Hybrid cryptosystem
Under Hybrid encryption is defined as a combination of asymmetric encryption and symmetric encryption. Here, a random symmetric key is created, called a session key. With this session key, the data to be protected is symmetrically encrypted. Then, the session key is asymmetrically encrypted with the public key of the recipient. This approach solves the key distribution problem and sustains the speed advantage of symmetric encryption.
Comparison of individual encryption process
In a hybrid encoding process, two different encryption method may be used. For a symmetric encryption all communication partners need the same secret key, with which both for encryption and is also decrypted. For asymmetric encryption of all communication partners needed each have a private key pair consists of a public encryption key and a secret decryption key. Both processes have different properties.
- Asymmetric encryption methods are very slow and are therefore only suitable for very small amounts of data.
- Symmetric encryption methods have the problem that the communication partners must agree on a secret key before transmitting the message. For this, a secure communication channel should be used, such as a courier.
- Asymmetric encryption methods, however, solve the problem very elegant because of encrypting only the public key is needed. For the transmission of this key ranges from an authenticated channel.
Hybrid encryption method combine the two encryption methods so that their benefits are preserved:
- Hybrid encryption methods are very fast and suitable for large amounts of data, because the data is encrypted with the symmetric method and the asymmetric method is only used for the session key.
- It must be replaced no secret key before sending the message, knowledge of the public key of the recipient is sufficient to encrypt.
The hybrid procedure in detail
This section describes the procedure for a hybrid encryption. As with asymmetric encryption, the public key of the recipient must be sent first.
Key Management
Just as with asymmetric encryption method must generate a key pair even with hybrid encryption method, each communication partner.
After the key generation communication partners exchange their public keys with each other. It must be ensured that the public keys are actually the key of the participants. Thus, the asymmetric encryption reduces the problem of the secure ( confidential and authenticated ) key exchange to the problem of authenticated key exchange.
In general, each participant always uses a long time the same asymmetric key pair. However, it will generate a new session key for each encryption process, which is valid only for this session. This has the advantage that the symmetric keys of different sessions are independent of each other, so the announcement of a session key only the security of a single session endangered.
Encoding
- The sender ( Alice) produces a document. It is still unencrypted.
- Because it can be assumed that the document is very large, it is encrypted symmetric: For this purpose, a symmetric session key is generated.
- With this session key, the document is encrypted.
- For the public key of the receiver ( Bob) will be used.
The combination of the different encryption methods can be justified as follows:
- The payload data is symmetrically encrypted because it provides high speed is important, which can only offer a symmetrical process.
- The session key is asymmetrically encrypted, because it is small enough so that the extremely slow processing speed of an asymmetric process is not significant. But only an asymmetric method offers the advantage that the key management between Alice and Bob is regulated.
Decryption
The following shows an example of how the recipient can decrypt the received document:
- The receiver ( Bob) receives from the sender ( Alice) an encrypted document and an encrypted session key.
- First, the session key is decrypted asymmetric: To the secret key of the receiver ( Bob) is used.
Areas of application
Hybrid encryption method used in various scenarios used. They are used in network protocols IPsec, TLS / SSL and to encrypt e -mails with PGP or GPG. The article E -mail encryption addresses all relevant aspects of this issue in great detail.