/
Architecture and Application of Microsoft .NET Framework 3. Architecture and Application of Microsoft .NET Framework 3.

Architecture and Application of Microsoft .NET Framework 3. - PowerPoint Presentation

trish-goza
trish-goza . @trish-goza
Follow
485 views
Uploaded On 2016-07-11

Architecture and Application of Microsoft .NET Framework 3. - PPT Presentation

for Data Protection Rafal Lukawiecki Strategic Consultant Project Botticelli Ltd Session Code ARC303 Objectives And Agenda Outline data protection requirements Explain the status of todays cryptography ID: 399308

cryptography key cng microsoft key cryptography microsoft cng encryption amp public data suite windows keys security sha net aes

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Architecture and Application of Microsof..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1
Slide2

Architecture and Application of Microsoft .NET Framework 3.5 Cryptography for Data Protection

Rafal Lukawiecki

Strategic Consultant

Project Botticelli Ltd

Session Code: ARC303Slide3

Objectives And AgendaOutline data protection requirementsExplain the status of today’s cryptographyIntroduce the cryptography APIs for Windows 7 and Windows Server 2008 R2

The information herein is for informational purposes only and represents the opinions and views of Project Botticelli and/or Rafal Lukawiecki. The material presented is not certain and may vary based on several factors. Microsoft makes no warranties, express, implied or statutory, as to the information in this presentation.

©

2009

Project Botticelli Ltd & Microsoft Corp. Some slides contain quotations from copyrighted materials by other authors, as individually attributed. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Project Botticelli Ltd as of the date of this presentation. Because Project Botticelli & Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft and Project Botticelli cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT AND/OR PROJECT BOTTICELLI MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. E&OE

.Slide4

AgendaData Protection GoalsState of Today’s CryptographyCryptography in Windows 7, Vista, and Windows Server 2008 and R2Demo: simple but fully working CNG code using .NET Framework 3.5

Hidden Section {Crypto Primer}Slide5

Why We Need This Session?Crypto is still cryptic, with lots of new stuff

You need

Data Protection

badly

For every good crypto

choice

apps make several bad ones

Good crypto starts in the

architectureSlide6

Data Protection GoalsSlide7

Defense in Depth

Policies, Procedures, & Awareness

OS hardening, updates,

BitLocker

, strong authentication

, secure startup

Firewalls, VPN quarantine

Guards, locks, tracking devices, HSM, TPM

Compartments, IPSec, IDS

Application hardening

Cryptography

User education against social engineering

Physical Security

Perimeter

Internal Network

Host

Application

DataSlide8

Data Protection is ImportantDP is at the heart of all defenceIt has to work when everything failedDP is typically the only defence when physical security has been brokenYou need Data Protection

in your application’s architecture!Slide9

Essence of Data ProtectionProtect secrets, customer data, private information......by encrypting it with keys

Then,

protect the keys

:

Human memory (passwords + DPAPI)

Devices (smartcards, TPMs)

Paper (and a good safe)

Obfuscation (temporary protection)

Easy

VERY

HARD

REALLYSlide10

Easiest Crypto, Please?Just use DPAPISystem.Security.Cryptography

ProtectedData.Protect

ProtectedMemory.Protect

Takes care of looking after keys

Or, if you are brave

enough

– stay with us!Slide11

Advanced DP in .NET FrameworksSystem.Security.Cryptography:Rijndael, RSA, and DSA Managed providers and

CryptoStream

Full crypto, not FIPS-certified - .NET

Fx

2.0, 3.0, 3.5

CNG Wrappers

for full cryptography FIPS-certified .NET Fx

3.5

and same in 4.0

System.Security.Cryptography

.Xml

W3C XML Encryption and XML Signature standards

System.Security.Cryptography

.PkcsPKCS#7 and Cryptographic Message Syntax (CMS) standardsSlide12

Cryptography of Past, Present and its ProblemsSlide13

XP RecommendationIf you cannot use Windows 7, Windows Server 2008, R2, or even Vista…At present (Nov 2009), consider:Rijndael or

AES

-128 (or AES-192, or AES-256)

RSA 4096 (arguably

3072

or longer)

“SHA-

2

” (i.e. SHA-256, or SHA-512)

DSA

(or SHA-2/RSA signatures)Slide14

DES, IDEA, RC2, RC5, TwofishNot Recommended

These are all

symmetric

non-recommendations

DES (Data Encryption Standard)

DO NOT USE DES!

