PKCS ( Public Key Cryptography Standards )

Public Key Cryptography standards, 공개키 암호 표준 (wiki )

RSA부터 Diffie-Hellman, Password-Based Encryption, Digital Signature까지 공개키에 관련된 RFC를 볼 수 있다.

현재 PKI 표준은 X.509다. ( ITU-T )

PKCS #7 ( RFC 2315 )

Cryptographic Message Syntax Standard ( Digital Envelope )

The enveloped-data content type consists of ①encrypted content of any type and ②encrypted content-encryption keys for one or more recipients.

(필요없는 부분은 생략했다.)

  1. A content-encryption key for a particular content- encryption algorithm is generated at random.

  2. For each recipient, the content-encryption key is

encrypted with the recipient’s public key.

  1. For each signer, a message digest is computed on the content with a signer-specific message-digest algorithm. (If two signers employ the same message- digest algorithm, then the message digest need be computed for only one of them.)

  2. For each signer, the message digest and associated //전자서명 부분.

information are encrypted with the signer’s //개인키로 암호화 후 CEK로 암호화.

private key , and the result is encrypted with the

content-encryption key . (The second encryption may require that the result of the first encryption be padded to a multiple of some block size; see Section 10.3 for discussion.)

7. The content is encrypted with the content- //본문(content) 암호화

encryption key. (See Section 10.3 for discussion.)

A recipient opens the envelope and verifies the signature in two steps. First, decrypting the one of the encrypted content-encryption keys with the recipient’s private key and decrypting the encrypted content with the recovered content-encryption key.

Second, the doubly encrypted message digest for each signer is decrypted with the recovered content-encryption key , the result is decrypted with the signer’s public key , and the recovered message digest is compared to an independently computed message digest.

symmetric key( CEK )로 내용을 암호화하고, Recipient의 public key로 symmetric key를 암호화한다. 내용을 다시한번 Recipient의 public으로 암호화하는 건 아니다. 그래봐야 별 의미도 없다.

This post is licensed under CC BY 4.0 by the author.