A secure scheme for data exchange: AES + RSA

Posted on Edited on

AES

The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.

Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic information. The entities communicating via symmetric encryption must exchange the key so that it can be used in the decryption process.

RSA

Asymmetric Encryption is a form of Encryption where keys come in pairs. What one key encrypts, only the other can decrypt. Frequently (but not necessarily), the keys are interchangeable, in the sense that if key A encrypts a message, then B can decrypt it, and if key B encrypts a message, then key A can decrypt it.

Hybrid Cryptosystem

Interface data encyrption

Steps:

  1. Client starts and sends request to server.
  2. Server generates a pair of keys(pubKey1 and priKey1) with RSA.
  3. Server sends pubKey1 back to client.
  4. Client generates a pair of keys(pubKey2 and priKey2) with RSA.
  5. Client encrypts pubKey2 with pubKey1.
  6. Client sends pubKey2 back to server.
  7. Server decrypts the ciphertext with priKey1 to get pubKey2. (Because the ciphertext is encrypted by pubKey1)
  8. Server generates symmetric encryption whose length is 16 with AES.
  9. Server encrypts the AES key with pubKey2 and sends to client.
  10. Client decrypts the AES key with priKey2 to get AES key.
  11. Finally, using encrypted key to do the encryption of data transmision.

Note:

  1. RSA is asymmetric encryption: public key encrypts while private key decrypts.
  2. AES is symmetric encryption: the same key is used for both encrypting and decrypting the data.
  3. Since there is a limitation against size when using RSA, so segmentation is required.
  4. Use the public key of RSA to encrypt AES, then use AES to decrypt/encrypt the content.