RSA Laboratories

2.2.4 What is a digital envelope?

When using secret-key cryptosystems, users must first agree on a session key, that is, a secret key to be used for the duration of one message or communication session. In completing this task there is a risk the key will be intercepted during transmission. This is part of the key management problem (see Section 4.1). Public-key cryptography offers an attractive solution to this problem within a framework called a digital envelope.

The digital envelope consists of a message encrypted using secret-key cryptography and an encrypted secret key. While digital envelopes usually use public-key cryptography to encrypt the secret key, this is not necessary. If Alice and Bob have an established secret key, they could use this to encrypt the secret key in the digital envelope.

Suppose Alice wants to send a message to Bob using secret-key cryptography for message encryption and public-key cryptography to transfer the message encryption key. Alice chooses a secret key and encrypts the message with it, then encrypts the secret key using Bob's public key. She sends Bob both the encrypted secret key and the encrypted message. When Bob wants to read the message he decrypts the secret key, using his private key, and then decrypts the message, using the secret key. In a multi-addressed communications environment such as e-mail, this can be extended directly and usefully. If Alice's message is intended for both Bob and Carol, the message encryption key can be represented concisely in encrypted forms for Bob and for Carol, along with a single copy of the message's content encrypted under that message encryption key.

Alice and Bob may use this key to encrypt just one message or they may use it for an extended communication. One of the nice features about this technique is they may switch secret keys as frequently as they would like. Switching keys often is beneficial because it is more difficult for an adversary to find a key that is only used for a short period of time (see Question for more information on the life cycle of a key).

Not only do digital envelopes help solve the key management problem, they increase performance (relative to using a public-key system for direct encryption of message data) without sacrificing security. The increase in performance is obtained by using a secret-key cryptosystem to encrypt the large and variably sized amount of message data, reserving public-key cryptography for encryption of short-length keys. In general, secret-key cryptosystems are much faster than public-key cryptosystems.

The digital envelope technique is a method of key exchange, but not all key exchange protocols use digital envelopes (see Question 2.2.3).

Top of the page