What is Symmetric Encryption?

Symmetric encryption is the oldest and most intuitive form of cryptography — the same key locks and unlocks the data. Modern symmetric algorithms like AES are extremely fast, capable of encrypting gigabytes per second with hardware acceleration, and provide strong security guarantees when used with appropriate key lengths and modes of operation.

The primary challenge of symmetric encryption is key distribution: how do you securely share the secret key with the intended recipient without an eavesdropper intercepting it? This is known as the key distribution problem and is what drove the invention of asymmetric (public-key) cryptography. In practice, hybrid systems use asymmetric cryptography to exchange a symmetric key, then use the symmetric key for bulk data encryption.

Symmetric encryption algorithms are categorized as either block ciphers (encrypting fixed-size blocks of data, like AES) or stream ciphers (encrypting data one bit or byte at a time). AES in GCM mode effectively operates as a stream cipher built on top of a block cipher, combining the security of AES with the flexibility and authentication of Galois/Counter Mode.

How Vaulted uses Symmetric Encryption

Vaulted uses symmetric encryption exclusively — specifically AES-256-GCM. A random symmetric key is generated in the browser for each secret. The key distribution problem is solved by embedding the key in the URL fragment of the shareable link. The sender shares the link, and whoever receives it possesses the symmetric key needed for decryption. No asymmetric cryptography or key exchange protocol is required because the link itself is the key distribution mechanism.