Cryptography Reference
In-Depth Information
K
AC
K
BC
Alice
Bob
KC
Generate
K
E
K
AC
(
K
)
Translate
E
K
BC
(
K
)
Figure 10.3.
Key translation
K
AC
K
BC
Alice
Bob
KC
Generate
K
E
K
AC
(
K
) ||
E
K
BC
(
K
)
E
K
BC
(
K
)
Figure 10.4.
Key despatch
2. KC decrypts the encrypted
K
using
K
AC
, re-encrypts it using
K
BC
and then sends
this to Bob.
3. Bob decrypts the encrypted
K
using
K
BC
.
Key despatch
. In this approach the KC generates the data key and produces two
encrypted copies of it, one for each user. This process, which we have already
encountered in Section 9.4.3, is depicted in Figure 10.4 and runs as follows:
1. KC generates a data key
K
, encrypts one copy of it using
K
AC
and another copy
of it using
K
BC
, and then sends both encrypted copies to Alice.
2. Alice decrypts the first copy using
K
AC
and sends the other copy to Bob.
3. Bob decrypts the second copy using
K
BC
.
The only real difference between these two key distribution approaches is who
generates the data key. Both approaches are used in practice.
An alternative way of deploying key hierarchies for networks of many users is
to use public-key cryptography and have a master public-key pair. We can think
of hybrid encryption (as discussed in Section 5.5.2) as a two-level key hierarchy
where the public key plays the role of a master key, which is then used to encrypt
data keys. However, it is important to recognise that this approach comes with
