EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Cretificate-based Cryptography

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#15248
Posted: 12/07/2010 17:13:04
by Eric Lenington (Standard support level)
Joined: 12/06/2010
Posts: 37

Perhaps a stupid question, but one that I've been unable to find a definitive answer for after several hours of research.

When an X.509 certificate is used to encrypt a file, exactly what part of the certificate is used as the encryption key?

In my understanding of how X.509 certificates are used, typically the "public" sender uses the recipient's public key to encrypt a randomly-generated key (which was used to encrypt the "content"); the recipient then uses their private key to decrypt the randomly-generated key and then uses that key to decrypt the "content".

But when I'm encrypting a file 'at rest' (specifically but not limited the in-ilne encryption when writing a file to S3, there is no randomly-generated key (or is there?)

Any insight you could offer here would be greatly appreciated.
#15250
Posted: 12/07/2010 18:05:51
by Ken Ivanov (EldoS Corp.)

You are exactly right. The object is encrypted with random session key, and that random key itself is then encrypted with public key contained in the recipient's certificate.

Reply

Statistics

Topic viewed 643 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!