Symmetric Keys
Introduction: Encryption is critical to protect
data such as personally identifiable information. Symmetric key encryption
allows the same key to be used both for encryption as well as decryption.
Compare this to public key-private key encryption that is more ubiquitous and
involves an encryption with the public key and decryption with the private
key.  The difference between them is that
the symmetric key needs to exist at both source and destination while the
private key for decryption is needed only with the party that decrypts. Since
the transfer of key is avoided, the public key, private key becomes more
popular while symmetric keys are used for faster and light-weight encryption.
Once the symmetric keys are created, they can be
treated as passwords or adhoc secrets. KeyVaults and secret management stores
can come in helpful to allow multiple parties to access it safely. The use of
symmetric keys goes hand in hand with KeyVaults in many production systems. 
Symmetric encryption algorithms are of two types:
1.      
Block algorithms: A set length of bits are encrypted in blocks of
electronic data with the use of a specific secret key. The data is retained in
memory as the system encrypts and waits for complete blocks.
2.      
Stream algorithms: This does away with the retaining and continuously
encrypts the data as it streams.
Examples include AES, DES, IDEA, BlowFish, RC4,
RC5, RC6
The keys can be generated in code as simply as
the following example in C#:
using System.Security.Cryptography;  
AesCryptoServiceProvider Aes = new
AesCryptoServiceProvider();  
Aes.GenerateIV(); 
Aes.GenerateKey();
Or in SQL as follows:
CREATE SYMMETRIC KEY SampleKey01   
WITH ALGORITHM = AES_256  
ENCRYPTION BY CERTIFICATE Certificate01;  
GO
A sample usage of symmetric key is cited as
Encrypt(UserID 
+ ClientID) = Token 
where UserID is a large integer and and Client ID
is a regular integer. The original text can be 16 and 8 characters in length
which gives us 24 characters. We used fixed length for both UserID and ClientID
and pad left. If we want to keep the size of the encrypted text to be the same
as the original string, we could choose AES stream encryption. If we were to
use stronger algorithms the size would bloat. And when we use hex or base64
encode, the text could double in size.
 
No comments:
Post a Comment