EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Cretificate-based Cryptography

Posted: 12/07/2010 17:13:04
by Eric Lenington (Standard support level)
Joined: 12/06/2010
Posts: 37

Perhaps a stupid question, but one that I've been unable to find a definitive answer for after several hours of research.

When an X.509 certificate is used to encrypt a file, exactly what part of the certificate is used as the encryption key?

In my understanding of how X.509 certificates are used, typically the "public" sender uses the recipient's public key to encrypt a randomly-generated key (which was used to encrypt the "content"); the recipient then uses their private key to decrypt the randomly-generated key and then uses that key to decrypt the "content".

But when I'm encrypting a file 'at rest' (specifically but not limited the in-ilne encryption when writing a file to S3, there is no randomly-generated key (or is there?)

Any insight you could offer here would be greatly appreciated.
Posted: 12/07/2010 18:05:51
by Ken Ivanov (Team)

You are exactly right. The object is encrypted with random session key, and that random key itself is then encrypted with public key contained in the recipient's certificate.



Topic viewed 700 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!