<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] is one which combines the convenience of a [Public Key Cryptography] with the efficiency of a [Symmetric Key Cryptography].


[Public Key Cryptography] is convenient in that they do not require the sender and receiver to share a common secret in order to communicate securely (among other useful properties). However, they often rely on complicated mathematical computations and are thus generally much more inefficient than comparable [Symmetric Key Cryptography]. In many [applications], the high cost of encrypting long messages in a [Public Key Cryptography] can be prohibitive. This is addressed by hybrid systems by using a combination of both.

[{$pagename}] can be constructed using any two separate cryptosystems:
* a [Key Encapsulation Method], which uses [Public Key Cryptography]
* a [Data Encapsulation Method], which uses [Symmetric Key Cryptography].
[{$pagename}] is itself a public-key system, whose [Public Keys] and [Private Keys] are the same as in the [key] encapsulation scheme.

Note that for very long messages the bulk of the work in encryption/decryption is done by the more efficient [Symmetric Key Cryptography] scheme, while the less efficient [Public Key Cryptography] scheme is used only to encrypt/decrypt a short key value.

All practical [implementations] of [Public Key Cryptography] today employ the use of a [{$pagename}]. [Examples] include the [TLS] protocol which uses a [Public Key] mechanism for [Key-Exchange] (such as [Diffie-Hellman]) and a [Symmetric Key] mechanism for [data] encapsulation (such as [AES]). \\
The [OpenPGP] ([RFC 4880]) file format and the [PKCS7] ([RFC 2315]) file format are other [examples].

!! [Example] [User Story]
To [encrypt] a message addressed to [Alice] in a [{$pagename}], [Bob] does the following:
* Obtains [Alice]'s [Public Key].
* Generates a fresh [Symmetric Key] for the [data] encapsulation scheme.
* [Encrypts] the [message] under the [data] encapsulation scheme, using the [Symmetric Key] just generated.
* [Encrypt] the [Symmetric Key] under the [KeyEncipherment] scheme, using [Alice]'s public key.
* Send both of these [encryptions] to [Alice].

For [Decryption] this hybrid [ciphertext], [Alice] does the following:
* Uses her [Private Key] for [Decryption] with the [Symmetric Key] contained in the [key] encapsulation segment.
* Uses this [Symmetric Key] for [Decryption] the [message] contained in the [data] encapsulation segment.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]




























































































































































































































































</pre>