Cryptography - Key


A key is a parameter used in a cipher algorithm that determines:

It's the only secret parameter that protect the anonymity of the transformation of plaintext into ciphertext (encryption) , and vice versa (decryption).

In designing security systems, it is wise to assume that the details of the cryptographic algorithm are already available to the attacker. This is known as:

The widely used algorithm are well known. It's easier to replace a key.

An attacker who obtains the key can :

What is the difference with a password?

Cryptographic keys are meant to be randomly generated by an algorithm whereas a password are meant to be created by human beings. See password



Key are used as authentication credential for automated processes

See What is Sender authentication ? (Public Key Authentication based, Certificate-based in Cryptography)

Data Integrity

See Cryptography - Data integrity.


Keys may also be used to sign digitally a document. Logically, this is the process underlying authentication because the signature authenticates the sender of the document. See digital signature schemes.

Key exchange

Keys need to be distributed and their is a more secure scheme than to send a letter via postmail. See Cryptography - Key Exchange Algorithm





Cipher are not using password, they uses keys. Passwords should be then converted into key material with a password-stretching KDF with appropriate work factors.

Passwords were created to be memorized by human beings (low-entropy) where a key were created to be use in automated process by computer. They are too complex and random to be memorized.

Passwords are text whereas cryptographic keys are binary data (even if serialized and deserialized as text via base64) and are generally not meant to input manually.

In a multi-factor authentication context,

  • passwords are something you know
  • cryptographic keys are something you have.


Key pair (public and private) creation


To be able to tell a key's owner, public keys are often enriched with attributes such as:

  • names,
  • addresses,
  • and similar identifiers.

The packed collection of a public key and its attributes can be digitally signed.

The resulting object is called:

  • in the PKI model, a certificate and is signed by a certificate authority (CA).
  • In the PGP model, it is still called a “key”, and is signed by various people who personally verified that the attributes match the subject.


Selecting the Size of the Key 2), select the Strength of the crypto.

  • For RSA, 2048 bits should currently be sufficient for most purposes.
  • For ECDSA, only 256, 384, and 521 bits are supported. (ECDSA offers equivalent security to RSA with smaller key sizes.)
  • For Ed25519, the only valid size is 256 bits.



A private key is used in the public key cryptography scheme.


The private keys in a PKI mode that are used for user authentication are called identity keys.



Once an SSH server receives a public key from a user and considers the key trustworthy, the server marks the key as authorized in its authorized_keys file. Such keys are called authorized keys. See authorized_keys


The type of key is generally the name of the cipher


TLS/SSL is the network protocol that implements the cryptographic concepts:

Other secure protocol are a layer above (ie based on) TLS/SSL such as:

Documentation / Reference

Discover More
Crypto - initialization vector (IV) or starting variable (SV)

Most block cipher modes require a unique binary sequence, often called an initialization vector (IV), for each encryption operation. same as salt ? An initialization vector (IV) is a data block that...
Public Key Crypto Pair Key Creation
Cryptographic - Private Key

This article talks the secret known as the private key in a asymmetric cryptographic scheme. A private key is a cryptographic key that is private (that you should keep secret). This page is how to...
Cryptography - Algorithm (called a Cipher)

A cipher is an algorithm that encrypt a plain text message into a ciphertext. Cipher algorithm can be categorized by the key that they used as parameters. No key symmetric one (using one key) ...
Cryptography - Block Cipher

A Block cipher is a cipher where the unit of process is a block. A family of functions and their inverse functions that is parameterized by cryptographic keys. The functions map bit strings of a fixed...
Cryptography - JKS (Java Keystore)

In the JDK implementation of JKS, a keystore may contain both: key entries and trusted certificate entries. command line: Gui: Porte-cle: (download)...
Key Exchange Winscp Options
Cryptography - Key Exchange Algorithm

The goal of a key exchange algorithm is to permit to distribute Key on a secure way between two parties. The two most known key exchange algorithm are by order of important: But they are more....
Portecle New Keystore
Cryptography - Keystore (KS)

A keystore is a database of key material. ie: key LDAP identity You only need it: if you are a server that want to implements SSL, or if the server requires client authentication. A keystore...
Cryptography - Keytool (Key and Certificate Management Tool)

keytool is a Key and Certificate Management Tool that comes with the installation of Java where: See ...
Cryptography - Storage of key material

This page lists the datastore / file of cryptographic material such as: key LDAP identity certificat signing request and more. Key and key pair file format is the binary...

An identity is the identifier of an entity. (id + entity = identity) The key is a mathematical entity, while the owner – and the connection between owner and key – are not. identityidentifier (key)...

Share this page:
Follow us:
Task Runner