Symmetric Ciphers use the same key for both decryption and encryption.
Other terms for symmetric-key encryption are secret-key, single-key, shared-key, one-key, and private-key encryption.
Algorithms are not kept secret, but keys are
3.Two kinds of Ciphers:
Block Cipher — Block by block, for example, encrypting a file
Stream Cipher — Element by element (a byte e.g.), for example, encrypting a multi-media stream
4.3 most commonly used Block Ciphers
DES: blockSize=64 bits, keyLength=56 bits
I.The algorithm is not vulnerable, though studied a lot
II.The key length of 56bits is so small that it can be cracked by brute force
3DES: 3 executions of DES with seperate 3 keys
I.The algorithm is also good since it’s the same of DES
II.The key length is 56bits * 3 = 168 bits. So it’s impossible to crack by brute force
AES: Both secure and fast.
5. How to encrypt blocks broken from a message?
a. b1 + b2 + … => encrypt(b1) + enrypt(b2) + … —
ECB is not safe because two "ABC"s in the message will generate two copies of ciphertext. Attackers may exploit the regularities in this case.
b. b1 + b2 + … => encrypt(b1) + encrypt((enrypt(b1) XOR b2)) + … —
RC4 is a commonly used Stream cipher
And CFB for Stream Ciphers is just like ECB/CBC for Block Ciphers
7. How to deliver keys?
a.end-to-end delivery is not safe
b.Permanent key is not safe
KDS Scheme is recommended to distribute keys.
a. A third party KDS is responsible to deliver a temporary keys used only for a session
b. These session keys are encrypted themselvez by permanentt keys used between KDS and the end parties.
Java API Examples
//generate a DES key
KeyGenerator keygen = KeyGenerator.getInstance("DES");
SecretKey desKey = keygen.generateKey();
//Create a cipher
Cipher c1 = Cipher.getInstance("DES/ECB/PKCS5Padding");
Cipher c2 = Cipher.getInstance("DESede");
//Use a PBE key
String password = "password";
byte salt = "salt1234".getBytes();
PBEParameterSpec paramSpec = new PBEParameterSpec(salt, 20);
PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray());
SecretKeyFactory kf = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey passwordKey = kf.generateSecret(keySpec);