Cryptography provides for the integrity, confidentiality, and authenticity of information. Technically speaking, cryptography is the art of encrypting readable plain text into an unreadable format call cipher text. Without a secret key, the cipher text cannot be decrypted. (Well, that may be true in a perfect world, because cryptanalysts have devised ways of cracking many older encryption techniques.) In Solaris, the cryptographic framework provides a repository of algorithms that can be used for cryptographic services. Algorithms are symmetric (secret key) or asymmetric (public key) computational procedures that encrypt or hash whatever you apply them to, such as text or files. In symmetric algorithms, the same key is used for both encryption and decryption—anyone knowing the key can both encrypt and decrypt messages. With asymmetric algorithms, two keys are used: one to encrypt a message and another to decrypt it.
For the exam, be sure you know the difference between symmetric "secret key" or asymmetric "public key" algorithms. Remember that in symmetric algorithms, the same key is used for both encryption and decryption, and in asymmetric algorithms, two keys are used—one to encrypt and another to decrypt a message.
Although cryptography encompasses a whole spectrum of material—enough to accommodate an entire book—in this chapter, we'll examine only what is required by the exam: the Solaris framework for cryptographic services, specifically how to ensure the integrity of files, protect files from eavesdropping, administer the cryptographic framework, and enable a provider to be added to the Solaris cryptographic framework. Providers are cryptographic plug- ins that consumers use. Consumers can be applications, end users, or kernel operations. According to Sun, the framework allows only three types of plug-ins: user-level plug-ins, which are shared objects that provide services by using PKCS #11 libraries; kernel-level plug-ins, which provide for implementations of algorithms in software; and hardware plug-ins, which are device drivers and their associated hardware accelerators.
It's important to remember that the Solaris cryptographic framework allows only three types of plug-ins: user-level plug-ins, kernel-level plug-ins, and hardware plug-ins. This framework helps protect the integrity of files against eavesdropping.
Given the importance of the material in this chapter with regard to the exam, some of the sections are a brief reiteration and elaboration of topics we've touched upon earlier in the book.