Is this method for exchanging symmetric key using RSA sound?

Click For Summary
SUMMARY

The discussion centers on a method for securely exchanging a symmetric AES key using RSA encryption. Bob sends Alice half of the AES private key and half of the initialization vector, both encrypted with Alice's public key. Alice responds with the other halves of the AES key and initialization vector, allowing them to establish an AES crypto stream for secure communication. The method raises concerns about verifying public key ownership and the potential need for a different protocol than RSA to ensure security.

PREREQUISITES
  • Understanding of RSA encryption and public key infrastructure
  • Knowledge of AES encryption and initialization vectors
  • Familiarity with symmetric and asymmetric key exchange methods
  • Basic concepts of cryptographic exceptions and secure communication protocols
NEXT STEPS
  • Research the implementation of RSA encryption in Python using libraries like PyCryptodome
  • Explore AES encryption techniques and best practices for key management
  • Study Diffie-Hellman key exchange and its advantages over RSA for session keys
  • Investigate secure communication protocols such as TLS and their key exchange mechanisms
USEFUL FOR

Cryptographers, software developers implementing secure communication, and security analysts focused on key exchange protocols and encryption methodologies.

Masterx00
Messages
6
Reaction score
0
Bob know's Alice's public key, and he wants to make sure he's connecting to the one which has that key. Furthermore, Alice wants to verify when she gets a connection from Bob who'll give his public key that he is indeed the one who has that key.

Bob will send Alice half the AES private key and half the initialization vector which he generated randomly, both encrypted using Alice's public key.

Alice would reply by sending back what Bob sent + the other half of the AES private key and the initialization vector which she generated randomly as well.

Afterwards communication begin using AES crypto stream with a key composed of the two halves both exchanged. If a crypto exception was thrown at either side at any point, the connection will be terminated. No third message will be sent from Bob to Alice to verify that he got her part of the key, the AES stream will begin directly after Alice's message.

Note: I thought about using Diffie-Hellman, but what I didn't like what that the private key agreed upon would be the same for every session assuming the two parties will not change their public keys.

Is this enough for both to verify that each one is the actual owner of the claimed public key, and to exchange the AES symmetric key safely without creating potential security issues ?
 
Mathematics news on Phys.org
Owner of a public key doesn't sound reasonable to me. I think you are requiring two private keys instead. And this would require a different protocol than RSA. In any case, it would be helpful to have a scheme instead of a verbal description.
 

Similar threads

Understand Public Key Encryption
  • · Replies 8 ·
Replies
8
Views
2K
MHB Is ElGamal Signature Scheme Secure Without Using a Hash Function?
  • · Replies 1 ·
Replies
1
Views
2K
Undergrad Help me develop a public-key system (for fun)
  • · Replies 1 ·
Replies
1
Views
2K
Cryptography, public key and private key
  • · Replies 1 ·
Replies
1
Views
2K
Graduate Quantum Key Distribution confusion.
  • · Replies 1 ·
Replies
1
Views
2K
Is public key cryptography really safe?
  • · Replies 13 ·
Replies
13
Views
5K
Undergrad No relativistic Bohmian mechanics and superluminal causation
  • · Replies 37 ·
2
Replies
37
Views
5K
High School Quantum Entanglement: Hidden Information vs. Time
  • · Replies 19 ·
Replies
19
Views
4K
Graduate Entanglement, ftl communication and destruction of the entangled state
  • · Replies 4 ·
Replies
4
Views
3K
Graduate How does Bell's 1964 theorem address detector independence and local realism?
  • · Replies 18 ·
Replies
18
Views
2K