Hybrid cryptosystem: Difference between revisions
imported>Sandy Harris (rfc 3766) |
imported>Sandy Harris (subpages) |
||
| Line 1: | Line 1: | ||
'''Hybrid cryptosystems''' combine [[public key]] (asymmetric) cryptography with secret key (symmetric) techniques such as [[block cipher]]s or [[stream cipher]]s. The [[public key]] techniques provide [[information security#source authentication|source authentication]] and [[key management]] services while the symmetric techniques do the high-volume data encryption. [[Cryptographic hash]]es are also involved, providing [[information security#integrity|data integrity protection]]. | {{subpages}} | ||
{{TOC-right}} | |||
'''Hybrid cryptosystems''' combine [[public key]] (asymmetric) [[cryptography]] with secret key (symmetric) techniques such as [[block cipher]]s or [[stream cipher]]s. The [[public key]] techniques provide [[information security#source authentication|source authentication]] and [[key management]] services while the symmetric techniques do the high-volume data encryption. [[Cryptographic hash]]es are also involved, providing [[information security#integrity|data integrity protection]]. | |||
For the Internet, there are a number of security systems — [[PGP]] for email, [[TLS]] for the web, [[SSH]] for remote login, [[IPsec]] as a general protection mechanism, and [[DNS security]]. All are hybrid cryptosystems that use symmetric ciphers ([[block cipher]]s or [[stream cipher]]s) along with [[public key]] methods and [[cryptographic hash]]es. All require a source of cryptographic quality [[random number]]s. | For the Internet, there are a number of security systems — [[PGP]] for email, [[TLS]] for the web, [[SSH]] for remote login, [[IPsec]] as a general protection mechanism, and [[DNS security]]. All are hybrid cryptosystems that use symmetric ciphers ([[block cipher]]s or [[stream cipher]]s) along with [[public key]] methods and [[cryptographic hash]]es. All require a source of cryptographic quality [[random number]]s. | ||
Revision as of 00:43, 20 November 2008
Template:TOC-right Hybrid cryptosystems combine public key (asymmetric) cryptography with secret key (symmetric) techniques such as block ciphers or stream ciphers. The public key techniques provide source authentication and key management services while the symmetric techniques do the high-volume data encryption. Cryptographic hashes are also involved, providing data integrity protection.
For the Internet, there are a number of security systems — PGP for email, TLS for the web, SSH for remote login, IPsec as a general protection mechanism, and DNS security. All are hybrid cryptosystems that use symmetric ciphers (block ciphers or stream ciphers) along with public key methods and cryptographic hashes. All require a source of cryptographic quality random numbers.
RFC 3766 has guidance on choosing appropriate key sizes for the public key algorithms in hybrid systems, to match the strength of other algorithms.
Take PGP as an example. If Alice wants to securely send a message to Bob, she cannot just use a symmetric method without first securely delivering the key to him. Securely delivering a key is not a trivial problem; anything sent over the net might be monitored, phones might be tapped and so on. Bob might be some distance away and sending an officer with a briefcase handcuffed to his wrist is often impractical.
If she can get Bob's public key and verify that it is valid, she can securely send a message using a public key system. However, such systems are generally much slower than symmetric methods; using them for large messages is expensive. In PGP, therefore, the public key technique is used only to provide authentication and to manage keys for a block cipher. This takes care of the key distribution problem, and the block cipher does the rest.
The steps for Alice are:
- generate a random key (call it K) for the symmetric cipher, using a good random number generator
- encrypt the actual message with a block cipher, using K as the key
- encrypt K with the public key system
- package the encrypted message, the encrypted K, and some authentication data into a PGP message
- send it off to Bob
Bob checks the authentication data, does a public key decryption to get K, then uses K to decrypt the actual message.