Before you can communicate any data using a
symmetric key algorithm, you have to make sure that all participants
have the same symmetric key. You can't just send out that key
the same way you're going to send the encrypted data because
then anybody who's watching that channel will have the key (and
if you don't think anybody's watching the channel, you
don't need to encrypt the data in the first place). If
you're using a public key algorithm, you have a different
problem; you need to be sure that you have the correct public key for
the entity you want to encrypt things for. These kinds of problems
are called *key distribution* problems.
There are three common ways for symmetric keys to be distributed. The
first method is called *manual keying*, which
simply means that there is no defined way for the key to be
distributed and some human being has to get it in. The assumption is
that the human will get the key via some reasonably secure method
that can't be compromised by the same techniques that would
compromise the encryption system itself (so, for instance, if the
encryption system is for a network protocol, the key will be sent via
fax, not over the network).

anual keying is regrettably common in systems that use long-lived
keys and is bearable only in such systems; if you have to change keys
frequently, having people involved is unusably slow and error prone.
In addition, people frequently compromise manual keying systems (for
instance, by sending keys in unencrypted electronic mail or by
leaving the fax of the key lying around where attackers can find it).

Symmetric keys may also be distributed using *public key
cryptography* ; this simply changes the problem to one of
public key distribution, which we'll discuss later. In systems
that do this, one party decides on a symmetric key and encrypts it
using the other party's public key. As long as the public key
information is trustworthy, only the desired other party can read the
symmetric key.

Finally, symmetric keys may be distributed using a *key
exchange algorithm*. Key exchange algorithms are a special
class of public key algorithms that don't encrypt data but do
allow two sides of a transaction to figure out the same unpredictable
number. The basic principle behind current algorithms is that each
side picks a random number, performs a calculation on it, and sends
the other side the result. Each side then performs another
calculation, still using its original random number, on the other
side's initial result, and the two sides come out with the same
answer, which is used as a secret key. In order for this to be
secure, it must be difficult for an eavesdropper who has the two
intermediate results to calculate the final result.

Because public keys are not secret, they are in some ways easier to
distribute than symmetric keys; you can send them around without
trying to hide them. On the other hand, you need some way to verify
that a public key is the correct public key for the entity you want
to communicate with. If an attacker can convince you that the
attacker's public key belongs to a friend of yours, you will
cheerfully encrypt all the data you want to send to your friend so
that the attacker can read it (but your friend can't).