What Is A Key Exchange?

Words By John Carl Villanueva

Key exchange is vital for secure file transfers, enabling two parties to share symmetric keys over insecure networks like the Internet. This process, often performed during the SSL handshake in protocols like FTPS and HTTPS, utilizes algorithms such as RSA and Diffie-Hellman to exchange cryptographic keys securely, ensuring data confidentiality during transmission.

Blog

Overview

Before any files can be securely sent over protocols like FTPS, HTTPS, and SFTP, the two communicating parties must engage in a key exchange. What's that?

key_exchange

Perhaps the best way to grasp the concept of encrypted key exchange is by understanding why it's needed.

Why key exchange is vital to secure file transfers

To preserve data confidentiality during transmission, secure file transfer protocols like FTPS, HTTPS, and SFTP have to encrypt the data through what is known as symmetric encryption. This kind of encryption requires the two communicating parties to have a shared key in order for them to encrypt and decrypt messages. However, the problem is that letting two parties have a shared key is not easy.

Long distances in the real world would geographically separate the two communicating parties. One party might be in LA, while the other might be in New York, Japan, or Germany. What's more, the two parties might have never met at all.

The key can't just be sent through ordinary methods because anyone who gets hold of it would then be able to decrypt all the files that the two parties would be sending to one another. But whatever the alternative method would be, it had to be easy to use, secure, and highly scalable. It also had to be designed for the fast, interconnected, highly insecure Internet highways. Otherwise, it wouldn't be suitable for business use, where sensitive, high-volume transactions made over vast distances are often carried out on a daily or even hourly basis.

shared_key

And so that's why key exchange protocols were developed. They were meant to enable two parties to exchange symmetric keys over insecure networks like the Internet.

After understanding the crucial role of key exchange in securing your data transfers, you might wonder how to implement or optimize it within your infrastructure. Book a demo today to see how our solutions make secure key exchange seamless and robust for your business needs.

SSL key exchange

In SSL/TLS-protected file transfer protocols like FTPS and HTTPS, the key exchange process is performed during what is known as the SSL handshake - that preliminary step before the encrypted message/file exchanges.

In another post, I wish to tackle the SSL/TLS handshake in more detail. But basically, this is how it works.

The client application, which is usually a Web browser (e.g., Firefox, Chrome, Internet Explorer, or Safari) or a file transfer client (e.g., AnyClient), requests a connection to the server by sending a message known as the Client Hello.

The Client Hello message typically consists of some random data and the cipher suites supported by the client. It may also contain a session ID and a compression algorithm, but don't worry about that for now. We're more concerned about the cipher suite because it's where you'll find the key exchange algorithm.

A cipher suite is a named set of algorithms (or methods, if you want) for key exchange, symmetric encryption, and message authentication. To clarify, each cipher suite will have one algorithm for key exchange, one for encryption, and one for message authentication.

As soon as the server receives the Client Hello, it will look up its list of supported cipher suites, compare it with the list sent by the client, and (ideally) choose the best.

Once the server chooses its desired cipher suite, it will choose the desired key exchange algorithm effectively.

Immediately after, the two (client and server) would start the key exchange process using the key exchange algorithm defined in the chosen cipher suite.

SFTP has a process similar to this.

Popular key exchange algorithms

The two most popular key exchange algorithms are RSA and Diffie-Hellman (now known as Diffie-Helmlman-Merkle). It probably wouldn't be too much of a stretch to say that the advent of these two key exchange protocols accelerated the growth of the Internet, especially business-wise.

That's because these two protocols allowed clients and servers, as well as servers and servers, to exchange cryptographic keys over an insecure medium (the Internet) and, in turn, enable them to transact electronically securely.

Elliptic curve cryptography has recently introduced new exchange protocols like ECDH (Elliptic Curve Diffie-Hellman) and ECDHE (Elliptic Curve Diffie-Hellman Ephemeral). These algorithms should be interesting to talk about, so stay tuned for our blog posts.

Here's a screenshot of some cipher suites supported by JSCAPE MFT Server, a managed file transfer server that supports FTPS, SFTP, HTTPS, and other secure file transfer protocols.

key_exchange_algorithms_in_cipher_suites

A lot of things happen when you connect to a secure server on the Internet. If you like to learn more about the things that happen in the background, check out these posts:

What Is Client Certificate Authentication?

What AES Encryption Is And How It's Used To Secure File Transfers

An Introduction To Stream Ciphers and Block Ciphers

An Overview of How Digital Certificates Work

Start transferring files securely

If you're looking for a way to transfer files securely, we invite you to download a FREE, fully functional evaluation edition of the JSCAPE MFT Server. Give it a try today.

Download JSCAPE MFT Server Trial

Posts By Category

Explore All Topics