pki is sometimes used to describe a certificate authority (CA). PKI is a method to associate a certain device or person with a certificate.

symmetric keys: same key is used for both encryption and decryption

also known as secret key algorithm or shared key.

benefit of this system is that it's very fast

for this system, you create the key used for encryption and decryption at the same time.

The alternative is asymmetric keys, in which you generate a public and a private key, where the private key is kept secret by the device or person and the public key is shared publicly. anyone with the public key can encrypt the data using that, but only the holder of the private key can decrypt the data.

common tools are PGP and GPG

ideally you also encode your private key with a password on your device. unfortunately/realistically many people don't password protect their private keys for convenience/speed.

secure key exchange:

• one way is out of band - i.e., using a different medium to share the key, in person or by telephone
• use asymettric encryption to encrypt a symmetric key, send that asymmetrically encrypted key to the other person, they decrypt it to obtain the symmetric key
• session keys: ephemeral templorary keys that are encyrpted with a server's private key, then the server uses its private key to decrypt the session key (? not clear how this works)

key exchange algorithms