엄범


Public Key Cryptography standards, 공개키 암호 표준   ( wiki )

RSA부터 Diffie-Hellman, Password-Based Encryption, Digital Signature까지 공개키에 관련된 RFC를 볼 수 있다.

현재 PKI 표준은 X.509다. ( ITU-T )


PKCS #7    ( RFC 2315 )

Cryptographic Message Syntax Standard ( Digital Envelope )

The enveloped-data content type consists of ①encrypted content of any type and ②encrypted content-encryption keys for one or more recipients.


(필요없는 부분은 생략했다.)

        1.   A content-encryption key for a particular content-

             encryption algorithm is generated at random.


        2.   For each recipient, the content-encryption key is

             encrypted with the recipient's public key.


        4.   For each signer, a message digest is computed on

             the content with a signer-specific message-digest

             algorithm. (If two signers employ the same message-

             digest algorithm, then the message digest need be

             computed for only one of them.)


        5.   For each signer, the message digest and associated      //전자서명 부분.

             information are encrypted with the signer's                       //개인키로 암호화 후 CEK로 암호화.

             private key, and the result is encrypted with the

             content-encryption key. (The second encryption may

             require that the result of the first encryption be

             padded to a multiple of some block size; see

             Section 10.3 for discussion.)


        7.   The content is encrypted with the content-                 //본문(content) 암호화

             encryption key. (See Section 10.3 for discussion.)



A recipient opens the envelope and verifies the signature in two steps.

First, decrypting the one of the encrypted content-encryption keys with the recipient's private key and decrypting the encrypted content with the recovered content-encryption key.

Second, the doubly encrypted message digest for each signer is decrypted with the recovered content-encryption key, the result is decrypted with the signer's public key, and the recovered message digest is compared to an independently computed message digest.


symmetric key( CEK )로 내용을 암호화하고,

Recipient의 public key로 symmetric key를 암호화한다.

내용을 다시한번 Recipient의 public으로 암호화하는 건 아니다. 그래봐야 별 의미도 없다.


'Security > Crypt' 카테고리의 다른 글

Block cipher mode of operation  (0) 2016.11.25
동기식, 비동기식 stream cipher  (1) 2016.11.18
PKCS ( Public Key Cryptography Standards )  (0) 2016.09.14
Birthday Problem & Attack  (0) 2016.09.10
Base64 Radix64  (0) 2016.08.31