Problem solve Get help with specific problems with your technologies, process and projects.

# Which key is which?

## A look at the differences between symmetric and asymmetric keys.

Users new to the world of cryptography often find themselves confused about the appropriate cryptographic key to...

use for various applications. It's actually a relatively straightforward selection process that depends upon the algorithm you're using and the goal(s) you're trying to achieve.

Remember that there are two basic types of cryptographic algorithms – symmetric (private key) and asymmetric (public key) algorithms. Symmetric key algorithms use a single key to secure communications and achieve the goals of confidentiality, integrity and (sometimes) authentication. Asymmetric algorithms provide each user with a pair of keys – a public key and a private key. Users freely distribute their public key while keeping their private key secret. These keypairs are used to achieve all four cryptographic goals: confidentiality, integrity, authentication and non-repudiation. (If you need a refresher on these goals, see the tip Encryption and electronic mail).

An easy way to keep this straight is to remember that the symmetry in a symmetric algorithm results from the fact that both parties are using the same key. Asymmetric algorithms, on the other hand, do not achieve this symmetry – each participant in a communication uses a different key for their portion of the exchange.

Now the big question – which key should you use for a particular application? If you're using a symmetric algorithm, the answer is simple – you use the only key available to you, the secret key. If you're using a public key algorithm, it depends upon the application:

• To protect the confidentiality of a message, encrypt the message with the recipient's public key.
• To read an encrypted message sent to you, decrypt the message with your private key.
• To create a digital signature for a message, encrypt the message digest with your private key.
• To verify the digital signature for a message, decrypt the digital signature with the sender's public key and compare the result to the message digest you compute.

It's as simple as that! Take a few minutes to think through the scenarios and you'll be a master of cryptographic keys in no time!

Mike Chapple, CISSP, currently serves as Chief Information Officer of the Brand Institute, a Miami-based marketing consultancy. He previously worked as an information security researcher for the U.S. National Security Agency. His publishing credits include the TICSA Training Guide from Que Publishing, the CISSP Study Guide from Sybex and the upcoming SANS GSEC Prep Guide from John Wiley. He's also the About.com Guide to Databases.

This was last published in May 2003

## Content

Find more PRO+ content and other member only offers, here.

#### Start the conversation

Send me notifications when other members comment.

## SearchCloudSecurity

• ### How cloud access security brokers have evolved

Cloud access security brokers keep being acquired by bigger security companies. Expert Rob Shapland looks at how these ...

• ### SQL injection attacks: How to defend your enterprise

SQL injection attacks threaten enterprise database security, but the use of cloud services can reduce the risk. Here's a look at ...

• ### Cloud security lessons to learn from the Uber data breach

Any organization that uses cloud services can learn something from the 2016 Uber data breach. Expert Ed Moyle explains the main ...

## SearchNetworking

• ### Ruckus SmartZone to get IoT module

Ruckus plans to release a suite of technology for companies that want to support IoT devices on the WLAN. The suite includes an ...

• ### What are the top information security objectives for CISOs?

Bloggers delve into CISO information security objectives, Juniper's new product release and how self-sufficient networking teams ...

• ### Considerations for buying an application delivery controller

Before you buy an ADC device, learn which features you should look for and what questions you should ask prospective application ...

## SearchCIO

• ### Cybersecurity's shortage of skills leaves IT projects vulnerable

A recent study found that as IT projects proliferate, cybersecurity's shortage of skills is leaving tech vulnerable. Analyst and ...

• ### Relentless AI cyberattacks will require new protective measures

AI cyberattacks won't be particularly clever; instead, they'll be fast and fierce. Carnegie Mellon University's Jason Hong ...

• ### Deep learning algorithms power startup's beauty database

Deep learning algorithms are changing how we drive cars and navigate outer space. What about saving our skin? Silicon Valley ...

## SearchEnterpriseDesktop

• ### How to establish Windows 10 security baselines

IT should consider following Microsoft's Windows 10 security recommendations in the Security Compliance Toolkit to better protect...

• ### VMware Workspace One helps Western Digital organize 3,000 apps

The application portal in VMware Workspace One allowed IT to streamline app delivery, and the product's cloud-based model proved ...

• ### Three PC lifecycle management options IT should consider

IT pros can use PCs and laptops until they stop working, or they can set up a lifecycle management plan that retires them after a...

## SearchCloudComputing

• ### Prepare and manage enterprise apps for an IaaS model

A growing number of businesses see the value in infrastructure as a service. But without careful app migration and management ...

• ### Multi-cloud management still a work in progress for IT teams

Multi-cloud deployments are a mixed bag, providing both business value and complex management challenges. Fortunately, a number ...

• ### Bare-metal cloud services lure legacy workloads off premises

For some enterprises, bare-metal services in the cloud act as a crucial steppingstone to an IaaS deployment, and providers, ...

## ComputerWeekly.com

• ### GDPR is having positive impact on privacy profession, says IAPP

The EU’s new data protection rules are driving greater interest in the privacy profession, and provide an opportunity to develop ...

• ### More than a quarter of UK shoppers prepared for wearable contactless payments

Mastercard research shows a growing number of shoppers are prepared to make purchases with smartwatches, rings and bracelets

• ### Cloud DR: Key choices in cloud disaster recovery

Flexibility and low cost make the cloud well-suited to disaster recovery, but there is no one-size-fits-all route to cloud ...

Close