IMPORTANT:

Make sure to complete this hands-on lab on a desktop/laptop only.

There are only 5 attempts permitted per lab.

As a reminder – it is common to not get every question correct on your first try, and even to need to redo a task; this is part of the learning process.

Once a lab is started, the timer cannot be paused. After 1 hour and 30 minutes, the lab will end and you’ll need to start again.

For more information review the Lab technical tips reading.

Activity overview

Encryption is a critical component for protecting data in cloud environments. Security professionals use cryptography to transform information into a form that unintended readers can’t understand. Symmetric and asymmetric keys are cryptographic tools used to secure data and enable secure communication over networks. Each type of key has its own distinct differences and can be deployed for different situations.

• Symmetric Keys: Symmetric key cryptography uses a single key to encrypt and decrypt data. The same key is used by both the sender and the recipient which is why it's called symmetric. Symmetric key cryptography is efficient and fast.

• Asymmetric Keys: Asymmetric key cryptography (also known as public-key cryptography) uses a pair of keys: a public key and a private key. One of the keys is used to encrypt data, while the other key decrypts data. These keys are mathematically related but cannot be derived from each other. Asymmetric cryptography is known for its slow performance. This is due to the use of these two mathematically related keys which are longer than those used in symmetric encryption.

In practice, many secure communication systems use a combination of symmetric and asymmetric cryptography to achieve both efficiency and security. For example, the Hypertext Transfer Protocol Secure (HTTPS) protocol uses asymmetric cryptography for the initial handshake to establish a secure connection, and then switches to symmetric encryption for the actual data transfer.

One of the major problems with symmetric key cryptography involves key distribution. How do you ensure the secure exchange of keys without having the key be compromised or stolen? Asymmetric key cryptography solves this problem by using a public and private key pair. However, it is computationally more expensive, so it’s commonly used for initial key exchange and digital signatures, while symmetric keys are used for the bulk encryption of data.

In this lab, you’ll create both a symmetric key and an asymmetric key to address a request for more space to securely store data.

Scenario

Cymbal Bank stores and processes large amounts of sensitive customer data including financial transactions and personally identifiable information (PII). The CISO, Javier, wants to protect the confidentiality, integrity, and availability of this data while it's at rest, in transit, and in use. Cymbal Bank wants to transfer a large volume of its data from its on-premises servers to the cloud. Your team lead, Chloe, has suggested using a cloud key management system to create and manage encryption keys to facilitate the secure transmission of this data. You have been tasked with creating a symmetric key and an asymmetric key to support this data transmission.

Here’s how you'll do this task: First, you’ll create a symmetric key. Then, you’ll create an asymmetric key.

Setup

Before you click Start Lab

Read these instructions. Labs are timed and you cannot pause them. The timer, which starts when you click Start Lab, shows how long Google Cloud resources will be made available to you.

This practical lab lets you do the activities yourself in a real cloud environment, not in a simulation or demo environment. It does so by giving you new, temporary credentials that you use to sign in and access Google Cloud for the duration of the lab.

To complete this lab, you need:

• Access to a standard internet browser (Chrome browser recommended).

Note: Use an Incognito or private browser window to run this lab. This prevents any conflicts between your personal account and the Student account, which may cause extra charges incurred to your personal account.

• Time to complete the lab---remember, once you start, you cannot pause a lab.

Note: If you already have your own personal Google Cloud account or project, do not use it for this lab to avoid extra charges to your account.

How to start your lab and sign in to the Google Cloud console

1. Click the Start Lab button. On the left is the Lab Details panel with the following:

   • Time remaining
   • The Open Google Cloud console button
   • The temporary credentials that you must use for this lab
   • Other information, if needed, to step through this lab
   Note: If you need to pay for the lab, a pop-up opens for you to select your payment method.

2. Click Open Google Cloud console (or right-click and select Open Link in Incognito Window) if you are running the Chrome browser. The Sign in page opens in a new browser tab.

   Tip: You can arrange the tabs in separate, side-by-side windows to easily switch between them.

   Note: If the Choose an account dialog displays, click Use Another Account.

3. If necessary, copy the Google Cloud username below and paste it into the Sign in dialog. Click Next.

{{{user_0.username | "Google Cloud username"}}}

You can also find the Google Cloud username in the Lab Details panel.

