Solved

# symmetric key vs RSA key

Posted on 2011-05-03
714 Views
I am using POCO libraries for encryption. While the class RSAKey has methods for saving the key, the class CipherKey representing a symmetric key does not have any straight forward methods to persist the key. All that the class offers is a getKey method which returns a vector<BYTE>. Also, I need to get the Initialization vector so I can recreate a CipherKey as needed. Why does it have to be so complex? Why this difference between RSA and symmetric keys? A symmetric key is not expected to be persisted? How do the other libraries work?
0
Question by:olmuser

LVL 5

Assisted Solution

Symmetric vs. asymmetric algorithms
When using symmetric algorithms, both parties share the same key for en- and decryption. To provide privacy, this key needs to be kept secret. Once somebody else gets to know the key, it is not safe any more. Symmetric algorithms have the advantage of not consuming too much computing power. A few well-known examples are: DES, Triple-DES (3DES), IDEA, CAST5, BLOWFISH, TWOFISH.
Asymmetric algorithms use pairs of keys. One is used for encryption and the other one for decryption. The decryption key is typically kept secretly, therefore called ``private key'' or ``secret key'', while the encryption key is spread to all who might want to send encrypted messages, therefore called ``public key''. Everybody having the public key is able to send encrypted messages to the owner of the secret key. The secret key can't be reconstructed from the public key. The idea of asymmetric algorithms was first published 1976 by Diffie and Hellmann.

Asymmetric algorithms seem to be ideally suited for real-world use: As the secret key does not have to be shared, the risk of getting known is much smaller. Every user only needs to keep one secret key in secrecy and a collection of public keys, that only need to be protected against being changed. With symmetric keys, every pair of users would need to have an own shared secret key. Well-known asymmetric algorithms are RSA, DSA, ELGAMAL.

However, asymmetric algorithms are much slower than symmetric ones. Therefore, in many applications, a combination of both is being used. The asymmetric keys are used for authentication and after this has been successfully done, one or more symmetric keys are generated and exchanged using the asymmetric encryption. This way the advantages of both algorithms can be used. Typical examples of this procedure are the RSA/IDEA combination of PGP2 or the DSA/BLOWFISH used by GnuPG.

0

LVL 1

Author Comment

well, while the response talks about encryption in general it does not address the core of my question. Why would a libray offering both encryption algorithms make it more difficult to persist one key while providing methods to save the other one relatively easily?
0

LVL 20

Accepted Solution

In asymmetric encryption, the key consists of a (top secret) private key and a public key. So the very concetpt is based on publishing thepublic key and to this end stick to it for a length of time (up to years). As a consequence, the private key must be stored (and must be stored especially safely) for the same amount of time. And it should be *really* safe, as in not even exploitable by the program using the library.

With symmetric encryption, both sides have to agree on the key. This poses the problem of secretly agreeing on the key in the first place. And it also makes extended use o fthe same key dangerous (e.g. preventing your system from being compromised is not enough, you have to hope that your comuunication partner is not compromised either). This might be a reason why such a library does not give methods to permanently store a key that has origined from a source external to the library in the first place ...
0

## Featured Post

Many modern programming languages support the concept of a property -- a class member that combines characteristics of both a data member and a method.  These are sometimes called "smart fields" because you can add logic that is applied automaticall…
Linear search (searching each index in an array one by one) works almost everywhere but it is not optimal in many cases. Let's assume, we have a book which has 42949672960 pages. We also have a table of contents. Now we want to read the content on p…
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.