Triple DES (3DES) more secure, but better options exist

IDEA (International Data Encryption Standard)

128 bit keys but designer weak by today’s standards

RC2 & RC5 (by R.

Rivest

)

RC2 is older and RC5 newer (1994) - similar to DES and IDEA

Blowfish,

Twofish – Good, but not a standardSlide15

Rijndael & AESRecommendedPresent standard

Winner of AES (Advanced Encryption Standard) competition

NIST (US National Institute of Standards and Technology) 1997-2000

Comes from Europe (Belgium) by Joan

Daemen

and Vincent

Rijmen

Recommended by NSA CNSSP-15 policy

Symmetric

block-cipher (128, 192 or 256 bits) with variable keys (128, 192 or 256 bits, too)

AES is a specific way of using

Rijndael

.NET

Fx

3.0

RijndaelManaged is a full Rijndael.NET Fx

3.5 AesManaged is a standards-compliant version of RijndaelSlide16

CAST and GOSTNot used widely anymore – avoidCAST

Canadians Carlisle Adams & Stafford Tavares

64 bit key and 64 bit of data – not enough

GOST

Soviet Union’s “version” of DES but with a clearer design and many more repetitions of the process

256 bit key but really 610 bits of secret, so pretty much “tank quality”

Backdoor? Who knows…

Slide17

Rely on CryptosystemsNever use just an algorithmAlways use

entire cryptosystem

E.g.

AES used in a simple “loop” to encrypt a stream of data destroys security

Use a block chaining mode

CNG supports CBC, CFB, and as of

Vista SP1

/WS08 also CCM, and GCM

Easiest way: .NET

Fx

CryptoStream

applies your chosen symmetric algorithm correctlySlide18

Dangerous ImplementationsCryptographic applications from not-well-known sourcesI “just downloaded this library”Insist on using built-in systems where possible:Microsoft OS: CNG, CAPI, CAPICOM etc.Smartcards: certified CSPs/KSPs

Elsewhere: FIPS-140-2 compliant implementations

See

csrc.nist.gov/cryptval

Slide19

RC4Generally Not RecommendedSymmetricFast, streaming encryption

R.

Rivest

in 1994

Originally secret, but “published” on

sci.crypt

Related to “one-time pad”,

theoretically most secure

But!

It relies on a really good random number generator

And that is a problem

Nowadays: use AES with a chaining modeSlide20

RSA, DSA, ElGamalAsymmetricRelatively slow and computationally expensiveSecurity sometimes being questionedRivest, Shamir,

Adleman

– 1978

Popular and well researched

Strength in today’s inefficiency to factorise into prime numbers

Some worries about key generation process in some implementations

DSA (Digital Signature Algorithm)

Mainly for digital signing, not for encryption, used in US

Variant of

Schnorr

and

ElGamal

signature algorithm

ElGamal

Relies on complexity of discrete logarithmsGenerally, considered one of the best asymmetric algorithmsSlide21

MD5, SHAHash functions – often used in digital signaturesHash much shorter than message and “unique” to itNot reversible: can’t obtain the message from its hashTwo messages won’t have the same hash

MD5 (R.

Rivest

)

512 bits hashed into 128

Mathematical model still unknown

Broken

in July 2004, do not use on its own

SHA (Secure Hash Algorithm)

US standard based on MD5

MD5 and MD4 broken

SHA-0

broken

(July 2004), SHA-1 probably too weak (

partly broken, full break alleged), use SHA-256 at leastSlide22

Diffie-Hellman, SSL, CertsMethods for key exchange and transportDH (1976) generates a new symmetric key based on public/private key pairsIt is both a mechanism for key exchange and encryption, if you wish

Certificates are still the most common way to exchange or validate public keys

Foundation of Public Key Infrastructure (PKI)

