Encryption Key Exchange and Key Management

Overview

• Importance of encryption keys being known only by sender and recipient
• Logistical challenges of securely sharing encryption keys, especially over the internet

Key Exchange Methods

Out-of-Band Key Exchange

• Transferring the key without using the network
• Examples:
  • Delivering by hand (person with a briefcase)
  • Using a courier
  • Calling on the phone
  • In-person exchange

In-Band Key Exchange

• Sending information across the network
• Using additional encryption mechanisms to secure the key
• Example: Asymmetric encryption to encrypt a symmetric key and sending it over the network

Asymmetric Key Encryption for Key Exchange

• Encrypting a symmetric key with a server’s public key
• Client sends the encrypted symmetric key to the server
• Server decrypts with its private key
• Use of session keys
  • Temporary and ephemeral
  • Discard and generate a new key for each session

Key Exchange Algorithms

• Building symmetric keys without sending them over the network
• Process:
  • Each party has a private key and the other’s public key
  • Combine own private key with the other’s public key
  • Mathematically related keys create the same symmetric key on both sides
• Applications of key exchange algorithms (Not for encryption or hashing)