Is production: true
#encryption

Title: Hybrid encryption in ten minutes

Created: 24 May 2023 Modified: 24 May 2023

Description: This a article is about how hybrid encryption works. We are going explaine that with simple flow diagram.



[Wikipedia]

In cryptography, a hybrid cryptosystem is one which combines the convenience of a public-key cryptosystem with the efficiency of a symmetric-key cryptosystem.

A asymetric encryption is easy to distributed on internet without the need to share common key between sender and receiver, but the encryption performance is low.

On the other hand, the symmetric encryption is very performing encryption in very efficient way, but the drawback is that it needs to share a common key between the sender and receiver, which is not so good in internet.

Hybrid encryption combine the asymmetric encryption system and symmetric encryption system to provide better performance with higher quality of encryption level.

In this example, we use RAS as the asymmetric encryption method and AES as the symmetric encryption method. The all encrypted data is send through internet with a concept of envolpe container.

Problem

Ava (message sender) want to send a msg to Bernice (message receiver) through the internet.
Assuming the transmission channel is not safe enough due to any of reasons. e.g.

  1. their connection is insecure
  2. their network is censored

Key Exchnage

Both Ava and Bernice has their own key pair, the can transfer message through asymmetric encryption to make the msg security to be sent.

Ava has pri-key (S) (private key of sender) and pub-key (S) (public key of sender).

Bernice has pri-key (R) (private key of receiver) and pub-key (R) (public key of receiver).

Ava and Bernice first exchange their public key to each other.

So that, Ava has pub-key(R) and Bernice has pub-key(R).

Encryption

Ava generates a AES Key and the AES IV (initial value) for symmetric encryption purpose.

Ava use AES Key and AES IV to encrypt the msg in to Encrypted Messsage.

Ava hashed the msg to Hash Value and then use pri-key(S) encrypt the Hash Value into Signature.

Ava use the pub-key(R) to encrypt the AES Key and AES IV to Encrypted AES Key.

Last we group Encrypted Message, Signature and Encrypt AES Key into Envelope

Message Transission

The Envelope has been send through the internet to Bernice.

Decryption

Bernice use the pri-key(R) to descrypt the Encrypted AES Key back to AES Key and AES IV.

Bernice use AES Key and AES IV to decrypt Encrypted Message and get back the msg.

Bernice use pub-key(S) decrypt the Signature to get back the Hash Value. At the same time, Bernice hash the msg into Hash decrypted msg decrypted from the previous step. By comparing the Hash Value and the Hash decrypted msg, we could ensure that the message is send and encrypted by Ava.(Only Ava own the encyption key pri-key(S))

Summary