Cryptographic key: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Sandy Harris
No edit summary
mNo edit summary
 
(14 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{subpages}}
{{PropDel}}<br><br>{{subpages}}
A '''cryptographic key''' is a variable, which acts as an [[Cryptography#Principles of cryptosystems|encryption or decryption key]], produces a desired result: [[plaintext]] if the key is used for decryption or [[ciphertext]] if the key is used for encryption.
{{TOC|right}}


Keys exist for both [[cipher]]s and [[code]]s, although the key for a code is a large codebook, with one or more symbols for each concept that can be encoded.
A '''cryptographic key''' is a variable which influences the behavior of a [[cryptography | cryptographic algorithm]]. A [[cipher]] uses an encryption key for encryption and a decryption key for decryption, a [[digital signature]]
uses a signature keys for signing and verification key for verifying the signature.
The more exotic keyed [[Hash_(cryptography)|hash]] functions use keys to change the behavior of the hash according to which key is used. Generally (and more formally) speaking, a key can be considered an index into a family of functions.


==Encryption key==
==Symmetrical cryptosystems==
An encryption key, which is the same as the decryption key in a symmetrical cryptosystem, but different if the cryptosystem is asymmetrical, is used to transform plaintext to ciphertext.
In a symmetrical cryptosystem, the decryption or signature key can be easily computed from the encryption or verification key. In most practical systems they are identical, and the key is called a '''symmetric key''' or '''secret key'''.  


==Decryption key==
Symmetric keys must be distributed securely, which involves a large administrative overhead if communication between a large number of parties must be protected. It becomes impractical for each pair of users to share a key to protect their communication, so often a central trusted party is introduced. Then every user shares a key with the trusted party, which distributes symmetric keys to each pair of users who want to communicate. [[Kerberos]] is a widespread system implementing this idea.
A decryption key, which is the same as the encryption key in a symmetrical cryptosystem, but different if the cryptosystem is asymmetrical, is used to transform ciphertext to plaintext.


==Symmetrical cryptosystems==
In a symmetrical cryptosystem, the same key is used for encryption and decryption. As a result, it must be protected and often is called a '''secret key'''. Symmetrical cryptosystems are usually faster, and need a key that they can process efficiently. 
===Session keys===
===Session keys===
Modern encryption systems may use a more convenient and secure [[#asymmetric cryptosystem|asymmetric cryptosystem]] to transfer [[session-generating keys]], which are used to generate symmetrical keys used for a short period of time or a certain number of units of [[plaintext]]. The session-generating keys will themselves be encrypted, with a symmetric or asymmetric [[key exchange key]] (KEK).
Modern encryption systems may use a more convenient and secure [[#asymmetric cryptosystem|asymmetric cryptosystem]] to transfer [[session-generating keys]], which are used to generate symmetrical keys used for a short period of time or a certain number of units of [[plaintext]].
 
The session-generating keys may themselves be encrypted, with a symmetric or asymmetric [[key exchange key]] (KEK). Alternately a key agreement protocol such as [[Diffie-Hellman]] may be used; in these the two systems co-operate to securely create a key without transmitting it.


The rules on when and how to switch to a new key during a specific system are specific to the cryptosystem in use. Some such systems, when establishing their connection, negotiate the rules they will use, perhaps using a protocol such as [[internet key exchange]] (IKE).
The rules on when and how to switch to a new key during a specific system are specific to the cryptosystem in use. Some such systems, when establishing their connection, negotiate the rules they will use, perhaps using a protocol such as [[Internet Key Exchange]] (IKE).


==Asymmetrical cryptosystems==
==Asymmetric cryptosystems==
'''Asymmetrical cryptosystems''', also known as '''[[public key]] cryptosystems''' operate around pairs of different keys with a complex mathematical relationship between them. Depending on the application, one is public, at least within a certain group of users, and one is private, to be held secret.
'''Asymmetric cryptosystems''', also known as '''[[public key]] cryptosystems''' operate around pairs of different keys with a complex mathematical relationship between them. Depending on the application, one is public, at least within a certain group of users, and one is private, to be held secret.


