Secret-key encryption, also known as single-key or symmetric encryption, involves the use of a single key that is shared by both the sender and the receiver of the message.
After creating the message, the sender encrypts it with their key and passes it to the recipient who then decrypts it by using a copy of the same key used to encrypt it.
A widely used method of secret-key encryption is the data encryption standard or DES.
Secret-key encryption does have some limitations, particularly with regard to key distribution. For privacy to be maintained, every transmitter of messages would need to provide a different key to everyone they intended to communicate with, otherwise every potential recipient would be able to read all messages whether it was intended for them or not.
Whilst this is manageable where a small number of parties are involved (for example, sending a private e-mail to a friend) it is not practical for Web commerce which can involve communicating with thousands of customers.
Another limitation with secret-key encryption is its inability to support non-repudiation. As both parties share the same key it is possible for one party to create a message with the shared secret key and falsely claim it had been sent by the other party.
Secret-key encryption on its own is therefore not suitable for Web commerce – instead a system known as public-key encryption is used.
See Also:
Related Posts:
- Enabling Technologies – Encryption Overview - Many Web store merchants understandably want to concentrate their energies on what they do best – selling – and either ignore the technical aspects or...
- Enabling Technologies – Public Key Encryption - Public-key encryption, or asymmetric encryption involves the use of two keys, one that can be used to encrypt messages (the public key) and one that...
- Enabling Technologies – Frequently Asked Questions (FAQ) - Why is encryption needed for Web commerce? Encryption performs four key functions which enable secure Web transactions to take place: Authentication allows customers to be...
- Enabling Technologies – Secure Sockets Layer (SSL) - Netscape’s Secure Sockets Layer (SSL) protocol is currently the most widely used method for performing secure transactions on the Web and is supported by most...
- Digital Signatures & Digital Certificates - Digital Signatures Digital signatures are implemented through public-key encryption and are used to verify the origin and contents of a message. One advantage of public-key...