Session Key

Also known as: Ephemeral key, Per-session key

A short-lived symmetric key used to protect a single communication session and then discarded.

A session key is a symmetric key — usually AES-128/256 or ChaCha20 — used to provide confidentiality, integrity, and authenticity for the data exchanged during a single session, and then destroyed when the session ends. Session keys are typically derived from a longer-term shared secret or key-exchange output via a KDF such as HKDF, so a single handshake (TLS, SSH, WireGuard, IPsec, Signal) can produce distinct keys for each direction and purpose (encryption, MAC, key update). Their short lifetime and ephemeral nature limit the amount of data exposed if a session key is compromised, and combined with ephemeral Diffie-Hellman they provide perfect forward secrecy for past traffic.

Examples

TLS 1.3 derives client_application_traffic_secret and server_application_traffic_secret session keys with HKDF.
Signal generates a fresh AES-256 message key for each chat message via the Double Ratchet algorithm.

Session Key

Examples

Related terms

Cryptographic Key

Master Key

Key Derivation Function (KDF)

Perfect Forward Secrecy

TLS (Transport Layer Security)

Symmetric Encryption

Definition

Examples

Related terms

Cryptographic Key

Master Key

Key Derivation Function (KDF)

Perfect Forward Secrecy

TLS (Transport Layer Security)

Symmetric Encryption