What type of key is used for only one single key?

SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client (e.g., Outlook). It allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. To establish this secure connection, the browser and the server need an SSL Certificate.

But how is this accomplished? How is data encrypted so that no one—including the world’s biggest super computers—can crack it?

This article explains the technology at work behind the scenes of SSL encryption. It covers asymmetric and symmetric keys and how they work together to create an SSL-encrypted connection. It also covers different types of algorithms that are used to create these keys—including the mathematical equations that make them virtually impossible to crack.

Not sure you understand the basics of SSL Certificates and technology? Learn about SSL Certificates >>

Asymmetric Encryption

Asymmetric encryption (or public-key cryptography) uses a separate key for encryption and decryption. Anyone can use the encryption key (public key) to encrypt a message. However, decryption keys (private keys) are secret. This way only the intended receiver can decrypt the message. The most common asymmetric encryption algorithm is RSA; however, we will discuss algorithms later in this article.

Asymmetric keys are typically 1024 or 2048 bits. However, keys smaller than 2048 bits are no longer considered safe to use. 2048-bit keys have enough unique encryption codes that we won’t write out the number here (it’s 617 digits). Though larger keys can be created, the increased computational burden is so significant that keys larger than 2048 bits are rarely used. To put it into perspective, it would take an average computer more than 14 billion years to crack a 2048-bit certificate. Learn more >>

Symmetric Encryption

Symmetric encryption (or pre-shared key encryption) uses a single key to both encrypt and decrypt data. Both the sender and the receiver need the same key to communicate.

Symmetric key sizes are typically 128 or 256 bits—the larger the key size, the harder the key is to crack. For example, a 128-bit key has 340,282,366,920,938,463,463,374,607,431,768,211,456 encryption code possibilities. As you can imagine, a ‘brute force’ attack (in which an attacker tries every possible key until they find the right one) would take quite a bit of time to break a 128-bit key.

Whether a 128-bit or 256-bit key is used depends on the encryption capabilities of both the server and the client software. SSL Certificates do not dictate what key size is used.

Which Is Stronger?

Since asymmetric keys are bigger than symmetric keys, data that is encrypted asymmetrically is tougher to crack than data that is symmetrically encrypted. However, this does not mean that asymmetric keys are better. Rather than being compared by their size, these keys should compared by the following properties: computational burden and ease of distribution.

Symmetric keys are smaller than asymmetric, so they require less computational burden. However, symmetric keys also have a major disadvantage—especially if you use them for securing data transfers. Because the same key is used for symmetric encryption and decryption, both you and the recipient need the key. If you can walk over and tell your recipient the key, this isn’t a huge deal. However, if you have to send the key to a user halfway around the world (a more likely scenario) you need to worry about data security.

Asymmetric encryption doesn’t have this problem. As long as you keep your private key secret, no one can decrypt your messages. You can distribute the corresponding public key without worrying who gets it. Anyone who has the public key can encrypt data, but only the person with the private key can decrypt it.

How SSL Uses both Asymmetric and Symmetric Encryption

Public Key Infrastructure (PKI) is the set of hardware, software, people, policies, and procedures that are needed to create, manage, distribute, use, store, and revoke digital certificates. PKI is also what binds keys with user identities by means of a Certificate Authority (CA). PKI uses a hybrid cryptosystem and benefits from using both types of encryption. For example, in SSL communications, the server’s SSL Certificate contains an asymmetric public and private key pair. The session key that the server and the browser create during the SSL Handshake is symmetric. This is explained further in the diagram below.

1. Server sends a copy of its asymmetric public key.
2. Browser creates a symmetric session key and encrypts it with the server's asymmetric public key. Then sends it to the server.
3. Server decrypts the encrypted session key using its asymmetric private key to get the symmetric session key.
4. Server and Browser now encrypt and decrypt all transmitted data with the symmetric session key. This allows for a secure channel because only the browser and the server know the symmetric session key, and the session key is only used for that session. If the browser was to connect to the same server the next day, a new session key would be created.

Public-Key Encryption Algorithms

Public-key cryptography (asymmetric) uses encryption algorithms like RSA and Elliptic Curve Cryptography (ECC) to create the public and private keys. These algorithms are based on the intractability* of certain mathematical problems.

With asymmetric encryption it is computationally easy to generate public and private keys, encrypt messages with the public key, and decrypt messages with the private key. However, it is extremely difficult (or impossible) for anyone to derive the private key based only on the public key.

RSA

RSA is based on the presumed difficulty of factoring large integers (integer factorization). Full decryption of an RSA ciphertext is thought to be infeasible on the assumption that no efficient algorithm exists for integer factorization.

