A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. They can be used for both encryption and decryption in symmetric cryptography or can only be used for either encryption or decryption with asymmetric cryptography. Based on the method, the key can be different sizes and varieties, but in all cases, the strength of the encryption relies on the security of the key being maintained. A key’s security strength is dependent on its algorithm, the size of the key, the generation of the key, and the process of key exchange.
Since the key protects the confidentiality and integrity of the system, it is important to be kept secret from unauthorized parties. With public key cryptography, only the private key must be kept secret , but with symmetric cryptography, it is important to maintain the confidentiality of the key. Kerckhoff's principle states that the entire security of the cryptographic system relies on the secrecy of the key.
Key size is the number of bits in the key defined by the algorithm. This size defines the upper bound of the cryptographic algorithm’s security. The larger the key size, the longer it will take before the key is compromised by a brute force attack. Since perfect secrecy is not feasible for key algorithms, researches are now more focused on computational security.
In the past, keys were required to be a minimum of 40 bits in length, however, as technology advanced, these keys were being broken quicker and quicker. As a response, restrictions on symmetric keys were enhanced to be greater in size.
“The keys used in public key cryptography have some mathematical structure. For example, public keys used in the RSA system are the product of two prime numbers. Thus public key systems require longer key lengths than symmetric systems for an equivalent level of security. 3072 bits is the suggested key length for systems based on factoring and integer discrete logarithms which aim to have security equivalent to a 128 bit symmetric cipher.”
To prevent a key from being guessed, keys need to be generated randomly and contain sufficient entropy. The problem of how to safely generate random keys is difficult and has been addressed in many ways by various cryptographic systems. A key can directly be generated by using the output of a Random Bit Generator (RBG), a system that generates a sequence of unpredictable and unbiased bits. A RBG can be used to directly produce either a symmetric key or the random output for an asymmetric key pair generation. Alternatively, a key can also be indirectly created during a key-agreement transaction, from another key or from a password.
Some operating systems include tools for "collecting" entropy from the timing of unpredictable operations such as disk drive head movements. For the production of small amounts of keying material, ordinary dice provide a good source of high-quality randomness.
The security of a key is dependent on how a key is exchanged between parties. Establishing a secured communication channel is necessary so that outsiders cannot obtain the key. A key establishment scheme (or key exchange) is used to transfer an encryption key among entities. Key agreement and key transport are the two types of a key exchange scheme that are used to be remotely exchanged between entities . In a key agreement scheme, a secret key, which is used between the sender and the receiver to encrypt and decrypt information, is set up to be sent indirectly. All parties exchange information (the shared secret) that permits each party to derive the secret key material. In a key transport scheme, encrypted keying material that is chosen by the sender is transported to the receiver. Either symmetric key or asymmetric key techniques can be used in both schemes.
The Diffie–Hellman key exchange and Rivest-Shamir-Adleman (RSA) are the most two widely used key exchange algorithms. In 1976, Whitfield Diffie and Martin Hellman constructed the Diffie–Hellman algorithm, which was the first public key algorithm. The Diffie–Hellman key exchange protocol allows key exchange over an insecure channel by electronically generating a shared key between two parties. On the other hand, RSA is a form of the asymmetric key system which consists of three steps: key generation, encryption, and decryption.
Key confirmation delivers an assurance between the key confirmation recipient and provider that the shared keying materials are correct and established. The National Institute of Standards and Technology recommends key confirmation to be integrated into a key establishment scheme to validate its implementations.
Key management concerns the generation, establishment, storage, usage and replacement of cryptographic keys. A key management system (KMS) typically includes three steps of establishing, storing and using keys. The base of security for the generation, storage, distribution, use and destruction of keys depends on successful key management protocols.
Key vs password
A password is a memorized series of characters including letters, digits, and other special symbols that are used to verify identity. It is often produced by a human user or a password management software to protect personal and sensitive information or generate cryptographic keys. Passwords are often created to be memorized by users and contain non-random information such as dictionary words. On the other hand, a key can help strengthen password protection by implementing a cryptographic algorithm which is difficult to guess or replace the password altogether. A key is generated based on random or pseudo-random data and can often be unreadable to humans.
A password is less safe than a cryptographic key due to its low entropy, randomness, and human-readable properties. However, the password may be the only secret data that is accessible to the cryptographic algorithm for information security in some applications such as securing information in storage devices. Thus, a deterministic algorithm called a key derivation function (KDF) uses a password to generate the secure cryptographic keying material to compensate for the password’s weakness. Various methods such as adding a salt or key stretching may be used in the generation.
- Cryptographic key types
- Group key
- Keyed hash algorithm
- Key authentication
- Key derivation function
- Key distribution center
- Key escrow
- Key exchange
- Key generation
- Key management
- Key schedule
- Key server
- Key signature (cryptography)
- Key signing party
- Key stretching
- Key-agreement protocol
- Password psychology
- Public key fingerprint
- Random number generator
- Session key
- Machine-readable paper key
- Weak key
- Piper, Fred (2002), "Cryptography", Encyclopedia of Software Engineering, American Cancer Society, doi:10.1002/0471028959.sof070, ISBN 978-0-471-02895-6, retrieved 2021-04-09
- "What is a cryptographic key? | Keys and SSL encryption".
- "Asymmetric-Key Cryptography". www.cs.cornell.edu. Retrieved 2021-04-02.
- Chandra, S.; Paira, S.; Alam, S. S.; Sanyal, G. (2014). "A comparative survey of Symmetric and Asymmetric Key Cryptography". 2014 International Conference on Electronics, Communication and Computational Engineering (ICECCE): 83–93. doi:10.1109/ICECCE.2014.7086640.
- Kumar, M. G. V.; Ragupathy, U. S. (March 2016). "A Survey on current key issues and status in cryptography". 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET): 205–210. doi:10.1109/WiSPNET.2016.7566121.
- Mrdovic, S.; Perunicic, B. (September 2008). "Kerckhoffs' principle for intrusion detection". Networks 2008 - The 13th International Telecommunications Network Strategy and Planning Symposium. Supplement: 1–8. doi:10.1109/NETWKS.2008.6231360.
- Hellman, Martin. "An Overview of Public Key Cryptography" (PDF). IEEE Communications Magazine.
- "Anatomy of a change – Google announces it will double its SSL key sizes". Naked Security. 2013-05-27. Retrieved 2021-04-09.
- Dang, Quynh (August 2012). "Recommendation for Applications Using Approved Hash Algorithms" (PDF). Retrieved 2021-04-02.
- Barker, Elaine; Roginsky, Allen (July 2019). "Recommendation for Cryptographic Key Generation" (PDF). Computer Society.
- "Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography" (PDF). Computer Society.
- Yassein, M. B.; Aljawarneh, S.; Qawasmeh, E.; Mardini, W.; Khamayseh, Y. (2017). "Comprehensive study of symmetric key and asymmetric key encryption algorithms". 2017 International Conference on Engineering and Technology (ICET): 1–7. doi:10.1109/ICEngTechnol.2017.8308215.
- Barker, Elaine (January 2016). "Recommendation for Key Management" (PDF). Retrieved 2021-04-02.
- "Recommendation for Password-Based Key Derivation" (PDF). Computer Society.
- Khillar, Sagar. "Difference Between Encryption and Password Protection | Difference Between". Retrieved 2021-04-02.