The ability to create more-secure key-exchange systems is one of the advantages of combining DES or AES and PKA support in the same cryptographic system. Because PKA cryptography is more computationally intensive than symmetric cryptography, it is not the method of choice for all cryptographic functions. It can be used, however, in combination with symmetric cryptography to enhance the security of key exchange. Symmetric keys can be exchanged safely between two systems when encrypted using an RSA public key. Sending system and receiving system do not need to share a secret key to be able to exchange RSA-encrypted symmetric keys. An example of this is shown in Figure 1. The sending system enciphers the symmetric key under the receiver's RSA public key and sends the enciphered symmetric key to the receiver. The receiver uses his or her RSA private key to decipher the symmetric key.
Not all symmetric keys can be wrapped using an RSA key. AES and DES data-encryption keys are supported (fixed-length format key token) as well as AES and HMAC keys (variable-length format key token).