Session keys, also called symmetric keys, are used with symmetric encryption algorithms. Symmetric algorithms are the most common type of encryption algorithm. They are called symmetric because they use the same key for both encryption and decryption. Session keys are frequently changed, usually using a different session key for each message encrypted.
Symmetric algorithms are faster than public key algorithms. Thus, they are preferred when encrypting large amounts of data. Some of the more common symmetric algorithms are RC4, Triple DES (Data Encryption Standard), and Advanced Encryption Standard (AES).
Session keys are created by applications using either the
CryptGenKey or
CryptDeriveKey function.
Since a good deal of the activity involving session keys relates to keeping them secret, it is important to keep the number of people who possess a particular session key as small as possible. (One or two people is recommended.) These keys are kept internal to the CSP for safekeeping.
Unlike public/private key pairs, session keys are volatile. Applications can save these keys for later use or for transmission to other users by using the
CryptExportKey function to export them from the CSP into application space in the form of an encrypted key BLOB. For more information, see
Cryptographic Key Storage and Exchange.
Send comments about this topic to Microsoft
Build date: 11/16/2009