Q
Manage Learn to apply best practices and optimize your operations.

# How hybrid cryptosystems secure email exchange

## In this Ask the Expert Q&A, our application security expert discusses how hybrid cryptosystems are used to secure an e-mail exchange.

Can you please explain how classical and public key approaches are combined into hybrid cryptosystems?

Before I begin to answer your question, I think I should discuss what "classical" ciphers are. I will then explain how they are used with public key ciphers in hybrid cryptosystems. The term classical ciphers is usually used to refer to transposition ciphers, which rearrange the order of letters in a message and substitution ciphers, which systematically replace letters or groups of letters with other letters or groups of letters, so for example, SearchSecurity becomes d3V\$kpd3k?\$Wxq by substitution. Transposition and substitution ciphers are both symmetric key ciphers, as they both require the same key to cipher and decipher. Modern cryptanalysis has made simple substitution and transposition ciphers obsolete as neither of these operations alone can provide sufficient security. However, strong ciphers can be built by combining them and it is these modern symmetric key ciphers that are used in hybrid cryptosystems.

Symmetric key or, shared secret, ciphers can be grouped into block ciphers and stream ciphers. Stream ciphers encrypt one bit at a time, in contrast to a block cipher, which operates on a group of bits -- a block -- of a certain length all in one go. Symmetric key algorithms are generally much faster to execute than public key or, asymmetric key algorithms, but their big disadvantage is the requirement of a shared secret key, which must be somehow exchanged in a secure way between the two parties wishing to encrypt their messages. Public key encryption solves this problem as it uses two keys, a public and a private key. The public key is used for encryption and the private key is used for decryption. This means that someone can freely send their public key over an insecure channel and be sure that only they can decrypt messages encrypted with it. Hybrid cryptosystems combine symmetric and asymmetric encryption in order to take advantage of the higher speed of symmetric ciphers and the ability of asymmetric ciphers to securely exchange keys. The key that's used for the symmetric cipher uses a public key cipher when information is exchanged and the rest is encrypted using the symmetric key cipher. This combined use of both cipher types appears in many security products and protocols, including e-mail, PGP, Web browsing, and SSL. This use is probably best explained with an example.

Bob wants to send an encrypted message to Alice. However, Bob has to tell Alice what the key will be if they use a symmetric key cipher. He is concerned that someone may steal the key and be able to decrypt the message if he sends her the key in plaintext. Therefore, Alice sends Bob her public key, which is paired with a private key that only she has. Bob decides to use kpd3kd3V\$?\$Wxq as the key for their chosen symmetric cipher. He encrypts this key with Alice's public key using a public key cipher and sends it to her in an e-mail. Alice is the only person who can decrypt the contents of the e-mail, because Alice is the only one who has the private key that matches Bob's encrypted public key. By using public key encryption, Bob and Alice were able to securely exchange a key that they can now both use to encrypt and decrypt messages between them using a faster symmetric key cipher. It is important to note that the complete security of any practical encryption scheme is not proven. A symmetric cipher may only have proven security against a limited class of attacks, while asymmetric ciphers rely on the difficulty of the associated mathematical problem for their security.

#### Next Steps

Learn how to initiate a secure session

This was last published in October 2005

#### Have a question for an expert?

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

#### Start the conversation

Send me notifications when other members comment.

## SearchCloudSecurity

• ### Lyft's open source asset tracking tool simplifies security

Security teams need information and context about data in order to keep it safe. Learn how Cartography, Lyft's open source asset ...

• ### Understanding the CSA Cloud Controls Matrix and CSA CAIQ

Uncover how the CSA Cloud Controls Matrix and CSA CAIQ can be used to assess cloud providers' controls and risk models, ensure ...

• ### 5 steps to a secure cloud control plane

A locked-down cloud control plane is integral to maintaining cloud security, especially in multi-cloud environments. Here are ...

## SearchNetworking

• ### SD-WAN explained: The ultimate guide to SD-WAN architecture

Evaluating SD-WAN architecture can be confusing, especially as the market grows. This guide helps IT pros learn SD-WAN basics, ...

• ### VMware acquisition of Nyansa combines LAN, WAN analytics

The VMware acquisition of Nyansa is expected to provide network traffic analytics that cover the SD-WAN and the wired and ...

• ### The 5 steps to a successful MPLS-to-SD-WAN migration

A solid migration plan is necessary in order to successfully transfer MPLS to SD-WAN and avoid contract mishaps, unexpected costs...

## SearchCIO

• ### Preparing for the new forms of cybersecurity threats in 2020

In the first part of a series on the new forms of cyberthreats in 2020, we're diving into the many infiltration points being ...

• ### What is the state of CIO tenure today?

CIO tenure remains significantly lower than other C-suite positions, and according to experts, it's a result of the age of ...

• ### The evolution of RPA, from macros to process transformation

RPA evolved from technology debuted in the 1950s and '60s and was developed to today's standards by the industry's leading ...

## SearchEnterpriseDesktop

• ### New Ivanti CEO plans to stay close to the customer

New Ivanti CEO Jim Schaper is no stranger to the C-suite of an IT company. And he's got a plan to push the company forward.

• ### With support for Windows 7 ending, a look back at the OS

With support for Windows 7 ending and Microsoft ushering in the end of life for the OS, tech experts and IT pros look back at its...

• ### Image-level methods for Windows application deployment

Imaging is a crucial process, but IT must also consider application deployment. Here are methods to deploy different types of ...

## SearchCloudComputing

• ### Reduce cloud latency for remote employees and offices

Latency remains an issue for cloud users with remote facilities. See how SD-WAN and satellites can improve network performance ...

• ### AWS multi-account management best practices with Control Tower

With the help of AWS Control Tower, organizations who own and operate multiple cloud accounts can manage them all under one roof ...

• ### Beat vendor lock-in with a cloud exit strategy

Without a comprehensive cloud exit strategy, an organization might fall victim to vendor lock-in and find itself dependent on ...

## ComputerWeekly.com

• ### Canonical offers scalable mobile Android apps in the cloud

New Android technology allows enterprise users to offload compute, storage and energy-intensive applications from devices to the ...

• ### Air New Zealand taps AI in airside operations

Air New Zealand has teamed up with Auckland Airport to test the use of computer vision to turn around its fleet faster

• ### Data Literacy Project research finds UK workers putting off data work

Research from Qlik and Accenture finds a big majority of UK workers lack the data literacy skills and confidence to capture ...

Close