Show This article is intended as a primer on the classification of cryptographic keys used for securing digital applications. Introduction Just as there are household keys for the car, front door, garage, etc., cryptographic keys can serve many different purposes. Understanding these keys necessitates a grasp of their classification, i.e. the different types of key and their properties and functions. At its simplest level, a cryptographic key is just a random string consisting of hundreds or thousands of ones and zeroes (i.e. binary digits, or “bits”). However, keys are always created for a specific function, and the associated key meta-data defines the properties of the key. The difference between symmetric and asymmetric keys Firstly, and most importantly, there are two primary types of cryptographic keys: symmetric and asymmetric. The latter always come in mathematically-related pairs consisting of a private key and a public key. The security of cryptographic applications critically depends on symmetric keys and private keys always being kept secret, whilst public keys (as their name suggests) are not secret. The difference between symmetric and asymmetric keys is best illustrated using the example of encrypting a message to protect its confidentiality. Symmetric key encryption algorithms use a single symmetric key for both encryption and decryption, whereas asymmetric key encryption algorithms (aka public key algorithms) use two different but related keys for encryption and decryption. Symmetric algorithms have the advantage in that they are much faster than asymmetric algorithms, and can handle thousands of keys with very little computing overhead. However, the disadvantage is that a symmetric key must be kept secret, and yet has to be transmitted to the receiving end, which means there is a possibility of it being intercepted and used by an eavesdropper to illicitly decrypt the message. In practice, this can be overcome using a key agreement protocol such as Diffie Hellman, but an alternative approach for short messages or low-bandwidth communication is to use an asymmetric algorithm. Here, the sender can encrypt the message with the intended recipient’s public key and the recipient can use their corresponding private key to decrypt it. Anyone intercepting the encrypted message will just see random data; only the intended recipient with the appropriate private key can decrypt the message. While the public key may be freely shared with anyone, the recipient must keep the private key secret. Static vs ephemeral keys and crypto-period Cryptographic keys may be either static (designed for long term usage) or ephemeral (designed to be used only for a single session or transaction). The crypto-period (i.e. lifetime) of static keys may vary from days to weeks, months or even years depending on what they are used for. In general, the more a key is used, the more susceptible it is to attack and the more data is at risk should it be revealed, so it is important to ensure keys are replaced when required (this process is called updating or cycling). Key length and algorithms The length of a key must align with the algorithm that will use it, although most algorithms support a range of different key sizes. In general, the longer a key is, the better security it provides (assuming it is truly random). With symmetric keys, the security they provide theoretically increases exponentially with their length (for any given algorithm) – adding one more bit doubles their resistance against brute-force attacks. This is not true of asymmetric keys, which generally need to be somewhat longer. However, for any key (symmetric or asymmetric), its absolute strength also depends on the algorithm that the key is being used with – some algorithms are inherently stronger than others for any given key length. Hence key length should be chosen based on a number factors such as:
Common functions for cryptographic keys Cryptographic keys are used for a number of different functions, such as those listed below. The properties of the associated key (e.g. type, length, crypto-period) will depend on its intended function.
The importance of key management Where cryptographic keys are used for protecting high-value data, they need to be well managed. Sophisticated key management systems are commonly used to ensure that keys are:
Key management systems often define other properties that enable keys to be manipulated and controlled according to pre-defined policies. For example, keys will usually be assigned an ID or label for reference purposes; there may also be properties that reflect their owner, lifecycle state (e.g. active, expired, revoked, etc.), history (e.g. creation date), which applications are allowed to use them, whether import and export are allowed, and so on. In summary Cryptographic keys come in two fundamental types, symmetric and asymmetric, and have various properties such as length and crypto-period that depend on their intended function. However, regardless of their properties and intended functions, all keys should be properly managed throughout their life to avoid the risk of misuse (e.g. using a key for the wrong purpose or for two different purposes) or compromise. References and further reading
Image: "Keys" courtesy of ke dickinson, Flickr, (CC BY 2.0) What type of encryption uses the same key is used to encrypt and decrypt the data?What is symmetric encryption? In symmetric encryption the same key is used for encryption and decryption. It is therefore critical that a secure method is considered to transfer the key between sender and recipient.
What are the types of keys used for encryption?Types of keys. DATA keys can be either encrypted under the master key or in the clear (See Clear keys for details on using clear keys). DATA key can be used to encrypt data and generate MACs.. CIPHER keys are encrypted under the master key. CIPHER keys can only be used to encrypt data.. Which type of encryption uses only one key?Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic data. The entities communicating via symmetric encryption must exchange the key so that it can be used in the decryption process.
In which encryption technique only one key is used by sender and receiver?1. Secret key cryptography (symmetrical encryption): Both the sender and receiver must use the same key to encrypt and decrypt messages being sent.
|