Page History
...
- A secret is encrypted using the Certificate or Public Key of the receiver that should decrypt the secret.
- The encryption process takes the following steps:
- Create a symmetric one-time key.
- Encrypt the one-time key with the receiver's Public Key. If a Certificate is used then the Public Key is calculated from the Certificate.
- Create an initialization vector that includes changing values for a "salt" to protect encrypted secrets from rainbow table attacksattacks using rainbow tables. The "salt" is no sensitive information, its knowledge will not allow more efficient attacks..
- Encrypt the secret with the one-time key and initialization vector.
- Drop the one-time key, only the receiver will be able to decrypt the encrypted one-time key later on.
- The outcome of encryption that is forwarded to a receiver includes the following items:
- encrypted one-time key,
- initialization vector which includes the "salt", a changing value that protects encryption from rainbow table attacks,
- encrypted secret.
| Graphviz | ||
|---|---|---|
| ||
digraph structs {
compound=true;
rankdir=LR;
OneTimeKey [label=" One-time Key ",style="filled",fillcolor="grey",fontname="Arial",fontsize="white12pt"]
Encrypted_OneTimeKey [label=" Encrypted One-time Key ",style="filled",fillcolor="dodgerblue",fontname="Arial",fontsize="12pt"]
Initialization_Vector [label=" Initialization Vector ",style="filled",fillcolor="dodgerblue",fontname="Arial",fontsize="12pt"]
Secret [label=" Secret ",style="filled",fillcolor="limegreen",fontname="Arial",fontsize="12pt"]
Encrypted_Secret [label=" Encrypted Secret ",style="filled",fillcolor="dodgerblue",fontname="Arial",fontsize="12pt"]
Certificate [shape="ellipse",label=" Certificate / Public Key ",style="filled",fillcolor="orange",fontname="Arial",fontsize="12pt"]
UseCertificate [shape="rectangle",label="Access",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"]
UseSecret [shape="rectangle",label="Access",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"]
CreateOneTimeKey [shape="rectangle",label="Create",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"]
CreateIV [shape="rectangle",label="Create",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"]
EncryptKey [shape="rectangle",label="Encrypt",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"]
EncryptSecret [shape="rectangle",label="Encrypt",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"]
subgraph encrypt {
fontname="Arial";
fontsize="12pt";
CreateOneTimeKey -> OneTimeKey [label="",fontname="Arial",fontsize="10pt"];
OneTimeKey -> EncryptKey [label="apply",fontname="Arial",fontsize="10pt"];
UseCertificate -> Certificate [label="",fontname="Arial",fontsize="10pt"];
Certificate -> EncryptKey [label="apply",fontname="Arial",fontsize="10pt"];
EncryptKey -> Encrypted_OneTimeKey [label="create",fontname="Arial",fontsize="10pt"];
CreateIV -> Initialization_Vector [label="",fontname="Arial",fontsize="10pt"];
OneTimeKey -> EncryptSecret [label="apply",fontname="Arial",fontsize="10pt"];
Initialization_Vector -> EncryptSecret [label="apply",fontname="Arial",fontsize="10pt"];
UseSecret -> Secret [label="",fontname="Arial",fontsize="10pt"];
Secret -> EncryptSecret [label="apply",fontname="Arial",fontsize="10pt"];
EncryptSecret -> Encrypted_Secret [label="create",fontname="Arial",fontsize="10pt"];
}
} |
...
- The receiver is the sole owner of the Private Key, which guarantees that no one else can decrypt the secret.
- The decryption process takes the following steps:
- Decrypt the encrypted one-time key using the Private Key.
- Use the decrypted one-time key and initialization vector to decrypt the encrypted secret.
- Drop the one-time key.
| Graphviz | ||
|---|---|---|
| ||
digraph structs {
compound=true;
rankdir=LR;
Encrypted_OneTimeKey [label=" Encrypted One-time Key ",style="filled",fillcolor="dodgerblue",fontname="Arial",fontsize="12pt"]
Decrypted_OneTimeKey [label=" Decrypted One-time Key ",style="filled",fillcolor="grey",fontname="Arial",fontsize="white12pt"]
Initialization_Vector [label=" Initialization Vector ",style="filled",fillcolor="dodgerblue"] ,fontname="Arial",fontsize="12pt"]
Encrypted_Secret [label=" Encrypted Secret ",style="filled",fillcolor="dodgerblue",fontname="Arial",fontsize="12pt"]
Decrypted_Secret [label=" Secret ",style="filled",fillcolor="limegreen",fontname="Arial",fontsize="12pt"]
PrivateKey [shape="ellipse",label=" Private Key ",style="filled",fillcolor="orange",fontname="Arial",fontsize="12pt"]
UsePrivateKey [shape="rectangle",label="Access",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"]
UseEncryptedKey [shape="rectangle",label="Access",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"]
UseIV [shape="rectangle",label="Access",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"]
UseEncryptedSecret [shape="rectangle",label="Access",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"]
DecryptKey [shape="rectangle",label="Decrypt",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"]
DecryptSecret [shape="rectangle",label="Decrypt",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"]
subgraph decrypt {
fontname="Arial";
fontsize="12pt";
UseEncryptedKey -> Encrypted_OneTimeKey;
Encrypted_OneTimeKey -> DecryptKey [label="apply",fontname="Arial",fontsize="10pt"];
DecryptKey -> Decrypted_OneTimeKey;
Decrypted_OneTimeKey -> DecryptSecret [label="apply",fontname="Arial",fontsize="10pt"];
UseIV -> Initialization_Vector;
Initialization_Vector -> DecryptSecret [label="apply",fontname="Arial",fontsize="10pt"];
UseEncryptedSecret -> Encrypted_Secret;
Encrypted_Secret -> DecryptSecret [label="apply",fontname="Arial",fontsize="10pt"];
UsePrivateKey -> PrivateKey;
PrivateKey -> DecryptKey [label="apply",fontname="Arial",fontsize="10pt"];
DecryptSecret -> Decrypted_Secret;
}
} |
...
Overview
Content Tools