问题
When talking about asymmetric encryption it is often said that due to some reasons you should not encrypt your entire message asymmetrically, e.g. performance considerations.
The usually suggested workflow is:
- Create a random key for symmetric encryption
- Encrypt the message using this random key
- Encrypt the random key using asymmetric encryption
- Send the encrypted message and the encrypted key to the recipient
So far, so good.
Just two questions:
- How do I send the encrypted message and the encrypted key in combination? Is there a standard for that? Or am I completely free on how to do this? (I'd prefer a standard if there is one).
- Is there any best practice on how to create the random key? To be more specific: Is there a specific function in OpenSSL that should be used for that?
回答1:
- This was answered in comments. I would better recommend to check OpenPGP - it is somehow easier to understand, CMS has a huge ASN.1 structures overload.
- Random key just should be completely random byte string, generated from good random source.
来源:https://stackoverflow.com/questions/14002144/how-to-combine-symmetric-and-asymmetric-encryption