208:, which are hardware systems that protect keys with hardware features like intrusion resistance. This means that KEKs can also be more secure because they are stored on secure specialized hardware. Envelope encryption makes centralized key management easier because a centralized key management system only needs to store KEKs, which occupy less space, and requests to the KMS only involve sending wrapped and unwrapped DEKs, which use less bandwidth than transmitting entire messages. Since one KEK can be used to encrypt many DEKs, this also allows for less storage space to be used in the KMS. This also allows for centralized auditing and access control at one point of access.
164:, then the hybrid scheme inherits that property as well. However, it is possible to construct a hybrid scheme secure against adaptive chosen ciphertext attacks even if the key encapsulation has a slightly weakened security definition (though the security of the data encapsulation must be slightly stronger).
192:
for the scheme. To decrypt a ciphertext, the wrapped DEK is unwrapped (decrypted) via a call to a service, and then the unwrapped DEK is used to decrypt the encrypted message. In addition to the normal advantages of a hybrid cryptosystem, using asymmetric encryption for the KEK in a cloud context
183:
Envelope encryption gives names to the keys used in hybrid encryption: Data
Encryption Keys (abbreviated DEK, and used to encrypt data) and Key Encryption Keys (abbreviated KEK, and used to encrypt the DEKs). In a cloud environment, encryption with envelope encryption involves generating a DEK
36:
in order to communicate securely. However, they often rely on complicated mathematical computations and are thus generally much more inefficient than comparable symmetric-key cryptosystems. In many applications, the high cost of encrypting long messages in a public-key cryptosystem can be
62:
Note that for very long messages the bulk of the work in encryption/decryption is done by the more efficient symmetric-key scheme, while the inefficient public-key scheme is used only to encrypt/decrypt a short key value.
373:
184:
locally, encrypting one's data using the DEK, and then issuing a request to wrap (encrypt) the DEK with a KEK stored in a potentially more secure
398:
59:
The hybrid cryptosystem is itself a public-key system, whose public and private keys are the same as in the key encapsulation scheme.
534:
309:
279:
204:, a key management system (KMS) can be available as a service. In some cases, the key management system will store keys in
66:
All practical implementations of public key cryptography today employ the use of a hybrid system. Examples include the
161:
266:
579:
330:"Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack"
298:
Deng, Juan; Brooks, Richard (2012). "Chapter 26 - Cyber-Physical
Security of Automotive Information Technology".
473:
Albertini, Ange; Duong, Thai; Gueron, Shay; Kölbl, Stefan; Luykx, Atul; Schmieg, Sophie (November 17, 2020).
251:
97:) is a modern standard for generic hybrid encryption. HPKE is used within multiple IETF protocols, including
79:
524:
299:
227:
160:
If both the key encapsulation and data encapsulation schemes in a hybrid cryptosystem are secure against
45:
32:. Public-key cryptosystems are convenient in that they do not require the sender and receiver to share a
265:
Paar, Christof; Pelzl, Jan; Preneel, Bart (2010). "Chapter 6: Introduction to Public-Key
Cryptography".
185:
29:
205:
627:
349:
217:
98:
67:
130:
Encrypts the message under the data encapsulation scheme, using the symmetric key just generated.
52:
25:
551:
344:
173:
657:
197:
172:
Envelope encryption is term used for encrypting with a hybrid cryptosystem used by all major
148:
Uses her private key to decrypt the symmetric key contained in the key encapsulation segment.
151:
Uses this symmetric key to decrypt the message contained in the data encapsulation segment.
120:
To encrypt a message addressed to Alice in a hybrid cryptosystem, Bob does the following:
8:
603:
201:
499:
133:
Encrypts the symmetric key under the key encapsulation scheme, using Alice's public key.
530:
305:
275:
354:
105:
37:
prohibitive. This is addressed by hybrid systems by using a combination of both.
446:
422:
177:
109:
75:
40:
A hybrid cryptosystem can be constructed using any two separate cryptosystems:
358:
651:
33:
94:
222:
193:
provides easier key management and separation of roles, but can be slower.
