Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

Encryption methods

&pagelevel(4)&pagelevel

There are two classes of encryption methods which, because of their specific advantages and disadvantages, are tailored to different application areas:

  • Symmetric key encryption methods
    Symmetric key encryption methods are used for encrypting the payload (confidentiality).

  • Asymmetric (public) key encryption methods
    Asymmetric key encryption methods are used

    • in key exchange protocols,

    • to create digital signatures (non-repudiation).

Common to both classes is that security is based on the key(s) remaining confidential, while the method itself is known generally.

Symmetric key encryption

With symmetric key encryption, the cryptographic algorithms for encrypting the data at the sender end and decrypting it at the receiver end use the same key.

If, before it is used, the key is to be exchanged over the same medium as that over which the encrypted payload is transported, you must counter the danger of compromising the key. In this case it is practical to use asymmetric encryption methods such as RSA or DH. However, in contrast to RSA, the DH method cannot guarantee the authenticity of the partners involved in the key exchange. This must be implemented using an additional authentication mechanism, for example via DSS (Digital Signature Standard).

As each pair of communications partners requires a separate key, key management involves a considerable effort because the number of keys needed is proportional to the square of the number of group members.

The speed of the symmetric methods is high in comparison to that of the asymmetric methods.

The security of symmetric key encryption is dependent on the key length. To ensure secure encryption, the key should be at least 80 bits long.

The best-known symmetric key encryption methods are:

  • DES (Digital Encryption Standard)
    DES should no longer be used due to its short key length of 56 bits.

  • 3-DES (“Triple DES”)
    3-DES comprises consecutive three-fold DES encryption.

  • AES (Advanced Encryption Standard)
    AES is now the standard symmetric key encryption method.

Asymmetric key encryption (public key encryption)

With asymmetric key encryption each communications partner has two different keys between which a mathematical relationship exists:

  • Public key
    The public key is known to all communications partners and is used to encrypt messages.

  • Private key
    The private key is known only to the owner and is used to decrypt messages.

When asymmetric key encryption is used, message exchange between two communications partners A and B proceeds as follows:

  1. Before A sends a message to B, A must know B’s public key.

  2. A encrypts his/her message using B’s public key.

  3. A sends the encrypted message to B. (The encrypted message can now be decrypted only with the aid of B’s private key.)

  4. B decrypts the message with the aid of his/her private key.

As one of the two keys can be known publicly, only one key pair is required per receiver. Consequently the total number of keys required is considerably lower than with symmetric methods.

Asymmetric methods are considerably slower than symmetric methods.

With asymmetric key encryption methods only the owner of the private key can perform operations with this key. Signature methods can be created on this basis (“electronic signature”).

The security of asymmetric key encryption is dependent on the key length. To ensure secure encryption, the key should be at least 2048 bits long for RSA and DH.

The best-known asymmetric key encryption methods are:

  • RSA
    RSA stands for the inventors Rivest, Shamir and Adleman.

  • DH
    DH stands for the inventors Whitfield Diffie and Martin Hellman. DH cannot be used for digital signatures. DSS (Digital Signature Standard), for example, is available for this purpose. DSS is also known under the name of DSA (Digital Signature Algorithm).

  • ECC (Elliptic Curve Cryptography)
    ECC-based methods offer a comparable level of security to RSA/DH with much smaller key lengths. These are therefore increasingly being used, particularly if CPU resource consumption is a key factor.