A key in

{{cryptography navbox
Cryptography
Key management

cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of ...

is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm
In mathematics and computer science, an algorithm () is a finite sequence of rigorous instructions, typically used to solve a class of specific Computational problem, problems or to perform a computation. Algorithms are used as specificat ...

, can encode
The Encyclopedia of DNA Elements (ENCODE) is a public research project which aims to identify functional elements in the human genome.
ENCODE also supports further biomedical research by "generating community resources of genomics data, software, ...

or decode
Decoding or decode may refer to: is the process of converting code into plain text or any format that is useful for subsequent processes.
Science and technology
* Decoding, the reverse of encoding
In communications and information processin ...

cryptographic data. Based on the used method, the key can be different sizes and varieties, but in all cases, the strength of the encryption relies on the security of the key being maintained. A key’s security strength is dependent on its algorithm, the size of the key, the generation of the key, and the process of key exchange.
Scope

The key is what is used to encrypt data fromplaintext
In cryptography, plaintext usually means unencrypted information pending input into Cryptographic algorithm, cryptographic algorithms, usually encryption algorithms. This usually refers to data that is transmitted or stored unencrypted.
Overvie ...

to ciphertext
In cryptography, ciphertext or cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext ...

. There are different methods for utilizing keys and encryption.
Symmetric cryptography

Symmetriccryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of ...

refers to the practice of the same key being used for both encryption and decryption.
Asymmetric cryptography

Asymmetriccryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of ...

has separate keys for encrypting and decrypting. These keys are known as the public and private keys, respectively.
Purpose

Since the key protects the confidentiality and integrity of the system, it is important to be kept secret from unauthorized parties. With public key cryptography, only the private key must be kept secret , but with symmetric cryptography, it is important to maintain the confidentiality of the key. Kerckhoff's principle states that the entire security of the cryptographic system relies on the secrecy of the key.Key sizes

Key size
In cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication i ...

is the number of bits in the key defined by the algorithm. This size defines the upper bound of the cryptographic algorithm’s security. The larger the key size, the longer it will take before the key is compromised by a brute force attack. Since perfect secrecy is not feasible for key algorithms, researches are now more focused on computational security.
In the past, keys were required to be a minimum of 40 bits in length, however, as technology advanced, these keys were being broken quicker and quicker. As a response, restrictions on symmetric keys were enhanced to be greater in size.
Currently, 2048 bit RSA is commonly used, which is sufficient for current systems. However, current key sizes would all be cracked quickly with a powerful quantum computer.
“The keys used in public key cryptography have some mathematical structure. For example, public keys used in the RSA system are the product of two prime numbers. Thus public key systems require longer key lengths than symmetric systems for an equivalent level of security. 3072 bits is the suggested key length for systems based on factoring and integer discrete logarithms which aim to have security equivalent to a 128 bit symmetric cipher.”
Key generation

To prevent a key from being guessed, keys need to be generated randomly and contain sufficiententropy
Entropy is a scientific concept, as well as a measurable physical property, that is most commonly associated with a state of disorder, randomness, or uncertainty. The term and the concept are used in diverse fields, from classical thermodynam ...

. The problem of how to safely generate random keys is difficult and has been addressed in many ways by various cryptographic systems. A key can directly be generated by using the output of a Random Bit Generator (RBG), a system that generates a sequence of unpredictable and unbiased bits. A RBG can be used to directly produce either a symmetric key or the random output for an asymmetric key pair generation. Alternatively, a key can also be indirectly created during a key-agreement transaction, from another key or from a password.
Some operating systems include tools for "collecting" entropy from the timing of unpredictable operations such as disk drive head movements. For the production of small amounts of keying material, ordinary dice provide a good source of high-quality randomness.
Establishment scheme

The security of a key is dependent on how a key is exchanged between parties. Establishing a secured communication channel is necessary so that outsiders cannot obtain the key. A key establishment scheme (or key exchange) is used to transfer an encryption key among entities. Key agreement and key transport are the two types of a key exchange scheme that are used to be remotely exchanged between entities . In a key agreement scheme, a secret key, which is used between the sender and the receiver to encrypt and decrypt information, is set up to be sent indirectly. All parties exchange information (the shared secret) that permits each party to derive the secret key material. In a key transport scheme, encrypted keying material that is chosen by the sender is transported to the receiver. Either symmetric key or asymmetric key techniques can be used in both schemes. TheDiffie–Hellman key exchange
Diffie–Hellman key exchangeSynonyms of Diffie–Hellman key exchange include:
* Diffie–Hellman–Merkle key exchange
* Diffie–Hellman key agreement
* Diffie–Hellman key establishment
* Diffie–Hellman key negotiation
* Exponential key exc ...

and Rivest-Shamir-Adleman (RSA) are the most two widely used key exchange algorithms. In 1976, Whitfield Diffie
Bailey Whitfield 'Whit' Diffie (born June 5, 1944), Foreign Member of the Royal Society, ForMemRS, is an American cryptographer and mathematician and one of the pioneers of public-key cryptography along with Martin Hellman and Ralph Merkle. Diffi ...

and Martin Hellman
Martin Edward Hellman (born October 2, 1945) is an American cryptology, cryptologist and mathematician, best known for his involvement with public key cryptography in cooperation with Whitfield Diffie and Ralph Merkle. Hellman is a longtime contr ...

