On Thu, 22 Jul 2021 14:05:31 -0600, Grant Taylor wrote:
>On 7/22/21 12:49 PM, Mike Hochee wrote:
>> ...
>There is also a hybrid approach in which a symmetric key is used to
>encrypt / decrypt the data and asymmetric keys to protect the first key.
> -- My understanding is that symmetric encryption is multiple orders
>of magnitude faster than asymmetric encryption.
>
This is routinely, almost universally, done for asymmetric encryption.
It lacks authentication and does not prevent MITM attacks:
o An intruder can masquerade as the sender and supply forged data.
o An intruder can masquerade as the recipient and intercept sensitive data.
o Or both, if you're lucky.
I believe (I'm mostly guessing) that a Certificate Authority provides
authentication in a repository of public keys but, "Quis custodiet ipsos
custodes?" Computers come with a table of recognized CAs and their
public keys embedded in the OS. This amounts to making the computer
vendors the ultimate Certificate authorities.
https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
Or, the CAs could announce their public keys on NewsMax or Twitter.
>1) Create an asymmetric public + private key pair on the destination
>system.
>2) Transfer the destination system's public key to the source system.
>3) Create a symmetric key on the source system.
>4) Use the source system's symmetric key to encrypt the data.
>5) Use the destination system's asymmetric public key to encrypt the
>source system's symmetric key.
>6) Transfer both the encrypted data and the encrypted symmetric key
>from the source system to the destination system.
>7) Use the destination system's asymmetric private key to decrypt the
>source system's symmetric key.
>8) Use the decrypted source system's symmetric key to decrypt the data.
>...
>n) PROFIT!!!
>
>The data and the symmetric key protecting it are only unencrypted on the
>source and destination system.
-- gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
