Symmetric-Key Encryption - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

Encryption and Decryption

Symmetric-Key Encryption

With symmetric-key encryption, the encryption key can be calculated from the decryption
key and vice versa. With most symmetric algorithms, the same key is used for both
encryption and decryption, as shown in Figure J-1.
Figure J-1
Implementations of symmetric-key encryption can be highly efficient, so that users do not
experience any significant time delay as a result of the encryption and decryption.
Symmetric-key encryption also provides a degree of authentication, since information
encrypted with one symmetric key cannot be decrypted with any other symmetric key.
Thus, as long as the symmetric key is kept secret by the two parties using it to encrypt
communications, each party can be sure that it is communicating with the other as long as
the decrypted messages continue to make sense.
Symmetric-key encryption is effective only if the symmetric key is kept secret by the two
parties involved. If anyone else discovers the key, it affects both confidentiality and
authentication. A person with an unauthorized symmetric key not only can decrypt
messages sent with that key, but can encrypt new messages and send them as if they came
from one of the two parties who were originally using the key.
Symmetric-key encryption plays an important role in the SSL protocol, which is widely
used for authentication, tamper detection, and encryption over TCP/IP networks. SSL also
uses techniques of public-key encryption, which is described in the next section.
770 Red Hat Certificate System Administrator's Guide • September 2005
Symmetric-Key Encryption