In most applications, symmetric and asymmetric encryption are combined to take advantage of each method's strengths. (See Figure 1-4.) When symmetric and asymmetric encryption are combined, the following takes place:
■ Symmetric encryption is used to convert the plaintext to ciphertext. This takes advantage of the symmetric encryption speed.
■ Asymmetric encryption is used to exchange the symmetric key used for encryption. This takes advantage of the security of asymmetric encryption, ensuring that only the intended recipient can decrypt the symmetric key.
Plain Text Symmetric Cipher Text Key
Cipher Text Symmetric Plain Text Key
Symmetric Public Encrypted Key Key Key
Encrypted Private Symmetric Key Key Key
Encrypted Key
Figure 1-4 Combining symmetric and asymmetric encryption
1. The sender retrieves the recipient's public key. The sender retrieves the public key from a trusted source, such as Active Directory.
2. The sender generates a symmetric key and uses this key to encrypt the original data.
3. The symmetric key is encrypted with the recipient's public key to prevent the symmetric key from being intercepted during transmission.
4. The encrypted symmetric key and encrypted data are provided to the intended recipient.
5. The recipient uses his or her private key to decrypt the encrypted symmetric key.
6. The encrypted data is decrypted with the symmetric key, which results in the recipient obtaining the original data.
Was this article helpful?