In real-world communication, the two types of encryption are used together: a (symmetric) session key is generated to encrypt the communication, and this key is exchanged between the parties using asymmetric encryption.
The general procedure of encrypted communication is the following:
11.1.1.4.1. Procedure – Procedure of encrypted communication and authentication
The sender and the receiver select a method (encryption algorithm) for encrypting the communication.
The sender authenticates the receiver by requesting its certificate and public key. Optionally, the receiver can also request a certificate from the sender, thus mutual authentication is also possible. During the handshake and authentication the parties agree on a symentric key that will be used for encrypting the data communication.
The sender encrypts his message using the symmetric key.
The sender transmits the message to the receiver.
The receiver decrypts the message using a symmetric key.
The communication between the parties can continue by repeating steps 3-5.
Another important aspect is that suitable keys have to be created and exchanged between the parties, which also requires some sort of secure communication. It also has to be noted that — depending on the exact communication method — the identity of the sender and the receiver might have to be verified as well.
The strength of the encryption is mainly influenced by two factors: the actual algorithm used, and the length of the key. From the aspect of keylength, the longer the key is, the more secure encryption it offers.
Copyright: © 2021 Balasys IT Security
Send your comments to support@balasys.hu
