# Cryptographic algorithm and key length

IBM Security Key Lifecycle Manager uses two types of algorithms, such as symmetric algorithms and asymmetric algorithms for data encryption.

Symmetric, or secret key encryption, uses a single key for both encryption and decryption. Symmetric key encryption is used to encrypt large amounts of data efficiently.

Advanced Encryption Standard (AES) keys are symmetric keys that can be three different key lengths (128, 192, or 256 bits). AES is the encryption standard that is recognized and recommended by the US government. The 256-bit keys are the longest allowed by AES. By default, IBM Security Key Lifecycle Manager generates 256-bit AES keys.

Asymmetric, or public/private encryption, uses a pair of keys. Data encrypted using one key can only be decrypted by using the other key in the public/private key pair. When an asymmetric key pair is generated, the public key is typically used to encrypt, and the private key is typically used to decrypt.

IBM Security Key Lifecycle Manager uses both symmetric and asymmetric keys. Symmetric encryption enables high-speed encryption of user or host data. Asymmetric encryption, which is necessarily slower, protects the symmetric key.

## Supported key sizes and import and export restrictions

IBM Security Key Lifecycle Manager can serve either 2048 or 1024-bit keys to devices. Older keys that were generated as 1024-bit keys can continue to be used.

Import PKCS#12 file | Export PKCS#12 file | Key Generation Size in Bits |
---|---|---|

Yes | Yes | 2048 |