On Thu, 22 Jul 2021 14:05:31 -0600, Grant Taylor wrote: >On 7/22/21 12:49 PM, Mike Hochee wrote: >> ... >There is also a hybrid approach in which a symmetric key is used to >encrypt / decrypt the data and asymmetric keys to protect the first key. > -- My understanding is that symmetric encryption is multiple orders >of magnitude faster than asymmetric encryption. > This is routinely, almost universally, done for asymmetric encryption. It lacks authentication and does not prevent MITM attacks:
o An intruder can masquerade as the sender and supply forged data. o An intruder can masquerade as the recipient and intercept sensitive data. o Or both, if you're lucky. I believe (I'm mostly guessing) that a Certificate Authority provides authentication in a repository of public keys but, "Quis custodiet ipsos custodes?" Computers come with a table of recognized CAs and their public keys embedded in the OS. This amounts to making the computer vendors the ultimate Certificate authorities. https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf Or, the CAs could announce their public keys on NewsMax or Twitter. >1) Create an asymmetric public + private key pair on the destination >system. >2) Transfer the destination system's public key to the source system. >3) Create a symmetric key on the source system. >4) Use the source system's symmetric key to encrypt the data. >5) Use the destination system's asymmetric public key to encrypt the >source system's symmetric key. >6) Transfer both the encrypted data and the encrypted symmetric key >from the source system to the destination system. >7) Use the destination system's asymmetric private key to decrypt the >source system's symmetric key. >8) Use the decrypted source system's symmetric key to decrypt the data. >... >n) PROFIT!!! > >The data and the symmetric key protecting it are only unencrypted on the >source and destination system. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN