Archived Forum Post

Index of archived forum posts

Question:

PKI encryption and the Secret key

Apr 03 '13 at 08:28

When I use the PKI encryption algorithm I have to choose some underlying symmetric encryption algorithm too and set it to the Pkcs7CryptAlg property. I don't set the Secret Key but I think it used for the symmetric encryption. Will I be able to decrypt the file using another software (not Chilcat) ? Where does it keep the Secret Key for the file decryption ?


Answer

According to the PKCS7 Cryptographic Standard, the symmetric encryption key is randomly generated and encrypted using the RSA public key. It is contained within the PKCS7 envelope. One key per recipient is generated and encrypted. (For example, if a PKCS7 encrypted message is intended for 3 potential recipients, each with his own private key, then the public key for each recipient is used to encrypt three separate symmetric keys, and all are stored within the PKCS7 message.) To decrypt, the RSA private key of the intended recipient is needed to decrypt the symmetric key, and then this key is used to decrypt the actual (application) data of the message.

In short, the symmetric key is encrypted/embedded, generated for one-time use, and never needs to be explicitly known or seen on either end by the application.