SSL uses a protocol to exchange keys safely, but requires PKISlide23

XP/2003 Era of Crypto APIsStill used and supportedMicrosoft CryptoAPI (

CAPI

) 2.0 was the interface to all CSPs

Cryptographic Service Providers

Built-in or smartcard-based

.NET Framework 1.1 and 2.0, and 3.0 wraps most of the functionality of CAPI in namespace

System.Security.Cryptography

Or you could use the

CAPICOM

librarySlide24

Contemporary CryptographySlide25

Quantum Cryptography?Method for generating and passing a secret key or a random streamFor keys, not dataPolarisation of light (photons) can be detected only in a way that destroys the “direction” (basis)

Works up-to-120km of a dedicated fibre-optic link

Practical implementations still use AES etc. for actual encryption

Magiq

QPN:

http://www.magiqtech.com/press/qpn.pdf

Don’t confuse it with quantum computing, which won’t be with us for at least another 50 years or so, or maybe longer…

Recently: an alternative was suggested using cheap resistors and regular cabling – “the Johnson noise” concept

Too new to comment, but an exciting ideaSlide26

The Golden StandardUS NSA and NIST recommended “Suite-B” protocolsMicrosoft supports Suite-B

only

in Windows 7, Windows Server 2008 and R2, and Vista

Internally Windows does not use weaker algorithms than Suite-B

But, of course, you can if you wish – please don’t except for backwards compatibilitySlide27

Suite Bwww.nsa.gov/ia/industry/crypto_suite_b.cfm Mandatory set of cryptographic algorithms for non-classified and classified (SECRET and TOP-SECRET)

USG

needs since 2008

Except a small area of special-security needs (e.g. nuclear security) – guided by Suite A (definition is, naturally, classified)

Widely used world-wide, as of 2009Slide28

Mathematical DesignsMany cryptographic algorithms (e.g. DSA) rely on a class of mathematical designs related to the concept of discrete logarithmsThese can be implemented over the finite field of any

abelian

group

Normally, this means using

integers

modulo a prime number

Alternatively,

elliptic curve groups

could be usedSlide29

Elliptic Curve CryptographyECCMore efficient design, fewer bits of key

Harder to break

Significantly faster algorithms

Used to enhance existing algorithms, such as DH or DSASlide30

Suite-B AlgorithmsEncryption: AESDigital Signature: EC-DSAKey Exchange:

EC-DH

or

EC-MQV

Hashing:

SHA-2Slide31

Suite-B EncryptionAESFIPS 197 (with keys sizes of 128 and 256 bits)Rijndael with 128 bit data blocks only

Keys of 192 bits not used

Most 256 bit implementations much slower than 128

Anything of 84 bits or more in this class considered “good enough” commercially (Nov 2009)Slide32

Suite-B Digital SignaturesElliptic Curve Digital Signature Algorithm (EC-DSA)FIPS 186-2 (using the curves with 256 and 384-bit prime moduli)Microsoft also supports 521-bit keys

Classical DSA applied over the algebra of finite fields of elliptic curves Slide33

Suite-B Key ExchangeThe Best Bit of Suite-BElliptic Curve Diffie-Hellman (or Elliptic Curve MQV)

Curves with 256 and 384-bit prime

moduli

Microsoft also supports 521-bits

Susceptible to man-in-the-middle attack

So requires authentication

Using digital signatures, certificates, or pre-shared secretsSlide34

Diffie-Hellman ConceptuallyThis is non-EC, normal DH

Alice and Bob openly agree on a (large) prime number

p

and a base integer

g

p

= 83,

g

= 8

Alice chooses a

private secret

integer

a

= 9, and then sends Bob

public (

ga) mod p(89

) mod 83 = 5Bob chooses a private secret integer b

= 21, and then sends Alice public (

gb) mod p(821) mod 83 = 18

Alice computes (((gb) mod

p)a) mod p

(189) mod 83 = 24Bob computes (((g

a) mod p)b

) mod p(521) mod 83 = 24

24 is the shared secret – never sent over the network!Slide35

Suite-B Key Exchange (MQV)EC-MQV: Menezes, Qu, and Vanstone protocolAuthenticated key exchangeDesign similar to DH

