Is this method for exchanging symmetric key using RSA sound?

In summary, Bob and Alice have established a secure communication method using AES encryption. Bob will send Alice encrypted half of the AES private key and half of the initialization vector, while Alice will respond by sending the other half of the key and vector. This ensures that both parties are using the same key and vector for the AES crypto stream. The connection will be terminated if either party encounters a crypto exception. This method is preferred over Diffie-Hellman, as it ensures a unique private key for each session. However, there may be a need for a different protocol than RSA in order to verify ownership of the public key.
  • #1
Masterx00
6
0
Bob know's Alice's public key, and he wants to make sure he's connecting to the one which has that key. Furthermore, Alice wants to verify when she gets a connection from Bob who'll give his public key that he is indeed the one who has that key.

Bob will send Alice half the AES private key and half the initialization vector which he generated randomly, both encrypted using Alice's public key.

Alice would reply by sending back what Bob sent + the other half of the AES private key and the initialization vector which she generated randomly as well.

Afterwards communication begin using AES crypto stream with a key composed of the two halves both exchanged. If a crypto exception was thrown at either side at any point, the connection will be terminated. No third message will be sent from Bob to Alice to verify that he got her part of the key, the AES stream will begin directly after Alice's message.

Note: I thought about using Diffie-Hellman, but what I didn't like what that the private key agreed upon would be the same for every session assuming the two parties will not change their public keys.

Is this enough for both to verify that each one is the actual owner of the claimed public key, and to exchange the AES symmetric key safely without creating potential security issues ?
 
Mathematics news on Phys.org
  • #2
Owner of a public key doesn't sound reasonable to me. I think you are requiring two private keys instead. And this would require a different protocol than RSA. In any case, it would be helpful to have a scheme instead of a verbal description.
 

Related to Is this method for exchanging symmetric key using RSA sound?

1. What is RSA and how does it relate to exchanging symmetric keys?

RSA is a commonly used cryptographic algorithm that allows for secure communication between two parties. It involves using a public key and a private key to encrypt and decrypt messages. When exchanging symmetric keys, RSA can be used to securely transfer the key between two parties, ensuring that only the intended parties have access to the key.

2. Why is it important to use a sound method for exchanging symmetric keys?

Exchanging symmetric keys is a critical step in ensuring the security of communication between parties. If a weak or flawed method is used, it could potentially compromise the confidentiality and integrity of the exchanged key, making it vulnerable to attacks.

3. How does RSA ensure the security of the exchanged symmetric key?

RSA uses a public key and a private key to encrypt and decrypt messages. The public key is shared with the other party, while the private key is kept secret. When exchanging symmetric keys, the sender encrypts the key using the recipient's public key, ensuring that only the recipient can decrypt it with their private key.

4. Are there any potential risks or vulnerabilities associated with using RSA for exchanging symmetric keys?

While RSA is a widely used and trusted algorithm, there are potential risks and vulnerabilities associated with its use. These include the possibility of brute force attacks, implementation flaws, and the compromise of private keys. It is important to regularly update and review security protocols to mitigate these risks.

5. Are there any alternatives to using RSA for exchanging symmetric keys?

Yes, there are alternative methods for exchanging symmetric keys, such as Diffie-Hellman key exchange or elliptic curve cryptography. These methods may have different levels of security and efficiency, so it is important to carefully evaluate and choose the most appropriate method for the specific use case.

Similar threads

Understand Public Key Encryption
    • Computing and Technology
Replies
8
Views
1K
MHB Authentication in Pretty Good Privacy Confusions
    • Programming and Computer Science
Replies
1
Views
517
MHB Is ElGamal Signature Scheme Secure Without Using a Hash Function?
    • General Math
Replies
1
Views
2K
Help me develop a public-key system (for fun)
    • General Math
Replies
1
Views
2K
Cryptography - coin flipping protocol
    • Calculus and Beyond Homework Help
Replies
3
Views
787
MHB Solve Bob's Granny's Old Cipher Mystery
    • General Math
Replies
3
Views
2K
Cryptography, public key and private key
    • Programming and Computer Science
Replies
1
Views
1K
B Does time dilation work in 1d space?
    • Special and General Relativity
2
Replies
42
Views
3K
Quantum Key Distribution confusion.
    • Quantum Physics
Replies
1
Views
1K
Modular Arithmetic - RSA Encryption
    • General Math
Replies
3
Views
2K

Hot Threads

Recent Insights

Back
Top