Certification exams such as Security+, CISSP, and CCSP include several questions about cryptography. In order to achieve various goals, which keys do the sender and receiver use, which key is used first and last, and so on.
If you can draw your own versions of these pictures, you should find those questions very easy.
Symmetric Encryption for Confidentiality
Symmetric ciphers are efficient, we want to use them to protect data which can get bulky. However, this requires a shared secret key and that is difficult to accomplish safely. Your choices include:
- Diffie-Hellman key agreement
- Use asymmetric encryption to establish a symmetric session key: The sender first uses the "Asymmetric for Confidentiality" method below to send a short message specifying the cipher, cipher mode, and session key.
- Out-of-band key management: maybe you ship a DVD full of keys to the other party, or you meet in advance in a safe place to agree on a list of keys.
- QKD or Quantum Key Distribution: send the key via single-photon signaling, so any attempt to intercept the key corrupts the message.
The concept is: "Protect the authentication and key exchange with asymmetric ciphers, protect the data with symmetric ciphers."
However you go about this, you need to do it over and over as these should be session keys. Generate a new session key for every file, or message, or connection, using a good source of entropy or randomness.
Asymmetric Encryption for Confidentiality
You can't trust asymmetric encryption unless you can be absolutely certain that you really have the other party's public key.
So, public keys should come in the form of certificates. These are data structures containing the owner's public key, plus information about the owner and the key, all of that wrapped inside a digital signature made by a trusted third party, the CA or Certificate Authority.
Asymmetric Encryption for Authentication
Asymmetric Encryption for Authentication and Confidentiality
These provide Proof of Origin and Proof of Content. That is, the identity of the sender, and the integrity of the message.
Hashed Message Authentication Code or HMAC
This also provides Proof of Origin and Proof of Content.
HMACs are useful between peers, who share secret keys.
Digital signatures could be used between peers, or in a one-to-many situation. One person has a message for many receivers, all of whom need to trust the source identity and content.