71:
17:
137:
604:"What is envelope encryption? - FAQ| Alibaba Cloud Documentation Center"
399:"Understanding the SSH Encryption and Connection Process | DigitalOcean"
104:
Envelope encryption is an example of a usage of hybrid cryptosystems in
329:
189:
475:"How to Abuse and Fix Authenticated Encryption Without Key Commitment"
268:
Understanding
Cryptography: A Textbook for Students and Practitioners
474:
74:
protocol, that use a public-key mechanism for key exchange (such as
108:. In a cloud context, hybrid cryptosystems also enable centralized
127:
Generates a fresh symmetric key for the data encapsulation scheme.
83:
78:) and a symmetric-key mechanism for data encapsulation (such as
447:"RFC 2315 - PKCS #7: Cryptographic Message Syntax Version 1.5"
144:
To decrypt this hybrid ciphertext, Alice does the following:
87:
188:. Then, this wrapped DEK and encrypted message constitute a
301:
Handbook on
Securing Cyber-Physical Critical Infrastructure
552:"Secure Hybrid Encryption from Weakened Key Encapsulation"
472:
549:
327:
628:"Hardware Security Module (HSM) - Glossary | CSRC"
93:Hybrid Public Key Encryption (HPKE, published as
649:
264:
580:"AWS KMS concepts - AWS Key Management Service"
522:
500:"Envelope encryption | Cloud KMS Documentation"
543:
323:
321:
523:St Denis, Tom; Johnson, Simon (2006). "9".
468:
466:
318:
24:is one which combines the convenience of a
374:"Transport Layer Security (TLS) (article)"
297:
252:"A Generic Hybrid Encryption System (HES)"
348:
463:
494:
492:
490:
488:
249:
55:, which is a symmetric-key cryptosystem
650:
574:
572:
570:
568:
550:Hofheinz, Dennis; Kiltz, Eike (2019).
481:– via Cryptology ePrint Archive.
396:
328:Cramer, Ronald; Shoup, Victor (2019).
167:
559:Advances in Cryptology – CRYPTO 2007
485:
293:
291:
245:
243:
48:, which is a public-key cryptosystem
565:
13:
162:adaptive chosen ciphertext attacks
14:
669:
288:
240:
176:, often as part of a centralized
90:file format are other examples.
620:
596:
516:
371:
439:
415:
390:
365:
304:. Elsevier. pp. 655–676.
258:
1:
561:. Springer. pp. 553–571.
233:
7:
526:Cryptography for Developers
228:Key Encapsulation Mechanism
211:
180:system in cloud computing.
155:
124:Obtains Alice's public key.
46:key encapsulation mechanism
10:
674:
250:Shoukat, Ijaz Ali (2013).
196:In cloud systems, such as
115:
30:symmetric-key cryptosystem
359:10.1137/S0097539702403773
337:SIAM Journal on Computing
206:hardware security modules
101:and TLS Encrypted Hello.
53:data encapsulation scheme
28:with the efficiency of a
218:Transport Layer Security
174:cloud service providers
26:public-key cryptosystem
198:Google Cloud Platform
608:www.alibabacloud.com
479:USENIX Security 2022
451:datatracker.ietf.org
427:datatracker.ietf.org
423:"RFC 9580 - OpenPGP"
403:www.digitalocean.com
397:Ellingwood, Justin.