A user of RSA creates and then publishes the product of two large prime numbers, along with an auxiliary value, as their public key. The prime factors must be kept secret. Anyone can use the public key to encrypt a message, but only someone with knowledge of the prime factors can feasibly decode the message.

RSA stands for Ron Rivest, Adi Shamir, and Leonard Adleman— the men who first publicly described the algorithm in 1977.

ECC

Elliptic curve cryptography (ECC) relies on the algebraic structure of elliptic curves over finite fields. It is assumed that discovering the discrete logarithm of a random elliptic curve element in connection to a publicly known base point is impractical.

The use of elliptic curves in cryptography was suggested by both Neal Koblitz and Victor S. Miller independently in 1985; ECC algorithms entered common use in 2004.

The advantage of the ECC algorithm over RSA is that the key can be smaller, resulting in improved speed and security. The disadvantage lies in the fact that not all services and applications are interoperable with ECC-based SSL Certificates.

Pre-Shared Key Encryption Algorithms

Pre-shared key encryption (symmetric) uses algorithms like Twofish, AES, or Blowfish, to create keys—AES currently being the most popular. All of these encryption algorithms fall into two types: stream ciphers and block ciphers. Stream ciphers apply a cryptographic key and algorithm to each binary digit in a data stream, one bit at a time. Block ciphers apply a cryptographic key and algorithm to a block of data (for example, 64 sequential bits) as a group. Block ciphers are currently the most common symmetric encryption algorithm.

*Note:    Problems that can be solved in theory (e.g., given infinite time), but which in practice take too long for their solutions to be useful are known as intractable problems.

This article is intended as a primer on the classification of cryptographic keys used for securing digital applications.

Introduction

Just as there are household keys for the car, front door, garage, etc., cryptographic keys can serve many different purposes. Understanding these keys necessitates a grasp of their classification, i.e. the different types of key and their properties and functions.

At its simplest level, a cryptographic key is just a random string consisting of hundreds or thousands of ones and zeroes (i.e. binary digits, or “bits”). However, keys are always created for a specific function, and the associated key meta-data defines the properties of the key.

The difference between symmetric and asymmetric keys

Firstly, and most importantly, there are two primary types of cryptographic keys: symmetric and asymmetric. The latter always come in mathematically-related pairs consisting of a private key and a public key. The security of cryptographic applications critically depends on symmetric keys and private keys always being kept secret, whilst public keys (as their name suggests) are not secret.

The difference between symmetric and asymmetric keys is best illustrated using the example of encrypting a message to protect its confidentiality. Symmetric key encryption algorithms use a single symmetric key for both encryption and decryption, whereas asymmetric key encryption algorithms (aka public key algorithms) use two different but related keys for encryption and decryption.

Symmetric algorithms have the advantage in that they are much faster than asymmetric algorithms, and can handle thousands of keys with very little computing overhead. However, the disadvantage is that a symmetric key must be kept secret, and yet has to be transmitted to the receiving end, which means there is a possibility of it being intercepted and used by an eavesdropper to illicitly decrypt the message.

In practice, this can be overcome using a key agreement protocol such as Diffie Hellman, but an alternative approach for short messages or low-bandwidth communication is to use an asymmetric algorithm. Here, the sender can encrypt the message with the intended recipient’s public key and the recipient can use their corresponding private key to decrypt it. Anyone intercepting the encrypted message will just see random data; only the intended recipient with the appropriate private key can decrypt the message. While the public key may be freely shared with anyone, the recipient must keep the private key secret.

Static vs ephemeral keys and crypto-period

Cryptographic keys may be either static (designed for long term usage) or ephemeral (designed to be used only for a single session or transaction). The crypto-period (i.e. lifetime) of static keys may vary from days to weeks, months or even years depending on what they are used for. In general, the more a key is used, the more susceptible it is to attack and the more data is at risk should it be revealed, so it is important to ensure keys are replaced when required (this process is called updating or cycling).

The length of a key must align with the algorithm that will use it, although most algorithms support a range of different key sizes. In general, the longer a key is, the better security it provides (assuming it is truly random).

With symmetric keys, the security they provide theoretically increases exponentially with their length (for any given algorithm) – adding one more bit doubles their resistance against brute-force attacks. This is not true of asymmetric keys, which generally need to be somewhat longer.

However, for any key (symmetric or asymmetric), its absolute strength also depends on the algorithm that the key is being used with – some algorithms are inherently stronger than others for any given key length.

Hence key length should be chosen based on a number factors such as:

• The algorithm being used

• The strength of security required

• The amount of data being processed with the key

• The crypto-period of the key

Common functions for cryptographic keys

Cryptographic keys are used for a number of different functions, such as those listed below. The properties of the associated key (e.g. type, length, crypto-period) will depend on its intended function.

