HP 635n Practical IPsec Deployment for Printing and Imaging Devices - Page 102

In Figure 46, the confidentiality provided to the message is done via a single key. Because the same key is used for encryption and decryption, this process is known as symmetric cryptography. Symmetric cryptography commonly has two attributes associated with it: • It performs well - it is fast and easy to implement • It has a key distribution problem - how do you get the symmetric key to everyone that needs it in a secure way? Asymmetric cryptography is also available and functions very different than symmetric cryptography. It has two keys - one Public and one Private. The private key is not shared with anyone. The Public key is like a public telephone number. You can share it with everyone. Figure 47 - Asymmetric Cryptography In Figure 47, we can see the difference between asymmetric and symmetric cryptography. One key can be used for encryption and then the corresponding key can be used for decryption. It appears that asymmetric cryptography has solved the key distribution issue; however there are two new attributes usually associated with asymmetric cryptography • It is slow • It has a trust problem. How do I know that this is John's public key and not someone pretending to be John? To solve the first problem, asymmetric cryptography is usually used to securely distribute symmetric keys and sign hash codes. In short, what is actually being encrypted and decrypted is usually much smaller than actual messages. This has the nice benefit of solving the key distribution issue with symmetrical cryptography. So, in essence, symmetric keys are sent securely using asymmetric cryptography and the actual messages themselves are protected using symmetric cryptography. 102