Uses the discrete logarithm concept

Also requires a pre-existing, verified and trusted long-term public/private

keypair

Which is only used for trust establishment, not for actual encryption or signing

This gives it an important forward-secrecy property

Suite-B uses the EC implementation of MQVSlide36

Suite-B HashingSecure Hash Algorithm “2”FIPS 180-2 (using SHA-256 and SHA-384)MD5 and SHA-0 have been broken

and SHA-1 has been theoretically and allegedly practically broken

SHA-2 should suffice for a few years, but ultimately it must be replaced

SHA-2 allows: 224,

256

, 384, and

512

bit lengthsSlide37

APIs for Suite-B Today?That’s what we have been waiting forSlide38

Cryptography APIs for Suite-BSlide39

Cryptographic Next Generation APICNGCAPI 1.0 has been deprecated

May be dropped in future Windows

CNG

Open cryptographic API for Windows 7, Server 2008 and R2, and Vista

Plug in kernel or user mode algorithms

Enables policy-based enterprise crypto configurationSlide40

Main CNG FeaturesCryptography agnosticKernel-mode for

performance

and security (better performance than CAPI 1.0)

Aim for FIPS-140

Certification

140-2 and Common Criteria (CC) on selected platforms

140-1 everywhere

Aim for CC compliance for long-term key storage and audit

Suite-B

of course, but also supports all existing algorithms available through CryptoAPI 1.0

Key Isolation and Storage using

TPMs

Developer-friendly

model for plug-insSlide41

CNG DesignThree APIs within CNG:CNG Cryptographic Primitive FunctionsThe “main” API: all algorithms are here – their names begin with a “B”

CNG Key Storage Functions

Allows interaction with the new Key Storage Providers concept

Supports existing devices (smartcards) and future types of tokens

This is also for encryption (see later) – names begin with an “N”

CNG Cryptographic Configuration Functions

For registering and managing additional cryptographic functions

http://msdn2.microsoft.com/en-us/library/aa375276.aspx

Slide42

Other APIsIn addition to CNG:.NET Framework System.Security.Cryptography

3.0 does

not

manage CNG

3.5 and 4.0 manage CNG

TBS: TPM Base Services

For interaction with Trusted Platform Modules

Certificate Enrolment APISlide43

CNG: Cryptographic Primitives ArchitectureSlide44

Using CNG – Two ModelsYour choice of who provides algorithms and keys:A Key Storage Provider (such as smartcards)All function names begin with “N”, such as NCryptOpenStorageProvider

This is the CNG Key Storage Functions API

Ncrypt.h

, Ncrypt.lib and Ncrypt.dll

Operating system’s software providers

All function names begin with “B”, such as

BCryptOpenAlgorithmProvider

This is the CNG Cryptographic Primitive Functions API

Bcrypt.h

, Bcrypt.lib and Bcrypt.dllSlide45

So, Who Encrypts?Reason for the Two APIs“B-API” ifYou want OS to do all the encryption, you use the “B-API”

Microsoft implementation or one you have added

Realistically: use for symmetric encryption

“N-API” if

You have a

smartcard

,

HSM

(hardware security module), a TPM, or a

suitable CSP

All computations performed by the device

Realistically: use for key exchange only

Generally, OS has little or nothing to doSlide46

Using CNG - ConceptsWin32/COM libraryRequest an algorithm/class, and the system offers the bestYou can always chose a specific provider

BCryptEnumRegisteredProviders

You can check properties of a provider before use

BCryptQueryProviderRegistration

You can register a specific provider

BCryptRegisterProvider

This solves the huge problem of updates, when better implementations are found in the futureSlide47

Using CNG – Encryption StepsFollow this process:Open a CNG Algorithm Provider

BCryptOpenAlgorithmProvider

Generate or import keys

Calculate the size of encrypted data

Call

BCryptEncrypt

with NULL for

pbInput

paramter

Encrypt data by calling

BCryptEncrypt

again

Repeat this step as needed using chaining (

not loop)

