Replies: 2 comments
-
|
Envelope encryption is commonly used for encrypting data at rest. A random symmetric-encryption key is used to encrypt the data, and an asymmetric key is used to encrypt (or wrap) the symmetric key. some other refs: |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
for Question 2,I think it may be a tiny typo. The pubkey can be inferred by private key, and ,during the whole process user only deals with private key. So to say the symmetric-key is encrypted and decrypted by the private RSA key is not that wrong somehow. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I've recently come across JuiceFS, which seems a very promising distributed filesystem.
However, since I am a security professional, I got interested in reading the "Data Encryption" page and can't understand why there is the presence of a "RSA private key" involved in the encryption process.
Question 1:
Generating a symmetric key for each block/object and then encrypting it with a master symmetric key, derived from a user passphrase, is common practice in the industry. Why in this case there is involved a RSA key?
Question 2:
If question 1 is replied, then why is the encrypting RSA key a private one? Private keys should be only used for signing, since decryption would happen by using public keys, which is not good nor common. Is this a typo?
Thank you
Beta Was this translation helpful? Give feedback.
All reactions