Transport Encryption and Key Exchange
- Transport/communication encryption protects data-in-motion
- e.g.,
- WPA
- IPSec
- TLS
- e.g.,
- uses a system of key exchange
- allows the sender and recipient to exchange a symmetric encryption key securely by using public key cryptography:
- Alice obtains a copy of Bob’s RSA or ECC public key, typically via Bob’s digital certificate.
- Alice encrypts their message using a secret key cipher, such as AES. In this context, the secret key is referred to as a session key.
- Alice encrypts the session key with Bob’s public key.
- Alice attaches the encrypted session key to the ciphertext message in a digital envelope and sends it to Bob.
- Bob uses their private key to decrypt the session key.
- Bob uses the session key to decrypt the ciphertext message.
- allows the sender and recipient to exchange a symmetric encryption key securely by using public key cryptography:
- uses cryptography to ensure the integrity and authenticity of messages
- via Hash-based Message Authentication Code (HMAC)
- combines the secret key derived during key exchange with a hash of the message.
- is a method used to verify both the integrity and authenticity of a message by combining a cryptographic hash of the message with a secret key
- via Hash-based Message Authentication Code (HMAC)
Info
Alternatively, the symmetric cipher might be designed to perform Authenticated Encryption (AE).
- This type of symmetric cipher mode of operation ensures confidentiality and integrity/authenticity.