Enveloped Public Key Encryption (EPKE)

About

Enveloped Public Key Encryption (EPKE) is a encryption method of the public key schema.

EPKE is the method used when securing communication on an open networked environment such by making use of the Transport Layer Security (TLS) (ie SSL) protocols.

EPKE consists of a two-stage process that includes both:

Requirement

For EPKE to work effectively, it is required that:

  • Every participant in the communication has their own unique pair of keys.

Procedure

sender and receiver are generally software.

Standard

  • The sender of the message first signs the message using their own private key
  • The sender then encrypts their digitally signed message using the receiver's public key thus applying a digital envelope to the message.
  • The receiver of the message uses their private key to decrypt the message thus removing the digital envelope
  • The receiver of the message uses the sender's public key to decrypt the sender's digital signature.

At this point, if the message has been unaltered during transmission, the message will be clear to the receiver.

Large document

Due to the computationally complex nature of RSA-based asymmetric encryption algorithms, the time taken to encrypt large documents or files to be transmitted can be relatively long. Hashing can then be used. It is a much faster computation to complete as opposed to using an RSA-based digital signature algorithm alone.

To speed up the process of transmission to the large documents or files:

  • the sender would hash the documents or files using a hash function
  • the sender would digitally sign the generated hash value
  • the sender would encrypt the original documents or files with the receiver's public key.
  • the receiver would verify the signature with their private key.
  • the receiver would decrypt the encrypted documents or files with their private key.

Documentation / Reference


Powered by ComboStrap