Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


symmetric key vs RSA key

Posted on 2011-05-03
Medium Priority
Last Modified: 2012-05-11
I am using POCO libraries for encryption. While the class RSAKey has methods for saving the key, the class CipherKey representing a symmetric key does not have any straight forward methods to persist the key. All that the class offers is a getKey method which returns a vector<BYTE>. Also, I need to get the Initialization vector so I can recreate a CipherKey as needed. Why does it have to be so complex? Why this difference between RSA and symmetric keys? A symmetric key is not expected to be persisted? How do the other libraries work?
Question by:Mydeen Yussouf

Assisted Solution

greatsubash earned 248 total points
ID: 35697003
Symmetric vs. asymmetric algorithms
When using symmetric algorithms, both parties share the same key for en- and decryption. To provide privacy, this key needs to be kept secret. Once somebody else gets to know the key, it is not safe any more. Symmetric algorithms have the advantage of not consuming too much computing power. A few well-known examples are: DES, Triple-DES (3DES), IDEA, CAST5, BLOWFISH, TWOFISH.
Asymmetric algorithms use pairs of keys. One is used for encryption and the other one for decryption. The decryption key is typically kept secretly, therefore called ``private key'' or ``secret key'', while the encryption key is spread to all who might want to send encrypted messages, therefore called ``public key''. Everybody having the public key is able to send encrypted messages to the owner of the secret key. The secret key can't be reconstructed from the public key. The idea of asymmetric algorithms was first published 1976 by Diffie and Hellmann.

Asymmetric algorithms seem to be ideally suited for real-world use: As the secret key does not have to be shared, the risk of getting known is much smaller. Every user only needs to keep one secret key in secrecy and a collection of public keys, that only need to be protected against being changed. With symmetric keys, every pair of users would need to have an own shared secret key. Well-known asymmetric algorithms are RSA, DSA, ELGAMAL.

However, asymmetric algorithms are much slower than symmetric ones. Therefore, in many applications, a combination of both is being used. The asymmetric keys are used for authentication and after this has been successfully done, one or more symmetric keys are generated and exchanged using the asymmetric encryption. This way the advantages of both algorithms can be used. Typical examples of this procedure are the RSA/IDEA combination of PGP2 or the DSA/BLOWFISH used by GnuPG.


Author Comment

by:Mydeen Yussouf
ID: 35726192
well, while the response talks about encryption in general it does not address the core of my question. Why would a libray offering both encryption algorithms make it more difficult to persist one key while providing methods to save the other one relatively easily?
LVL 20

Accepted Solution

thehagman earned 252 total points
ID: 35759284
In asymmetric encryption, the key consists of a (top secret) private key and a public key. So the very concetpt is based on publishing thepublic key and to this end stick to it for a length of time (up to years). As a consequence, the private key must be stored (and must be stored especially safely) for the same amount of time. And it should be *really* safe, as in not even exploitable by the program using the library.

With symmetric encryption, both sides have to agree on the key. This poses the problem of secretly agreeing on the key in the first place. And it also makes extended use o fthe same key dangerous (e.g. preventing your system from being compromised is not enough, you have to hope that your comuunication partner is not compromised either). This might be a reason why such a library does not give methods to permanently store a key that has origined from a source external to the library in the first place ...

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Nadia
Suppose you use Uber application as a rider and you request a ride to go from one place to another. Your driver just arrived at the parking lot of your place. The only thing you know about the ride is the license plate number. How do you find your U…
We take a look at the fast-evolving changes in Search Engine Optimization rules and algorithms by Google.
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question