constructed the Diffie–Hellman algorithm, which was the first public key algorithm. The Diffie–Hellman key exchange protocol allows key exchange over an insecure channel by electronically generating a shared key between two parties. On the other hand, RSA is a form of the asymmetric key system which consists of three steps: key generation, encryption, and decryption.
Key confirmation delivers an assurance between the key confirmation recipient and provider that the shared keying materials are correct and established. The National Institute of Standards and Technology
The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into Outline of p ...

recommends key confirmation to be integrated into a key establishment scheme to validate its implementations.
Management

Key management
Key management refers to management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol
A secu ...

concerns the generation, establishment, storage, usage and replacement of cryptographic keys. A key management system (KMS) typically includes three steps of establishing, storing and using keys. The base of security for the generation, storage, distribution, use and destruction of keys depends on successful key management protocols.
Key vs password

Apassword
A password, sometimes called a passcode (for example in Apple Inc., Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the lar ...

is a memorized series of characters including letters, digits, and other special symbols that are used to verify identity. It is often produced by a human user or a password management software to protect personal and sensitive information or generate cryptographic keys. Passwords are often created to be memorized by users and may contain non-random information such as dictionary words. On the other hand, a key can help strengthen password protection by implementing a cryptographic algorithm which is difficult to guess or replace the password altogether. A key is generated based on random or pseudo-random data and can often be unreadable to humans.
A password is less safe than a cryptographic key due to its low entropy, randomness, and human-readable properties. However, the password may be the only secret data that is accessible to the cryptographic algorithm for information security in some applications such as securing information in storage devices. Thus, a deterministic algorithm called a key derivation function
In cryptography, a key derivation function (KDF) is a cryptographic algorithm that derives one or more key (cryptography), secret keys from a secret value such as a master key, a password, or a passphrase using a pseudorandom function (which typ ...

(KDF) uses a password to generate the secure cryptographic keying material to compensate for the password’s weakness. Various methods such as adding a salt
Salt is a mineral composed primarily of sodium chloride (NaCl), a chemical compound belonging to the larger class of Salt (chemistry), salts; salt in the form of a natural crystallinity, crystalline mineral is known as rock salt or halite. ...

or key stretching may be used in the generation.
See also

* Cryptographic key types *Diceware
Diceware is a method for creating passphrase
A passphrase is a sequence of words or other text used to control access to a computer
A computer is a machine that can be programmed to carry out sequences of arithmetic or logical opera ...

* EKMS
The Electronic Key Management System (EKMS) is a United States National Security Agency
The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Direc ...

* Group key
In cryptography, a group key is a cryptographic key that is shared between a group of users. Typically, group keys are distributed by sending them to individual users, either physically, or encrypted individually for each user using either that use ...

* Keyed hash algorithm
* Key authentication
Key/Config-authentication is used to solve the problem of authenticating the keys of the person (say "person B") to some other person ("person A") is talking to or trying to talk to. In other words, it is the process of assuring that the key of "pe ...

* Key derivation function
In cryptography, a key derivation function (KDF) is a cryptographic algorithm that derives one or more key (cryptography), secret keys from a secret value such as a master key, a password, or a passphrase using a pseudorandom function (which typ ...

* Key distribution center {{cleanup, date=November 2011
In cryptography, a key distribution center (KDC) is part of a cryptosystem intended to reduce the risks inherent in exchanging key (cryptography), keys. KDCs often operate in systems within which some users may have pe ...

* Key escrow
Key escrow (also known as a "fair" cryptosystem) is an arrangement in which the keys needed to decrypt encrypted
In cryptography, encryption is the process of Code, encoding information. This process converts the original representation of the ...

* Key exchange
Key exchange (also key establishment) is a method in cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the pract ...

* Key generation
Key generation is the process of generating keys in cryptography. A key is used to encrypt and decrypt whatever data is being encrypted/decrypted.
A device or program used to generate keys is called a key generator or keygen.
Generation in crypto ...

* Key management
Key management refers to management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol
A secu ...

* Key schedule
* Key server
* Key signature (cryptography)
* Key signing party
* Key stretching
In cryptography, key stretching techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources (time and possibly space) it takes to test each possible key ...

* Key-agreement protocol In cryptography, a key-agreement protocol is a protocol whereby two or more parties can agree on a key in such a way that both influence the outcome. If properly done, this precludes undesired third parties from forcing a key choice on the agreeing ...

* glossary
A glossary (from grc, γλῶσσα, ''glossa''; language, speech, wording) also known as a vocabulary or clavis, is an alphabetical list of Term (language), terms in a particular domain of knowledge with the definitions for those terms. Tradi ...

* Password psychology
* Public key fingerprint
In public-key cryptography, a public key fingerprint is a short sequence of Byte, bytes used to identify a longer public key. Fingerprints are created by applying a cryptographic hash function to a public key. Since fingerprints are shorter than ...

* Random number generator
Random number generation is a process by which, often by means of a random number generator (RNG), a sequence of number
A number is a mathematical object used to count, measure, and label. The original examples are the natural numbers 1, ...

* Session key
A session key is a single-use symmetric key
Symmetric-key algorithms are algorithm
In mathematics and computer science, an algorithm () is a finite sequence of rigorous instructions, typically used to solve a class of specific Computat ...

* Tripcode
An imageboard is a type of Internet forum
An Internet forum, or message board, is an online discussion site where people can hold conversations in the form of posted messages. They differ from chat rooms in that messages are often longer th ...

* Machine-readable paper key
* Weak key In cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in ...

References