Output the resultClose the provider, unless caching, and clean-up

BCryptCloseAlgorithmProvider Slide48

RandomnessUse BCryptGenRandomThe default generator at least FIPS-186-2 compliant

Uses entropy gathered over time

You can add your own entropy

You can also specify a

different generator for all calls

Needless to say, do not use

Rnd

() etc. from your favourite language

Slide49

Tidy Up!After use don’t forget to:Destroy any in-memory keys and handles using

BCryptDestroyKey

Destroy plaintext

(or encrypt in-place)

This is not straightforward if UI was involvedSlide50

CNG and .NET Fx 3.5 and 4.0New algorithms:AesCryptoServiceProvider

,

ECDiffieHellmanCng

,

ECDSACng

, SHA1Cng, SHA256Cng, SHA384Cng, SHA512Cng

Avoid “old” (.NET 3.0 and earlier) providers

No FIPS certification

Harder to use

CngKey

wraps “

NCrypt

And some functionality of “

BCrypt

”Use CngUIPolicy to enforce user actions on private keysSlide51

Using .NET Fx 3.5 and CNGSender and recipient use CngKey to access or generate their private/public key-pairs

CngKey

will use your security device if present

Parties

exchange their public key

(

serialising

and/or wrapping it)

Sender and recipient use

ECDiffieHellmanCng

to generate a

shared secret

key by deriving it from their own and other party’s keys

Use

AesCryptoServiceProvider

and the

CryptoStream to encrypt dataSlide52

Use of ECDiffieHellmanCng// First, point CngKey to your security device or a CSPECDiffieHellmanCng

sender = new

ECDiffieHellmanCng

();

sender.KeyDerivationFunction

=

ECDiffieHellmanKeyDerivationFunction.Hash

;

sender.HashAlgorithm

=

CngAlgorithm.Sha256

;

ECDiffieHellmanCng

recipient = new

ECDiffieHellmanCng();recipient.KeyDerivationFunction

= ECDiffieHellmanKeyDerivationFunction.Hash;recipient.HashAlgorithm = CngAlgorithm.Sha256;

// Exchange the x.PublicKey by serialising and sending thembyte[]

recipientKey = recipient.DeriveKeyMaterial(

sender.PublicKey);byte[] senderKey =

sender.DeriveKeyMaterial(recipient.PublicKey);Slide53

Conceptual Use of AES with CNG// Remember an IV (in plaintext) – can be randomAesCryptoServiceProvider myAES = new

AesCryptoServierProvider

();

myAES.Key

=

sender.Key

;

FileStream

fsEncrypted

= new

FileStream

(

sOutputFilename

, FileMode.Create, FileAccess.Write);

ICryptoTransform aesencrypt = myAES.CreateEncryptor();

CryptoStream mycryptostream = new CryptoStream(

fsEncrypted, aesencrypt, CryptoStreamMode.Write

);// Now just write to myCryptoStream like a normal file stream – the output will be encryptedSlide54

CNG in ActiondemoSlide55

ReferencesGet a bigger CMG sample from: http://msdn.microsoft.com/en-us/library/cc488018.aspx My demo (and this PPT) at:

http://projectbotticelli.com/downloads/public/

Read

sci.crypt

(incl. archives), subscribe to Cryptogram

For more detail, read:

Cryptography: An Introduction, N. Smart, McGraw-Hill, ISBN 0-07-709987-7

Practical Cryptography, N. Ferguson & B.

Schneier

, Wiley, ISBN 0-471-22357-3

Contemporary Cryptography, R.

Oppliger

,

Artech House, ISBN 1-58053-642-5, see http://www.esecurity.ch/Books/cryptography.html

)Applied Cryptography, B. Schneier, John Wiley & Sons, ISBN 0-471-11709-9Handbook of Applied Cryptography, A.J.