136:Sends both of these
86:file format and the
584:docs.aws.amazon.com
202:Amazon Web Services
168:Envelope encryption
22:hybrid cryptosystem
70:protocol and the
536:978-1-59749-104-4
311:978-0-12-415815-3
281:978-3-642-04100-6
665:
642:
641:
639:
638:
624:
618:
617:
615:
614:
600:
594:
593:
591:
590:
576:
563:
562:
556:
547:
541:
540:
520:
514:
513:
511:
510:
496:
483:
482:
470:
461:
460:
458:
457:
443:
437:
436:
434:
433:
419:
413:
412:
410:
409:
394:
388:
387:
385:
384:
369:
363:
362:
352:
334:
325:
316:
315:
295:
286:
285:
273:
262:
256:
255:
247:
673:
672:
668:
667:
666:
664:
663:
662:
648:
647:
646:
645:
636:
634:
626:
625:
621:
612:
610:
602:
601:
597:
588:
586:
578:
577:
566:
554:
548:
544:
537:
521:
517:
508:
506:
498:
497:
486:
471:
464:
455:
453:
445:
444:
440:
431:
429:
421:
420:
416:
407:
405:
395:
391:
382:
380:
370:
366:
332:
326:
319:
312:
296:
289:
282:
271:
263:
259:
248:
241:
236:
214:
170:
158:
118:
106:cloud computing
12:
11:
5:
671:
661:
660:
644:
643:
619:
595:
564:
542:
535:
515:
484:
462:
438:
414:
389:
364:
350:10.1.1.76.8924
343:(1): 167–226.
317:
310:
287:
280:
257:
238:
237:
235:
232:
231:
230:
225:
220:
213:
210:
178:key management
169:
166:
157:
154:
153:
152:
149:
142:
141:
134:
131:
128:
125:
117:
114:
110:key management
76:Diffie-Hellman
57:
56:
49:
9:
6:
4:
3:
2:
670:
659:
656:
655:
653:
633:
632:csrc.nist.gov
629:
623:
609:
605:
599:
585:
581:
575:
573:
571:
569:
560:
553:
546:
538:
532:
528:
527:
519:
505:
501:
495:
493:
491:
489:
480:
476:
469:
467:
452:
448:
442:
428:
424:
418:
404:
400:
393:
379:
375:
372:Fox, Pamela.
368:
360:
356:
351:
346:
342:
338:
331:
324:
322:
313:
307:
303:
302:
294:
292:
283:
277:
270:
269:
261:
253:
246:
244:
239:
229:
226:
224:
221:
219:
216:
215:
209:
207:
203:
199:
194:
191:
187:
181:
179:
175:
165:
163:
150:
147:
146:
145:
139:
135:
132:
129:
126:
123:
122:
121:
113:
111:
107:
102:
100:
96:
91:
89:
85:
81:
77:
73:
69:
64:
60:
54:
50:
47:
43:
42:
41:
38:
35:
34:common secret
31:
27:
23:
19:
658:Cryptography
635:. Retrieved
631:
622:
611:. Retrieved
607:
598:
587:. Retrieved
583:
558:
545:
529:. Elsevier.
525:
518:
507:. Retrieved
504:Google Cloud
503:
478:
454:. Retrieved
450:
441:
430:. Retrieved
426:
417:
406:. Retrieved
402:
392:
381:. Retrieved
378:Khan Academy
377:
367:
340:
336:
300:
274:. Springer.
267:
260:
223:Secure Shell
195:
182:
171:
159:
143:
119:
103:
92:
65:
61:
58:
39:
21:
18:cryptography
15:
138:ciphertexts
637:2022-01-23
613:2021-12-30
589:2021-12-30
509:2021-12-30
456:2022-02-06
432:2024-08-02
408:2022-02-06
383:2022-02-06
234:References
190:ciphertext
345:CiteSeerX
140:to Alice.
652:Category
212:See also
156:Security
95:RFC 9180
186:service
116:Example
84:OpenPGP
82:). The
533:
347:
308:
278:
88:PKCS#7
555:(PDF)
333:(PDF)
272:(PDF)
531:ISBN
306:ISBN
276:ISBN
200:and
20:, a
355:doi
99:MLS
80:AES
72:SSH
68:TLS
16:In
654::
630:.
606:.
582:.
567:^
557:.
502:.
487:^
477:.
465:^
449:.
425:.
401:.
376:.
353:.
341:33
339:.
335:.
320:^
290:^
242:^
112:.
51:a
44:a
640:.
616:.
592:.
539:.
512:.
459:.
435:.
411:.
386:.
361:.
357::
314:.
284:.
254:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.