an issue we still need to share a public key of the CA that the sender need to know the identity of it before use it in a description of Digital Certificate 

Of this is Chicken and egg problem 

But the trust Store and Root CA comes to solve this issue it is a bool of  a verified CAs

This trusted store work as the repository in Linux where that all verified Apps are placed int that repository and when you need to install app you need is set to call Apt command with the application name you need to install or fetch and this will be done automatically for any another App not in that repository you need to check it manually by your own