Cryptography Overview

to reveal the contents of a digital envelope.

The main features of OAEP are redundancy and randomization. The redundancy feature makes it difficult for an attacker to create a new derived message from an existing ciphertext message. The recipient of a derived message checks the redundancy after decrypting the message and rejects redundant messages. The PKCS #1 format has only about 16 bits of redundancy, whereas OAEP formats have 64 to 160 bits of redundancy.

The randomization feature makes each bit of the input to the public key operation dependent on each bit of the message and on 64 to 160 bits of randomness. This makes it difficult for chosen input attacks to work, and it causes ciphertext tampering to change many bits in the decrypted message.

Together, redundancy and randomization create verifiable properties for securing digital envelopes.

Message

 

 

 

Symmetric-Key

 

 

 

 

 

 

 

 

 

Encryption

 

 

 

 

 

 

 

Symmetric Key

Sealing

Symmetric

Operation

Key Data

Recipient’s

 

 

 

Public-Key

 

 

 

 

 

Public Key

 

 

 

Encryption

 

 

 

 

 

 

 

Digital

Encrypted

 

Key

Private-Key

Envelope

 

 

 

Decryption

Envelope

Open

OperationPrivate Key

Encrypted

Message

Encrypted

Message

Encrypted

Key

Data-Encrypting

Key

Symmetric-Key

Decryption

Digital

Envelope

Message

Figure 3-10Digital Envelope

5 6

R S A B S A F E C r y p t o - C D e v e l o p e r ’s G u i d e

Page 78
Image 78
RSA Security 5.2.2 manual 10Digital Envelope