Practical Cryptography for Developers
  • Welcome
  • Preface
  • Cryptography - Overview
  • Hash Functions
    • Crypto Hashes and Collisions
    • Hash Functions: Applications
    • Secure Hash Algorithms
    • Hash Functions - Examples
    • Exercises: Calculate Hashes
    • Proof-of-Work Hash Functions
  • MAC and Key Derivation
    • HMAC and Key Derivation
    • HMAC Calculation - Examples
    • Exercises: Calculate HMAC
    • KDF: Deriving Key from Password
    • PBKDF2
    • Modern Key Derivation Functions
    • Scrypt
    • Bcrypt
    • Linux crypt()
    • Argon2
    • Secure Password Storage
    • Exercises: Password Encryption
  • Secure Random Generators
    • Pseudo-Random Numbers - Examples
    • Secure Random Generators (CSPRNG)
    • Exercises: Pseudo-Random Generator
  • Key Exchange and DHKE
    • Diffie–Hellman Key Exchange
    • DHKE - Examples
    • Exercises: DHKE Key Exchange
  • Encryption: Symmetric and Asymmetric
  • Symmetric Key Ciphers
    • Cipher Block Modes
    • Popular Symmetric Algorithms
    • The AES Cipher - Concepts
    • AES Encrypt / Decrypt - Examples
    • Ethereum Wallet Encryption
    • Exercises: AES Encrypt / Decrypt
    • ChaCha20-Poly1305
    • Exercises: ChaCha20-Poly1305
  • Asymmetric Key Ciphers
    • The RSA Cryptosystem - Concepts
    • RSA Encrypt / Decrypt - Examples
    • Exercises: RSA Encrypt / Decrypt
    • Elliptic Curve Cryptography (ECC)
    • ECDH Key Exchange
    • ECDH Key Exchange - Examples
    • Exercises: ECDH Key Exchange
    • ECC Encryption / Decryption
    • ECIES Hybrid Encryption Scheme
    • ECIES Encryption - Example
    • Exercises: ECIES Encrypt / Decrypt
  • Digital Signatures
    • RSA Signatures
    • RSA: Sign / Verify - Examples
    • Exercises: RSA Sign and Verify
    • ECDSA: Elliptic Curve Signatures
    • ECDSA: Sign / Verify - Examples
    • Exercises: ECDSA Sign and Verify
    • EdDSA and Ed25519
    • EdDSA: Sign / Verify - Examples
    • Exercises: EdDSA Sign and Verify
  • Quantum-Safe Cryptography
    • Quantum-Safe Signatures - Example
    • Quantum-Safe Key Exchange - Example
    • Quantum-Safe Asymmetric Encryption - Example
  • More Cryptographic Concepts
    • Digital Certificates - Example
    • TLS - Example
    • One-Time Passwords (OTP) - Example
  • Crypto Libraries for Developers
    • JavaScript Crypto Libraries
    • Python Crypto Libraries
    • C# Crypto Libraries
    • Java Crypto Libraries
  • Conclusion
Powered by GitBook
On this page
  • Symmetric Encryption / Decryption
  • Symmetric Encryption Uses a Set of Algorithms

Was this helpful?

Symmetric Key Ciphers

PreviousEncryption: Symmetric and AsymmetricNextCipher Block Modes

Last updated 5 years ago

Was this helpful?

Symmetric key ciphers (like AES, ChaCha20, RC6, Twofish, CAST and many others) use the same key (or password) to encrypt and decrypt data. They are often used in combination with other algorithms into a symmetric encryption schemes (like ChaCha20-Poly1305 and AES-128-GCM and AES-256-CTR-HMAC-SHA256), often with password to key derivation algorithms (like Scrypt and Argon2). Symmetric key ciphers are quantum-resistant, which means that powerful quantum computers will not be able to break their security (when big enough key lengths are used). Symmetric ciphers can encrypt data coming as blocks of fixed size (block ciphers) or data coming as a sequence of bytes (stream ciphers). Block ciphers can be transformed to stream ciphers by certain constructions, known as "block cipher modes of operation".

Symmetric Encryption / Decryption

Symmetric encryption and decryption uses a secret key or passphrase (to derive the key from it). The secret key used to encrypt and decrypt the data is usually 128 bits or 256 bits and is called "encryption key". Sometimes it is given as hex or base64-encoded integer number or is derived through a password-to-key derivation scheme.

When the input data is encrypted, it is transformed to encrypted ciphertext and when the ciphertext is decrypted, it is transformed back to the original input data.

Symmetric Encryption Uses a Set of Algorithms

It is important to know as a concept that symmetric-key encryption algorithms usually do not work standalone. They work together with other related crypto algorithms, into a symmetric encryption scheme / symmetric encryption construction.

  • Password-to-key derivation algorithm (like Scrypt or Argon2): to allow using a password instead of a key and to make password cracking hard and slow to be performed.

  • Block to stream cipher transformation algorithm (block cipher mode like CBC or CTR) + message padding algorithm like PKCS7 (in some modes): to allow encrypting data of arbitrary size using a block cipher algorithm (like AES).

  • Block cipher algorithm (like AES): to securely encrypt data blocks of fixed length using a secret key.

  • Message authentication algorithm (like HMAC): to check whether after decryption the obtained result matches the original message before the encryption.

Later in this section we shall give more details and examples about how to configure and use symmetric block ciphers (like AES) along with the all above described algorithms to securely encrypt and decrypt messages of arbitrary size.

In most encryption schemes an encryption is combined with password to key derivation algorithm and message authentication scheme (see ). Typically a symmetric encryption procedure uses a sequence of steps, involving different crypto algorithms:

authenticated encryption