Key exchange
Encyclopedia
Key exchange is any method in cryptography
by which cryptographic key
s are exchanged between users, allowing use of a cryptographic algorithm
.
If Alice and Bob
wish to exchange encrypted messages, each must be equipped to encrypt messages to be sent and decrypt messages received. The nature of the equipping they require depends on the encryption
technique they might use. If they use a code
, both will require a copy of the same codebook
. If they use a cipher
, they will need appropriate keys. If the cipher is a symmetric key cipher, both will need a copy of the same key. If an asymmetric key cipher with the public/private key property, both will need the other's public key.
s, diplomatic bag
s, or some other secure channel
. With the advent of public key / private key cipher algorithms, the encrypting key (aka public key) could be made public, since (at least for high quality algorithms) no one without the decrypting key (aka, the private key) could decrypt the message.
' another's identity in any of several ways, this is not a trivial or easily solved problem, particularly when the two users involved have never met and know nothing about each other.
and Martin Hellman
published a cryptographic protocol
, (Diffie–Hellman key exchange), which allows users to establish 'secure channels' on which to exchange keys, even if an Opponent is monitoring that communication channel. However, D–H key exchange did not address the problem of being sure of the actual identity of the person (or 'entity').
s have been proposed as a way around this problem of identity authentication. In their most usual implementation, each user applies to a 'certificate authority
' for a digital certificate which serves for other users as a non-tamperable authentication of identity. Several countries and other jurisdictions have passed legislation
or issued regulations encouraging PKIs by giving (more or less) legal effect to these digital certificates. Several commercial firms, and a few government departments, have established such certificate authorities. VeriSign
is the most prominent commercial firm. For those new to such things, these arrangements are best thought of as electronic notary
endorsements that "this public key belongs to this user". As with notary endorsements, there can be mistakes or misunderstandings in such vouchings. There have been several high profile public failures by assorted certificate authorities.
system, which avoids central Certificate Authorities entirely. Each user is responsible for vetting any certificate from another before using that certificate to communicate with, vet digital signatures from, ... the user claimed to be associated with the particular public key in a certificate. PGP
(and GPG
, an implementation of the OpenPGP Internet Standard) employ just such a web of trust mechanism. Together they are the most widely used high quality crypto system in the world.
algorithms can perform a cryptographic key exchange utilizing knowledge of a user's password
.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
by which cryptographic key
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
s are exchanged between users, allowing use of a cryptographic algorithm
Algorithm
In mathematics and computer science, an algorithm is an effective method expressed as a finite list of well-defined instructions for calculating a function. Algorithms are used for calculation, data processing, and automated reasoning...
.
If Alice and Bob
Alice and Bob
The names Alice and Bob are commonly used placeholder names for archetypal characters in fields such as cryptography and physics. The names are used for convenience; for example, "Alice sends a message to Bob encrypted with his public key" is easier to follow than "Party A sends a message to Party...
wish to exchange encrypted messages, each must be equipped to encrypt messages to be sent and decrypt messages received. The nature of the equipping they require depends on the encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
technique they might use. If they use a code
Code
A code is a rule for converting a piece of information into another form or representation , not necessarily of the same type....
, both will require a copy of the same codebook
Codebook
A codebook is a type of document used for gathering and storing codes. Originally codebooks were often literally books, but today codebook is a byword for the complete record of a series of codes, regardless of physical format.-Cryptography:...
. If they use a cipher
Cipher
In cryptography, a cipher is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. In non-technical usage, a “cipher” is the same thing as a “code”; however, the concepts...
, they will need appropriate keys. If the cipher is a symmetric key cipher, both will need a copy of the same key. If an asymmetric key cipher with the public/private key property, both will need the other's public key.
The key exchange problem
The key exchange problem is how to exchange whatever keys or other information are needed so that no one else can obtain a copy. Traditionally, this required trusted courierCourier
A courier is a person or a company who delivers messages, packages, and mail. Couriers are distinguished from ordinary mail services by features such as speed, security, tracking, signature, specialization and individualization of express services, and swift delivery times, which are optional for...
s, diplomatic bag
Diplomatic bag
A diplomatic bag, also known as a diplomatic pouch is a kind of receptacle used by diplomatic missions. The physical concept of a "diplomatic bag" is flexible and therefore can take many forms e.g. an envelope, parcel, large suitcase or shipping container, etc...
s, or some other secure channel
Secure channel
In cryptography, a secure channel is a way of transferring data that is resistant to interception and tampering.A confidential channel is a way of transferring data that is resistant to interception, but not necessarily resistant to tampering....
