Online Manual >
How to use AEP PRO >
File Encryption - PKI Mode >
About public key infrastructure
About public key infrastructure
Since 4.0.0 version was
released, it is possible to use RSA for files encryption in AEP
What is PKI?
Public-key infrastructure (PKI) is the combination of software, encryption
technologies, and services that enables enterprises to protect the security of
their communications and business transactions on the Internet.
Public key cryptography is a type of cryptography (a process of creating and
deciphering communications to keep them secure) that uses a -key pair- to
securely encrypt and decrypt messages. One key is used to encrypt a message and
the other key decrypts the message. One key is kept secret and is referred to as
the private key while the other is made available to others and is called the
public key since anyone can access this key. These keys are large
mathematically-related numbers derived from algorithms that form a unique pair.
Either key may be used to encrypt a message, but only the other corresponding
key is used to decrypt the message.
What is RSA algirithm?
RSA is a Public Key (asymmetric) cryptosystem that offers both encryption and
digital signatures (authentication). RSA was developed in 1977 and is named
after the three developers of the technology—Ron Rivest, Adi Shamir, and Leonard
Public Key encryption is based on two mathematically related keys that are
generated together. Each key in the pair performs the inverse function of the
other so what one key encrypts, the other key decrypts, and vice versa. Because
each key only encrypts or decrypts in a single direction, Public Key encryption
is also known as asymmetric encryption.
A Public Key system has two keys: one of the keys in the pair is made
publicly available (thus the term "Public Key encryption"), and the other is
kept private, either on a hardware token such as a smart card, or hidden in
software that performs the cryptographic functions on your computer (typically
secured with a password).
Encryption and authentication take place without any sharing of Private Keys:
each person uses only another's Public Key or their own Private Key. Anyone can
send an encrypted message or verify a signed message, but only someone in
possession of the correct Private Key can decrypt or sign a message.
What is a digital envelope?
The digital envelope involves transmitting a file that has been encrypted
using secret key (symmetric) cryptography combined with an encrypted secret key
that usually has been encrypted using Public Key (asymmetric) cryptography.
(Public Key cryptography is not always necessary, such as in cases where both
parties already know the secret key.)
Not only do digital envelopes help solve the key management/key transfer
problem, they increase performance (relative to using a Public Key system for
direct encryption of message data) without sacrificing security. The increase in
performance is obtained by using the more efficient symmetric encryption to
encrypt the potentially large and variably sized amount of message data, while
the less efficient asymmetric cryptography is reserved only for encryption of
the symmetric keys.
Generally speaking, secret key cryptosystems are much faster than Public Key
Advanced Encryption Package Professional
uses technology of "digital envelope". It combines the reliability and
speed of symmetric encryption algorithms (AES, Twofish and etc) and convenience
of PKI infrastructure (RSA).
AEP PRO uses RSA algorithm to generate PKI Keys. It can generate and use
keys: 512, 768, 1024 and 2048 bit.
An unique feature of AEP is ability to
protect use of private key by password. I.e. in other words, private key file
can also be encrypted. And in case, if private key file was stolen, it cannot be
used by another person because the key was encrypted using strong
Back to the Table of Contents