Figure 1. The process of symmetric encryption
As illustrated in Figure 1, symmetric encryption involves the following steps:
The sender creates a ciphertext message by encrypting the plaintext message with a symmetric encryption algorithm and a shared key.
The sender sends the ciphertext message to the recipient.
The recipient decrypts the ciphertext message back into plaintext with a shared key.
Numerous symmetric algorithms are currently in use. Some of the more common algorithms include Rijndael (AES) and Triple DES (3DES). These algorithms are designed to perform efficiently on common hardware architectures.
Symmetric cryptography is comparatively simple in nature, because the secret key that is used for both encryption and decryption is shared between the sender and the recipient. However, before communication can occur, the sender and the recipient must exchange a shared secret key. In some cases (such as SSL), asymmetric cryptography can be used to ensure that the initial key exchange occurs over a secure channel.
Key Management and Conventional Encryption
Conventional encryption has benefits. It is very fast. It is especially useful for encrypting data that is not going anywhere. However, conventional encryption alone as a means for transmitting secure data can be quite expensive simply due to the difficulty of secure key distribution. The expense of secure channels and key distribution relegated its use only to those who could afford it, such as governments and large banks (or small children with secret decoder rings).
Recall a character from your favorite spy movie: the person with a locked briefcase handcuffed to his or her wrist. What is in the briefcase, anyway? It's probably not the missile launch code/ biotoxin formula/ invasion plan itself. It's the key that will decrypt the secret data.
For a sender and recipient to communicate securely using conventional encryption, they must agree upon a key and keep it secret between themselves. If they are in different physical locations, they must trust a courier, the Bat Phone, or some other secure communication medium to prevent the disclosure of the secret key during transmission. Anyone who overhears or intercepts the key in transit can later read, modify, and forge all information encrypted or authenticated with that key. The persistent problem with conventional encryption is key distribution: how do you get the key to the recipient without someone intercepting it?
And the minor problem with it is the storage of keys: when you want to communicate with a lot of people and you have one key for each partner, how do you manage so many keys?
Some Examples of Conventional Cryptosystems
Captain Midnight's Secret Decoder Ring (which you may have owned when you were a kid)
Julius Caesar's cipher
DES, Data Encryption Standard