. With the advent of public key / private key cipher algorithms, the encrypting key (aka public key) could be made public, since (at least for high quality algorithms) no one without the decrypting key (aka, the private key) could decrypt the message.
Identification
In principle, the only remaining problem was to be sure (or at least confident) that a public key actually belonged to its supposed owner. Because it is possible to 'spoofSpoofing attack
In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.- Spoofing and TCP/IP :...
' another's identity in any of several ways, this is not a trivial or easily solved problem, particularly when the two users involved have never met and know nothing about each other.
Diffie–Hellman key exchange
In 1976, Whitfield DiffieWhitfield Diffie
Bailey Whitfield 'Whit' Diffie is an American cryptographer and one of the pioneers of public-key cryptography.Diffie and Martin Hellman's paper New Directions in Cryptography was published in 1976...
and Martin Hellman
Martin Hellman
Martin Edward Hellman is an American cryptologist, and is best known for his invention of public key cryptography in cooperation with Whitfield Diffie and Ralph Merkle...
published a cryptographic protocol
Cryptographic protocol
A security protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods.A protocol describes how the algorithms should be used...
, (Diffie–Hellman key exchange), which allows users to establish 'secure channels' on which to exchange keys, even if an Opponent is monitoring that communication channel. However, D–H key exchange did not address the problem of being sure of the actual identity of the person (or 'entity').
Public key infrastructure
Public key infrastructurePublic key infrastructure
Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...
s have been proposed as a way around this problem of identity authentication. In their most usual implementation, each user applies to a 'certificate authority
Certificate authority
In cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...
' for a digital certificate which serves for other users as a non-tamperable authentication of identity. Several countries and other jurisdictions have passed legislation
Legislation
Legislation is law which has been promulgated by a legislature or other governing body, or the process of making it...
or issued regulations encouraging PKIs by giving (more or less) legal effect to these digital certificates. Several commercial firms, and a few government departments, have established such certificate authorities. VeriSign
VeriSign
Verisign, Inc. is an American company based in Dulles, Virginia that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the .com, .net, and .name generic top-level domains and the .cc and .tv country-code...
is the most prominent commercial firm. For those new to such things, these arrangements are best thought of as electronic notary
Notary public
A notary public in the common law world is a public officer constituted by law to serve the public in non-contentious matters usually concerned with estates, deeds, powers-of-attorney, and foreign and international business...
endorsements that "this public key belongs to this user". As with notary endorsements, there can be mistakes or misunderstandings in such vouchings. There have been several high profile public failures by assorted certificate authorities.
Web of trust
At the other end of the conceptual range is the web of trustWeb of trust
In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure ,...
system, which avoids central Certificate Authorities entirely. Each user is responsible for vetting any certificate from another before using that certificate to communicate with, vet digital signatures from, ... the user claimed to be associated with the particular public key in a certificate. PGP
Pretty Good Privacy
Pretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security...
(and GPG
GNU Privacy Guard
GNU Privacy Guard is a GPL Licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP...
, an implementation of the OpenPGP Internet Standard) employ just such a web of trust mechanism. Together they are the most widely used high quality crypto system in the world.
Password-authenticated key agreement
Password-authenticated key agreementPassword-authenticated key agreement
In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.-Types:...
algorithms can perform a cryptographic key exchange utilizing knowledge of a user's password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
.
The future
The problem of key exchange has not yet been solved. In particular, it has not yet been solved for the modern situation of two previously unknown users attempting to communicate electronically, as, for instance, in electronic commerce. Some of the existing work-around designs work, more or less, but are not fully satisfactory.See also
- Key (cryptography)Key (cryptography)In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
- Key managementKey managementKey management is the provisions made in a cryptography system design that are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.Key management concerns...
- Diffie–Hellman key exchange
- AKEP2