Post

PKCS ( Public Key Cryptography Standards )

Public Key Cryptography standards, 공개키 암호 표준 (wiki )

RSA부터 Diffie-Hellman, Password-Based Encryption, Digital Signature까지 공개키에 관련된 RFC를 볼 수 있다.

현재 PKI 표준은 X.509다. ( ITU-T )

PKCS #7 ( RFC 2315 )

Cryptographic Message Syntax Standard ( Digital Envelope )

The enveloped-data content type consists of encrypted content of any type and ②encrypted content-encryption keys for one or more recipients.

(필요없는 부분은 생략했다.)

  1. A content-encryption key for a particular content-encryption algorithm is generated at random.
  2. For each recipient, the content-encryption key is encrypted with the recipient’s public key.
  3. For each signer, a message digest is computed on the content with a signer-specific message-digest algorithm. (If two signers employ the same message-digest algorithm, then the message digest need be computed for only one of them.)
  4. For each signer, the message digest and associated (전자서명) information are encrypted with the signer’s (개인키로 암호화 후 CEK로 암호화) private key, and the result is encrypted with the content-encryption key. (The second encryption may require that the result of the first encryption be padded to a multiple of some block size; see Section 10.3 for discussion.)
  5. The content is encrypted with the content-encryption key. (본문 암호화)

A recipient opens the envelope and verifies the signature in two steps. First, decrypting the one of the encrypted content-encryption keys with the recipient’s private key and decrypting the encrypted content with the recovered content-encryption key.

Second, the doubly encrypted message digest for each signer is decrypted with the recovered content-encryption key, the result is decrypted with the signer’s public key, and the recovered message digest is compared to an independently computed message digest.

symmetric key( CEK )로 내용을 암호화하고, Recipient의 public key로 symmetric key를 암호화한다. 내용을 다시한번 Recipient의 public으로 암호화하는 건 아니다. 그래봐야 별 의미도 없다.

This post is licensed under CC BY 4.0 by the author.