4. Copy the Google Cloud password below and paste it into the Welcome dialog. Click Next.

{{{user_0.password | "Google Cloud password"}}}

You can also find the Google Cloud password in the Lab Details panel.

Important: You must use the credentials the lab provides you. Do not use your Google Cloud account credentials. Note: Using your own Google Cloud account for this lab may incur extra charges.

5. Click through the subsequent pages:
   • Accept the terms and conditions
   • Do not add recovery options or two-factor authentication (because this is a temporary account)
   • Do not sign up for free trials

After a few moments, the Console opens in this tab.

Note: You can view the menu with a list of Google Cloud Products and Services by clicking the Navigation menu at the top-left.

Task 1. Create a symmetric key

In this task, you’ll delve into the intricate process of crafting a symmetric key, complete with considerations for its designated region and the crucial aspect of its protection level. You'll begin by generating a symmetric key with carefully tailored parameters.

1. In the Google Cloud console, click the Navigation menu ().

2. Select Security > Key Management.

3. On the Key Rings tabbed page, click + Create Key Ring.

Now, specify the key details.

4. For Key ring name, enter demo-key-ring.

5. For the Location type category, select Region.

6. Expand the Region drop-down menu, and select .

Note: Be sure to select the specified region, otherwise you get an error. Note: Be sure you select the specified region, otherwise you get an error.

7. Click Create.

8. In the Name and protection level category, in the Key name field, enter demo-key.

   The Protection level should be set to Software by default, if not, select it now.

9. Click Continue. The Key material category expands.

10. For Key material, select Generated key.

11. Click Continue. The Purpose and algorithm category expands.

12. For Purpose, select Symmetric encrypt/decrypt.

13. Click Continue. The Versions category expands.

14. For Key rotation period, select 90 days.

15. For Starting on, leave as the default value.

16. Click Continue. No additional settings are needed.

17. Click Create.

Once the key is created, it can be used for a variety of implementations such as data encryption and decryption.

Symmetric keys are commonly used to encrypt sensitive data before storage or transmission. When data needs to be accessed or shared, the same symmetric key is used to decrypt the encrypted content, ensuring that only authorized parties can access the original information.

Click Check my progress to verify that you have completed this task correctly. Create a symmetric key

Task 2. Create an asymmetric key

In this task, you'll create an asymmetric key with specific settings, including that of its algorithm and protection level.

1. In the Google Cloud console, click the Navigation menu ().

2. Select Security > Key Management. The Key Rings tabbed page opens, listing the newly-created key.

3. Under Name, click the link for the key you created in the previous task: demo-key-ring. The Key ring details page opens.

4. In the Keys tabbed page, click + Create Key.

Now, specify the key details.

5. For Key name, enter demo-asymmetric-key.

6. For Protection Level, select Software.

7. Click Continue. The Key material category expands.

8. For Key Material, select Generated key.

9. Click Continue. The Purpose and algorithm category expands.

10. For Purpose, select Asymmetric decrypt.

11. For Algorithm, leave as the default value.

12. Click Continue.

13. For Versions, no settings are required.

14. Click Continue. No additional settings are needed.

15. Click Create.

The asymmetric key for decryption should now be created.

Asymmetric keys can also be used for digital signatures. Digital signatures help verify the authenticity and integrity of messages, files, or software, ensuring that they have not been tampered with during transmission. Digital signatures use two keys, one for signing which involves the user's private key, and one for verifying signatures which involves the user's public key. The output of the signature process is called the digital signature.

Click Check my progress to verify that you have completed this task correctly. Create an asymmetric key

Conclusion

Great work! Through this lab activity, you have gained practical experience in creating both symmetric and asymmetric keys, which play a crucial role in ensuring secure data and communication over networks.

Having created both types of keys, you now have a better understanding of their significance in cryptography. Your newfound ability to create these keys allows you to assist customers in securely storing large amounts of data.

End your lab

Before you end the lab, make sure you’re satisfied that you’ve completed all the tasks. When you're ready, click End Lab and then click Submit.

Ending the lab will remove your access to the lab environment, and you won’t be able to access the work you've completed in it again.

Copyright 2024 Google LLC All rights reserved. Google and the Google logo are trademarks of Google LLC. All other company and product names may be trademarks of the respective companies with which they are associated.