ol>
这是在评论中回答的。我会更好地建议检查OpenPGP - 它是以某种方式更容易理解,CMS有一个巨大的ASN.1结构超载。 随机键应该是完全随机字节字符串,从良好的随机
When talking about asymmetric encryption it is often said that due to some reasons you should not encrypt your entire message asymmetrically, e.g. performance considerations.
The usually suggested workflow is:
- Create a random key for symmetric encryption
- Encrypt the message using this random key
- Encrypt the random key using asymmetric encryption
- Send the encrypted message and the encrypted key to the recipient
So far, so good.
Just two questions:
- How do I send the encrypted message and the encrypted key in combination? Is there a standard for that? Or am I completely free on how to do this? (I'd prefer a standard if there is one).
- Is there any best practice on how to create the random key? To be more specific: Is there a specific function in OpenSSL that should be used for that?
- This was answered in comments. I would better recommend to check OpenPGP - it is somehow easier to understand, CMS has a huge ASN.1 structures overload.
- Random key just should be completely random byte string, generated from good random source.