what is DIGITAL ENVELOPES?

摘抄自：https://flylib.com/books/en/4.178.1.29/1/

There are advantages and disadvantages related to both secret and public key cryptography. For example, the use of secret key cryptography is efficient but does not scale well beyond a certain number of participants. Furthermore, secret key cryptography does not provide the possibility to digitally sign data. Conversely, public key cryptography solves the scalability and digital signature problems but is highly inefficient in terms of required computational resources.

In an attempt to combine the advantages of secret and public key cryptography, a hybrid scheme may be used. In short, a hybrid scheme combines secret and public key cryptography to produce a scheme that is as efficient and effective as possible. For example, the digital envelopeis a hybrid scheme that is heavily used in various applications. The aim of a digital envelope is similar to a letter envelope: It must protect the confidentiality of a message. As such, the digital envelope provides a digital analog for the letter envelope in the physical world (with hopefully better security properties).

When A wants to send a confidential message M to B, she can generate a digital envelope for M and send the envelope to B. On the sender's side the procedure is as follows:

1. A retrieves B's public key kB from a directory service or from a local repository.

2. A randomly generates a transaction key K from a secret key cryptosystem.

3. A encrypts M with K (the result is {M}K).

4. A encrypts K with kB (the result is {K}kB).

5. A concatenates {M}K with {K}kB, and sends the result to B.

Upon receipt of {M}K and {K}kB, B uses his private key kB−1 to decrypt the message. The two-step procedure is as follows:

1. B decrypts {K}kB with kB−1 (the result is K).

2. B decrypts {M}K with K (the result is M).

Obviously, an alternative procedure would be to directly encrypt the message M with B's public key kB, and to send the result, {M}kB, to B. However, the use of a digital envelope as discussed above has at least two advantages compared with this simple scheme:

1. The use of a digital envelope is more efficient. Remember from our previous discussions that public key cryptography is computationally expensive compared with secret key cryptography. Consequently, encrypting a message with a public key requires more computational resources than encrypting a message with a secret key. The longer the message, the more efficient and advantageous the use of secret key cryptography.

2. The use of a digital envelope is more appropriate for messages sent to multiple recipients. If A wanted to send a message M to recipients B1, B2, …, Bn (n > 1), she would have to build {M}kBi for each recipient Bi (i = 1, …, n) individually. The resulting message would grow in proportion to the number of recipients. For example, if A wanted to send a 1-MB file to n = 4 recipients (B1, …, B4), the resulting messages would fill 4 MB of data. Contrary to that, the use of digital envelopes considerably reduces this amount of data. If the public keys of the n = 4 recipients are 1,024 bits long each, the digitally enveloped message would fill 1 MB + 4 * 1 KB = 1.004 MB of data. The situation is illustrated in Figure 5.4 (without digital envelopes) and Figure 5.5 (with digital envelopes). Note, however, that in either case it is sufficient to break the security of one single recipient's private key if a message is sent to multiple recipients.

 
Figure 5.4: An encrypted message for one and four recipients (without digital envelopes)

 
Figure 5.5: An encrypted message for one and four recipients (with digital envelopes)

Consequently, the use of digital envelopes is almost always advantageous, as compared with public key cryptography used for bulk data encryption.