Home > Software design >  What is the benefit of envelope encryption?
What is the benefit of envelope encryption?

Time:10-26

Say I encrypt a file symmetrically. Then encrypt both the key and the file with public/private key. This is what I understand to be called envelope encryption.

I understand the key pair offers an outer layer of protection.

But once that outer asymmetric layer of encryption is decrypted, I have the symmetric key, so I can easily decrypt the second, symmetric, encryption.

It looks to me envelope encryption is only as strong as its outer key/pair encryption. What am I missing? Thanks =)

CodePudding user response:

The difference it makes is performance. Asymmetric encryption is very slow compared to symmetric, so you use symmetric for larger chunks of data and asymmetric for something small (the symmetric key).

CodePudding user response:

This approach isn't about an extra layer of security, it's about performance. Public-key algorithms are typically slow. Symmetric algorithms are very fast. So the (potentially very large) message is encrypted quickly with a symmetric algorithm using a random key. Then just the key is encrypted using a public-key scheme. This gives the benefits of a public-key scheme, with the performance of a symmetric scheme.

  • Related