· Distribution of a symmetric key starts when a user generates a secret key and provides a copy of it to the entity they want to communicate with.
· Keys are like a password. While they work on a small scale, if every communicating pair of users needs to have their own unique secret key, the number of keys rises dramatically with the number of users: For example, if there are 10 users it means 45 separate keys are required. However, 100 users will need 4,950 separate keys, and 1,000 users require 499,500 keys. This approach doesn't scale well.
· A more common approach is using an asymmetric cipher to encrypt the symmetric key. For example, if Alice needs to give Bob her secret key, she obtains Bob's public key and uses that to encrypt the symmetric secret key. When Bob receives the encrypted secret key, he uses his own private key to decrypt it. This is how TLS and S/MIME protocols exchange keys between two communicating endpoints.
· Public keys can also be distributed using a public key infrastructure. In many cases, Lightweight Directory Access Protocol (LDAP), servers can be used to distribute public keys, although these are typically in the form of digital certificates. This method allows senders to look up the recipient's digital certificate in the directory.
3rd EditionCharles E. Leiserson, Clifford Stein, Ronald L. Rivest, Thomas H. Cormen 3rd EditionMichael Sipser 8th EditionJohn Buck, William Hayt 10th EditionWilliam Stallings