1. Data Encryption Key
   As previously discussed, data may be encrypted to protect its confidentiality using either a symmetric key or an asymmetric key. Typical symmetric algorithms include 3DES and AES with key lengths varying between 128 and 256 bits, and a typical asymmetric algorithm is RSA with a key length between 1,024 and 4,096 bits. Symmetric encryption keys may be ephemeral, or they may be static with a crypto-period commonly in the range of a day to a year, whereas asymmetric key-pairs typically have a longer lifetime of 1 to 5 years. Keys may have to be retained beyond their crypto-period, or even indefinitely, if the data is to be stored in encrypted form and subsequent access (i.e. decryption) is required at a later date.

2. Authentication Key
   Without getting into semantics, authentication is used to provide assurance about the integrity and/or originator of the associated data, and is often used alongside symmetric encryption. This is typically achieved with a fast and efficient keyed-hash message authentication code (HMAC) mechanism, which uses a symmetric key. Using the SHA-2 algorithm, the typical key length is between 224 and 512 bits, and may be ephemeral or static, but usually has a relatively short lifetime. Some encryption algorithms support modes (e.g. AES-GCM) that provide authentication without the need for a separate authentication key.

3. Digital Signature Key
   As with authentication, digital signatures provide assurance about the integrity and originator of the associated data, but go one step further and also include the concept of non-repudiation, whereby the signatory cannot reasonably claim the signature was falsified. This requires an asymmetric algorithm such as RSA (key length 1,024 – 4,096 bits) or ECDSA (key length 224 – 521 bits). The private key lifetime is usually measured in years, but the corresponding public key has an indefinite lifetime, as it may be necessary to verify the signature at any arbitrary point in the future.

4. Key Encryption Key (aka Key Wrapping Key or Key Transport Key)
   When a secret key has to be transported securely, it must be “wrapped” using an authenticated encryption mechanism to ensure its confidentiality, integrity and authenticity. Either symmetric or asymmetric encryption may be used, depending on the application. The key used for this encryption is a static, long-term key (it’s purpose being to support frequent updates to the key that is being transported), with its length depending on the algorithm being used.

5. Master Key
   A master key is a symmetric key that is used to encrypt multiple subordinate keys. Its length will typically be 128 – 256 bits, depending on the algorithm used, and it will have a very long life, possibly even indefinite. It must therefore be well protected, e.g. by using a hardware security module (HSM).

1. Root Key
   A root key is the topmost key in a Public Key Infrastructure (PKI) hierarchy, which is used to authenticate and sign digital certificates. It is actually an asymmetric key-pair with a length typically between 256 and 4,096 bits depending on the digital signature algorithm used. Such a key usually has a lifetime of several years, and the private key will often be protected using an HSM.

The importance of key management

Where cryptographic keys are used for protecting high-value data, they need to be well managed. Sophisticated key management systems are commonly used to ensure that keys are:

• generated to the required length using a high-quality random data source

• well protected (generally using an HSM)

• managed only by authorized personnel in accordance with defined policies

• used only for the functions they were intended for

• updated according to their crypto-period

• deleted when no longer required

• fully auditable to provide evidence of correct (or incorrect) usage

Key management systems often define other properties that enable keys to be manipulated and controlled according to pre-defined policies. For example, keys will usually be assigned an ID or label for reference purposes; there may also be properties that reflect their owner, lifecycle state (e.g. active, expired, revoked, etc.), history (e.g. creation date), which applications are allowed to use them, whether import and export are allowed, and so on.

In summary

Cryptographic keys come in two fundamental types, symmetric and asymmetric, and have various properties such as length and crypto-period that depend on their intended function. However, regardless of their properties and intended functions, all keys should be properly managed throughout their life to avoid the risk of misuse (e.g. using a key for the wrong purpose or for two different purposes) or compromise.

References and further reading

• NIST SP800-130: A Framework for Designing Cryptographic Key Management Systems (2013) by Elaine Barker, Miles Smid, Dennis Branstad, and Santosh Chokhani 

• NIST SP800-57 Part 1 Revision 4: A Recommendation for Key Management (2016) by Elaine Barker

•  
• Selected articles on Key Management (2012-today) by Ashiq JA, Dawn M. Turner, Guillaume Forget, James H. Reinholm, Martin Eriksen, Peter Landrock, Peter Smirnoff, Stefan Hansen and more
• Selected articles on HSMs (2013-today), by Ashiq JA, Peter Landrock, Peter Smirnoff, Steve Marshall, Torben Pedersen and more

Image: "Keys" courtesy of ke dickinson, Flickr, (CC BY 2.0)