Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

Keys are used as part of encryption and authentication functions to lock and unlock messages. While a particular encryption algorithm is often published and well known, the keys used to make each encryption unique must be kept secure and private. But there are logistics problems in exchanging keys. If you send an encrypted message to a friend, your friend will need a key to decrypt the message. The process of getting that key to your friend may be compromised. This topic describes methods for exchanging keys in secure ways over open networks like the Internet.

The one thing to avoid in any key exchange is obvious: never send the actual key over the network in the open. If Alice and Bob need to exchange keys, they may be able to do so over the phone (if it's a relatively short alphanumeric string). They could also meet in person or use a public-key scheme as described later. In any case, once they have a "shared secret key," they can use it for authentication and to establish trust.

This topic continues in "The Encyclopedia of Networking and Telecommunications" with a discussion of the following:

• Manual key exchange methods (security considerations)
• Public keys and certificates
• Diffie-Hellman Key Exchange
• IKE (Internet Key Exchange)
• ISAKMP (Internet Security Association and Key Management Protocol)
• OAKLEY
• SKEME
• Key Recovery

RFC 1422 (Certificate-Based Key Management, February 1993) describes certificates and key management.

See "Public-Key Cryptography" for additional information.

Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.
All rights reserved under Pan American and International copyright conventions.