Enveloped Public Key Encryption (EPKE)

> Software Security > Cryptography - Key

1 - About

Enveloped Public Key Encryption (EPKE) is an application of (Public Key Cryptography|Asymmetric key algorithms).

EPKE is the method used when securing communication on an open networked environment such by making use of the;

  • Transport Layer Security (TLS)
  • or Secure Sockets Layer (SSL) protocols.

EPKE consists of a two-stage process that includes both:

  • Public Key Encryption (PKE)
  • and a digital signature.

3 - Requirement

For EPKE to work effectively, it is required that:

  • Every participant in the communication has their own unique pair of keys.
Advertising

4 - Procedure

sender and receiver are generally software.

4.1 - Standard

  • The sender of the message first signs the message using their own private key
  • The sender then encrypts their digitally signed message using the receiver's public key thus applying a digital envelope to the message.
  • The receiver of the message uses their private key to decrypt the message thus removing the digital envelope
  • The receiver of the message uses the sender's public key to decrypt the sender's digital signature.

At this point, if the message has been unaltered during transmission, the message will be clear to the receiver.

4.2 - Large document

Due to the computationally complex nature of RSA-based asymmetric encryption algorithms, the time taken to encrypt large documents or files to be transmitted can be relatively long. Hashing can then be used. It is a much faster computation to complete as opposed to using an RSA-based digital signature algorithm alone.

To speed up the process of transmission to the large documents or files:

  • the sender would hash the documents or files using a hash function
  • the sender would digitally sign the generated hash value
  • the sender would encrypt the original documents or files with the receiver's public key.
  • the receiver would verify the signature with their private key.
  • the receiver would decrypt the encrypted documents or files with their private key.
Advertising

5 - Documentation / Reference