Trusting Your E-mail with Java Security
By Theodore J. Shrader2003-12-04
Encrypting messages
|
|
The signing process encrypts the hash of the data, not the data itself. We did not cover encrypting general-purpose data, but the technologies are similar. Public and private keys are typically used in conjunction with secret keys to send encrypted messages, since secret key algorithms encrypt and decrypt data much faster than public key algorithms. The PKCS standards also define how to package encrypted data in a standard fashion for interoperability.
For example, to send an encrypted message, the sender would generate a unique secret key for the transaction, encrypt the message with the secret key, and encrypt the secret key with the recipient's public key before sending the encrypted message and encrypted secret key to the recipient. The recipient decrypts the encrypted secret key with the recipient's private key and uses the decrypted secret key to decrypt the message. If someone other than the intended recipient captures the encrypted message, they could not decrypt the message since only the intended recipient holds the private key that can be used to unlock the encrypted secret key. Could the original message have been encrypted with the recipient's public key, forgoing the secret key altogether? Yes, but as mentioned earlier, secret keys are much faster at encrypting and decrypting bulk data.
Senders can encrypt a message as a one-step operation, or senders could combine the signing and encryption process to create a message that is first signed by the sender and then encrypted before being sent to the intended recipients.
Tutorial Pages:
» Java technologies give you a complete and secure solution
» Security requirements
» Failing scenarios
» Building closed systems
» Using a secret key
» Opening the message
» Public and private keys
» Signing a message
» Signing messages with Java technologies
» Using PKCS and S/MIME
» Encrypting messages
» Conclusion
First published by IBM DeveloperWorks
