Page History
...
- A secret is encrypted using the Certificate or Public Key of the receiver that should decrypt the secret.
- The encryption process takes the following steps:
- Create a symmetric one-time key.
- Encrypt the one-time key with the receiver's Public Key. If a Certificate is used then the Public Key is calculated from the Certificate.
- Create an initialization vector that includes changing values for a "salt" to protect encrypted secrets from rainbow table attacksattacks using rainbow tables. The "salt" is no sensitive information, its knowledge will not allow more efficient attacks..
- Encrypt the secret with the one-time key and initialization vector.
- Drop the one-time key, only the receiver will be able to decrypt the encrypted one-time key later on.
- The outcome of encryption that is forwarded to a receiver includes the following items:
- encrypted one-time key,
- initialization vector which includes the "salt", a changing value that protects encryption from rainbow table attacks,
- encrypted secret.
Graphviz | ||
---|---|---|
| ||
digraph structs { compound=true; rankdir=LR; OneTimeKey [label=" One-time Key ",style="filled",fillcolor="grey",fontname="Arial",fontsize="white12pt"] Encrypted_OneTimeKey [label=" Encrypted One-time Key ",style="filled",fillcolor="dodgerblue",fontname="Arial",fontsize="12pt"] Initialization_Vector [label=" Initialization Vector ",style="filled",fillcolor="dodgerblue",fontname="Arial",fontsize="12pt"] Secret [label=" Secret ",style="filled",fillcolor="limegreen",fontname="Arial",fontsize="12pt"] Encrypted_Secret [label=" Encrypted Secret ",style="filled",fillcolor="dodgerblue",fontname="Arial",fontsize="12pt"] Certificate [shape="ellipse",label=" Certificate / Public Key ",style="filled",fillcolor="orange",fontname="Arial",fontsize="12pt"] UseCertificate [shape="rectangle",label="Access",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"] UseSecret [shape="rectangle",label="Access",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"] CreateOneTimeKey [shape="rectangle",label="Create",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"] CreateIV [shape="rectangle",label="Create",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"] EncryptKey [shape="rectangle",label="Encrypt",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"] EncryptSecret [shape="rectangle",label="Encrypt",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"] subgraph encrypt { fontname="Arial"; fontsize="12pt"; CreateOneTimeKey -> OneTimeKey [label="",fontname="Arial",fontsize="10pt"]; OneTimeKey -> EncryptKey [label="apply",fontname="Arial",fontsize="10pt"]; UseCertificate -> Certificate [label="",fontname="Arial",fontsize="10pt"]; Certificate -> EncryptKey [label="apply",fontname="Arial",fontsize="10pt"]; EncryptKey -> Encrypted_OneTimeKey [label="create",fontname="Arial",fontsize="10pt"]; CreateIV -> Initialization_Vector [label="",fontname="Arial",fontsize="10pt"]; OneTimeKey -> EncryptSecret [label="apply",fontname="Arial",fontsize="10pt"]; Initialization_Vector -> EncryptSecret [label="apply",fontname="Arial",fontsize="10pt"]; UseSecret -> Secret [label="",fontname="Arial",fontsize="10pt"]; Secret -> EncryptSecret [label="apply",fontname="Arial",fontsize="10pt"]; EncryptSecret -> Encrypted_Secret [label="create",fontname="Arial",fontsize="10pt"]; } } |
...
- The receiver is the sole owner of the Private Key, which guarantees that no one else can decrypt the secret.
- The decryption process takes the following steps:
- Decrypt the encrypted one-time key using the Private Key.
- Use the decrypted one-time key and initialization vector to decrypt the encrypted secret.
- Drop the one-time key.
Graphviz | ||
---|---|---|
| ||
digraph structs { compound=true; rankdir=LR; Encrypted_OneTimeKey [label=" Encrypted One-time Key ",style="filled",fillcolor="dodgerblue",fontname="Arial",fontsize="12pt"] Decrypted_OneTimeKey [label=" Decrypted One-time Key ",style="filled",fillcolor="grey",fontname="Arial",fontsize="white12pt"] Initialization_Vector [label=" Initialization Vector ",style="filled",fillcolor="dodgerblue"] ,fontname="Arial",fontsize="12pt"] Encrypted_Secret [label=" Encrypted Secret ",style="filled",fillcolor="dodgerblue",fontname="Arial",fontsize="12pt"] Decrypted_Secret [label=" Secret ",style="filled",fillcolor="limegreen",fontname="Arial",fontsize="12pt"] PrivateKey [shape="ellipse",label=" Private Key ",style="filled",fillcolor="orange",fontname="Arial",fontsize="12pt"] UsePrivateKey [shape="rectangle",label="Access",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"] UseEncryptedKey [shape="rectangle",label="Access",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"] UseIV [shape="rectangle",label="Access",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"] UseEncryptedSecret [shape="rectangle",label="Access",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"] DecryptKey [shape="rectangle",label="Decrypt",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"] DecryptSecret [shape="rectangle",label="Decrypt",fontname="Arial",fontsize="10pt",style="filled",fillcolor="white"] subgraph decrypt { fontname="Arial"; fontsize="12pt"; UseEncryptedKey -> Encrypted_OneTimeKey; Encrypted_OneTimeKey -> DecryptKey [label="apply",fontname="Arial",fontsize="10pt"]; DecryptKey -> Decrypted_OneTimeKey; Decrypted_OneTimeKey -> DecryptSecret [label="apply",fontname="Arial",fontsize="10pt"]; UseIV -> Initialization_Vector; Initialization_Vector -> DecryptSecret [label="apply",fontname="Arial",fontsize="10pt"]; UseEncryptedSecret -> Encrypted_Secret; Encrypted_Secret -> DecryptSecret [label="apply",fontname="Arial",fontsize="10pt"]; UsePrivateKey -> PrivateKey; PrivateKey -> DecryptKey [label="apply",fontname="Arial",fontsize="10pt"]; DecryptSecret -> Decrypted_Secret; } } |
...
Overview
Content Tools