Secret Key Cryptography

Unlike public key cryptography, which uses key pairs, secret key cryptography encrypts and decrypts messages using an algorithm with a single key. A secret key is a key known to both the sender and the recipient. It is similar to a used for logging on to a server. Both you and the server must know the same password for you to have access to that server.

Because the secret key must be distributed to both the sender and the recipient in a way that it remains a secret, key distribution is more difficult with secret key cryptography than with public key cryptography. However, secret key cryptography is very fast, making it ideal for encrypting and decrypting large amounts of data. For this reason, Microsoft Exchange Server relies on it to encrypt the contents of messages, including attachments.

Clients use several different types of secret key encryption algorithms to comply with United States export laws, including the Data Encryption Standard (DES) and the Carlisle Adams and Stafford Tavares of Northern Telecom Research (CAST) encryption algorithms. For information about selecting the encryption type best suited for your organization, see "Selecting an Encryption Type" later in this chapter.

DES is a secret-key algorithm based on a fixed-length, 56-bit key. It was first published by the National Bureau of Standards. DES is a United States Federal information processing standard that is available only with the North American version of Microsoft Exchange Server.

CAST is a secret-key encryption based on a variable length key. The key is a number that specifies a bit length between 40 and 128. This variable length provides for flexible encryption standards. Because longer keys are more secure than shorter ones, Microsoft Outlook uses CAST 40 (a 40-bit key) and CAST 64 (a 64-bit key). CAST 64 is available only with the North American version of Microsoft Outlook.