When the purpose of the cryptosystem is to ensure the contents of the message cannot be read by an unauthorized person (i.e.,[[content confidentiality]]), the public key is used as the [[encryption key]], while the private key is used for decryption. Only an authorized user in possession of the decryption key can access the plaintext protected by the cryptosystem.  For bilateral communications, there must be a key pair for each direction of communication.
When the purpose of the cryptosystem is to ensure the contents of the message cannot be read by an unauthorized person (i.e.,[[content confidentiality]]), the public key is used as the [[encryption key]], while the private key is used for decryption. Only an authorized user in possession of the decryption key can access the plaintext protected by the cryptosystem.  For bilateral communications, there must be a key pair for each direction of communication.


If the cryptosystem is being used for [[authentication]], a private key is used to encrypt a well-known signature or other credential of the sender. Any receiver can use the public key to decrypt the authentication message; the fact that it can be decrypted with a verified public key validates the sender's identity.
If the cryptosystem is being used for [[authentication]], a private key is used to compute a [[digital signature]] or other credential of the sender. Any receiver can use the public key to verify the authentication message; the fact that it can be decrypted with a verified public key validates the sender's identity.
 
Asymmetric methods are also frequently used with symmetric techniques in [[hybrid cryptosystem]]s.[[Category:Suggestion Bot Tag]]

Latest revision as of 12:00, 3 August 2024

This article may be deleted soon.
To oppose or discuss a nomination, please go to CZ:Proposed for deletion and follow the instructions.

For the monthly nomination lists, see
Category:Articles for deletion.


A cryptographic key is a variable which influences the behavior of a cryptographic algorithm. A cipher uses an encryption key for encryption and a decryption key for decryption, a digital signature uses a signature keys for signing and verification key for verifying the signature. The more exotic keyed hash functions use keys to change the behavior of the hash according to which key is used. Generally (and more formally) speaking, a key can be considered an index into a family of functions.

Symmetrical cryptosystems

In a symmetrical cryptosystem, the decryption or signature key can be easily computed from the encryption or verification key. In most practical systems they are identical, and the key is called a symmetric key or secret key.

Symmetric keys must be distributed securely, which involves a large administrative overhead if communication between a large number of parties must be protected. It becomes impractical for each pair of users to share a key to protect their communication, so often a central trusted party is introduced. Then every user shares a key with the trusted party, which distributes symmetric keys to each pair of users who want to communicate. Kerberos is a widespread system implementing this idea.

Session keys

Modern encryption systems may use a more convenient and secure asymmetric cryptosystem to transfer session-generating keys, which are used to generate symmetrical keys used for a short period of time or a certain number of units of plaintext.

The session-generating keys may themselves be encrypted, with a symmetric or asymmetric key exchange key (KEK). Alternately a key agreement protocol such as Diffie-Hellman may be used; in these the two systems co-operate to securely create a key without transmitting it.

The rules on when and how to switch to a new key during a specific system are specific to the cryptosystem in use. Some such systems, when establishing their connection, negotiate the rules they will use, perhaps using a protocol such as Internet Key Exchange (IKE).

Asymmetric cryptosystems

Asymmetric cryptosystems, also known as public key cryptosystems operate around pairs of different keys with a complex mathematical relationship between them. Depending on the application, one is public, at least within a certain group of users, and one is private, to be held secret.

When the purpose of the cryptosystem is to ensure the contents of the message cannot be read by an unauthorized person (i.e.,content confidentiality), the public key is used as the encryption key, while the private key is used for decryption. Only an authorized user in possession of the decryption key can access the plaintext protected by the cryptosystem. For bilateral communications, there must be a key pair for each direction of communication.

If the cryptosystem is being used for authentication, a private key is used to compute a digital signature or other credential of the sender. Any receiver can use the public key to verify the authentication message; the fact that it can be decrypted with a verified public key validates the sender's identity.

Asymmetric methods are also frequently used with symmetric techniques in hybrid cryptosystems.