Key Management

The historic and traditional problem with encryption has been the reliance on a single
key to both encode and decode a plaintext message. Ownership of the key gave
easy access to the message contents and meant that keys could only be passed to
intended recipients by a secure exchange process.

Diffie and Hellman developed the concept of splitting the key into two parts—an
encode key and a decode key. Further developments of this concept allowed the
exchange of keys through a public, insecure medium and enabled anyone to create an
encrypted message but only the trusted recipient would be able to decrypt the message.
This process is achieved through the “lodging” of public keys but the retention of a
private key. The actual exchange (and encryption) process relies on the manipulation
of very large primes, the product of which is near to impossible to factorize. Aworked
example is included at the end of this chapter.
As with authentication, there is no such thing as absolute security. Any encryption
scheme can be compromised, but the greater the distance—that is, the harder it is to
decrypt the traffic—the more value the encryption process confers.