Shared Key - Symmetric
Symmetric keys are where the same key used to encrypt and decrypt the data (or compute verification values).
Both correspondents share the same key to encrypt/decrypt.
If the key is compromised, then a new key needs to be created and exchanged:
All parties that have the key can decrypt the messages (or compute values).
Shared key must be transmitted securely not to compromise security.
Best only shared between a limited number of entities (two).
Shared keys are smaller for the same level of security.
Algorithms using shared keys are simpler and faster.
How to exchange a shared key?
-
Encrypt the shared key with another key:
a) With the recipient’s public key b) Or with a previously shared key -
Or use a secure transmission protocol:
If no previously shared key is available, split the key in several pieces. These are sent to different people who will need to reassemble the key.
Typical protocol with a new Third Party:
Step 1. A first key, called Transport key (ZCMK) is shared using a secure transmission protocol.
KCV - Key Check Value
KCV = 6 hex digits (0-F) used to check that a Key hasn’t been altered.
Zeroes are encrypted using the key to get the KCV.
The 6 first digits of the result must be identical to the Verification Value.