Menezes, CRC Press, ISBN 0-8493-8523-7, www.cacr.math.uwaterloo.ca/hac (free PDF)

PKI, A. Nash et al., RSA Press, ISBN 0-07-213123-3Foundations of Cryptography, O. Goldereich,

www.eccc.uni-trier.de/eccc-local/ECCC-Books/oded_book_readme.htmlCryptography in C and C++, M. Welschenbach, Apress

, ISBN 1-893115-95-X (includes code samples CD)Slide56

SummaryToday’s cryptography has just accelerated its evolutionWindows Vista and Windows Server 2008 are at the front of innovation

in this field

Unleash the

awesome power of Suite-B

with CNG by using .NET Framework 3.5!Slide57

www.microsoft.com/teched

Sessions On-Demand & Community

http://microsoft.com/technet

Resources for IT Professionals

http://microsoft.com/msdn

Resources for Developers

www.microsoft.com/learning

Microsoft Certification & Training Resources

Resources

Required Slide

Speakers,

TechEd 2009 is not producing

a DVD. Please announce that

attendees can

access session

recordings at TechEd Online. Slide58

Complete an evaluation on

CommNet

and enter to win an Xbox 360 Elite!

Required SlideSlide59

Please join us for theCommunity Drinks this evening

In Halls 3 & 4

from 18:15 – 19:30Slide60

The information herein is for informational purposes only and represents the opinions and views of Project Botticelli and/or Rafal Lukawiecki. The material presented is not certain and may vary based on several factors. Microsoft makes no warranties, express, implied or statutory, as to the information in this presentation.

© 2009 Project Botticelli Ltd & Microsoft Corp. Some slides contain quotations from copyrighted materials by other authors, as individually attributed. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Project Botticelli Ltd as of the date of this presentation. Because Project Botticelli & Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft and Project Botticelli cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT AND/OR PROJECT BOTTICELLI MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. E&OE.

Required SlideSlide61

Cryptography Primer

Hidden Section for Your Reading PleasureSlide62

Symmetric Key Cryptography

Encryption

“The quick brown fox jumps over the lazy dog”

“AxCv;5bmEseTfid3)fGsmWe#4^,sdgfMwir3:dkJeTsY8R\s@!q3%”

“The quick brown fox jumps over the lazy dog”

Decryption

Plain-text input

Plain-text output

Cipher-text

Same key

(shared secret)Slide63

Symmetric Pros and ConsStrength:Simple and really very fast (order of 1000 to 10000 faster than asymmetric mechanisms)Super-fast (and somewhat more secure) if done in hardware (DES, Rijndael)Weakness:Must agree the key beforehand

Securely pass the key to the other partySlide64

Public Key CryptographyKnowledge of the encryption key doesn’t give you knowledge of the decryption keyReceiver of information generates a pair of keys Publish the public key in a directoryThen anyone can send him messages that only she can readSlide65

Public Key Encryption

Encryption

“The quick brown fox jumps over the lazy dog”

“Py75c%bn&*)9|fDe^bDFaq#xzjFr@g5=&nmdFg$5knvMd’rkvegMs”

“The quick brown fox jumps over the lazy dog”

Decryption

Clear-text Input

Clear-text Output

Cipher-text

Different

keys

Recipient’s public key

Recipient’s private key

private

publicSlide66

Public Key Pros and ConsStrengthSolves problem of passing the keyAllows establishment of trust context between partiesWeakness:Extremely slowSusceptible to “known ciphertext” attack

Problem of trusting public key (see later on PKI)Slide67

Hybrid Encryption (Real World)

As above, repeated

for other recipients

or recovery agents

Digital

Envelope

Other recipient’s or

agent’s

public

key

(in certificate)

in recovery policy

€25m hidden

at 221b

Baker St.

Access

code is…

Symmetric key

encrypted asymmetrically

(e.g., RSA)

Digital

Envelope

User’s

public

key

(in certificate)

RNG

Randomly-

Generated symmetric

“session” key

Symmetric

encryption

(e.g. AES)

*#$fjda^j

u539!3t

t389E *&\@

5e%32\^kdSlide68

*#$fjda^j

u539!3t

t389E *&\@

5e%32\^kd

€25m hidden

at 221b

Baker St.

Access

code is…

Symmetric

decryption

(e.g. AES)

Digital

Envelope

Asymmetric

decryption of

“session” key (e.g. RSA)

Symmetric

“session” key

Session key must be decrypted using the recipient’s

private key

Digital envelope contains “session” key encrypted using recipient’s

public key

Recipient’s

private

key

Hybrid Decryption