如何组合对称和非对称加密？ [英] How to combine symmetric and asymmetric encryption?

问题描述

当谈到非对称加密时，经常说，由于某些原因，你不应该不对称地加密整个消息，例如。性能注意事项。

通常建议的工作流程为：

• 创建随机密钥
使用此随机密钥加密邮件

• 使用非对称加密加密随机密钥


• 将加密邮件和加密密钥发送给收件人
。

到目前为止，还不错。

只有两个问题：

1. 如何发送加密邮件和加密密钥？有什么标准吗？或者我完全免费如何做到这一点？ （我想要一个标准，如果有一个）。


2. 有关如何创建随机密钥的最佳做法吗？更具体来说：OpenSSL中是否应该使用特定的函数来处理？

解决方案

ol>

这是在评论中回答的。我会更好地建议检查OpenPGP - 它是以某种方式更容易理解，CMS有一个巨大的ASN.1结构超载。

随机键应该是完全随机字节字符串，从良好的随机

When talking about asymmetric encryption it is often said that due to some reasons you should not encrypt your entire message asymmetrically, e.g. performance considerations.

The usually suggested workflow is:

• Create a random key for symmetric encryption
• Encrypt the message using this random key
• Encrypt the random key using asymmetric encryption
• Send the encrypted message and the encrypted key to the recipient

So far, so good.

Just two questions:

1. How do I send the encrypted message and the encrypted key in combination? Is there a standard for that? Or am I completely free on how to do this? (I'd prefer a standard if there is one).
2. Is there any best practice on how to create the random key? To be more specific: Is there a specific function in OpenSSL that should be used for that?

解决方案

1. This was answered in comments. I would better recommend to check OpenPGP - it is somehow easier to understand, CMS has a huge ASN.1 structures overload.
2. Random key just should be completely random byte string, generated from good random source.

这篇关于如何组合对称和非对称加密？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！