Symmetric key cryptography is an encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message.
Is the key public or it is secret? How can the sender and the receiver both know the key?
The handling of keys is known as key management. The establishment of the same symmetric or secret key between two or more parties is called key establishment.
Symmetric keys should be kept secret from other parties than the participants in the scheme. The term "secret key" is often used as a synonym for the symmetric key. The private keys for asymmetric schemes are not shared, but are of course also kept secret, as privacy implies secrecy.
The establishment of symmetric keys between parties can be performed in several ways:
Key Agreement (KA): the establishment of a key using a key agreement scheme such as DH or ECDH - usually followed by a KDF (see below);
Key Encapsulation (KE) or Key Wrapping (KW): the sending of a key encrypted by another (public) key;
Key Sharing schemes: the creation of a key from key parts held by different persons;
Quantum Key Distribution (QKD), the distribution of keying material over an optically linked connection that is impossible to eavesdrop.
Out-of-band" procedures: the transport of a randomly generated key using, for instance: a previous telephone call, a letter or the handover of a data carrier like a USB thumbdrive.
It is possible to derive new key material from a pre-shared secret as well. In that case we are talking about derivation from a base key using a Key Derivation Function (KDF). A KDF commonly uses the some kind of input keying material usually a master key or base key. The derived keys are often also dependent using other data as input such as a salt or a output-key specific label.
If the derivation is performed so the resulting keys can be used in different schemes it is often called key diversification. If the key is generated from a password we talk about a Password Based KDF or PBKFD, sometimes also used as a "password hash". If keys are derived in by advancing some kind of state or by relying on past keys we talk about a key ratchet.
There are other methods for establishing symmetric keys, but these are some of the most commonly used ones. The security of these schemes depends - of course - not just on the method but also on the implementation.
The key must be kept secret or it is no longer an encryption system. They key must be shared at some point, when is not important, but how is, and how determines when.
You can send encrypted messages to someone, then hand them the key on a post-it note at a later point in time so they can decode it, or on a flash drive, or some other physical handoff or dead drop.
The most common method is to create a shared secret between the two parties by way of diffie hellman key exchange, which is then hashed to create the encryption key. This type of exchange is susceptible to a man in the middle attack, so some sort of scheme must be used to authenticate the exchange, such as signing each message of the exchange with a long term private key to which the other party holds a public key to verify.
Another method is to include the key with the message, and use RSA type encryption on the key, so that only the intended recipient can decode the key, and decode the message
There are two main ways: Key Encapsulation Mechanism (KEM), or a Key Exchange (KEX).
In a KEM, Alice will create a symmetric key from a CSPRNG or TRNG, sign it with a private key and encrypt it with Bob's public key. RSA would be a scheme that can handle this.
The other option is KEX. This is when Alice and Bob both generate ephemeral keys (with ECC for example). They both sign their ephemeral public keys with their static private keys and send them to each other. Both Alice and Bob combine their own ephemeral private key with the other's ephemeral public key (EC point multiplication in the case of ECC), and end up with the same shared secret. This is a point on the elliptic curve, so it will be passed through HKDF, into the correct format and length for the symmetric key.
This symmetric key MUST NOT be public, as it would defeat the point of encryption as anyone could decrypt the ciphertext.
An increasingly common way is to send a key directly via photons in a general technique called quantum key distribution. This is of course an entirely hardware solution. The two main protocols are E91, whereby the candidate key is initiated midpoint utilising quantum entanglement:-
and the slightly older protocol of polarisation encoding from one end of the communication link, called BB84:-
Both techniques leverage either spooky action or the observer effect to be (theoretically) 100% secure. Even in 2011, the sifted key exchange rate was 128 kbps (1000 AES-128 keys per second). This has now been built upon, but even then, the transfer rate was sufficient to allow encryption via distributed one time pads (the holy grail).
Quantum mechanics - "That means we don't really understand it." - Richard Feynman
