Whenever we think about sharing information securely, we think about encryption, sharing keys, and the best approach, which is often called "hybrid cryptography." But is it really necessary to expend so many resources on one-way, single messages?
For these types of messages, it's not so necessary. Let me give you an example to see why: we need to share a specific piece of data, just one, some coordinates, a unique message to verify activity or to initiate an action... The first thing we might think of is to start with the protocol as we know it. We would begin by creating an asymmetric key pair (RSA/ECC), then create the symmetric key (AES/ChaCha20), and then share the public keys among the users, finally sharing the symmetric keys to perform encryption and secure sharing. But this clearly doesn't make sense; these types of protocols are used for persistent connections, and that's clearly not our situation.
If you've noticed, we recently shared encrypted data without any issues: that data was the symmetric key. What if we replaced that shared symmetric key with the data we need to share, and at the same time, prevent the user sharing the data from creating an asymmetric key pair?
In this way, we've created a secure system for sharing unique, non-persistent data. It works like this: The user who will receive the information creates an asymmetric key pair (RSA/ECC) and sends the (signed) public key. Then, the user who wants to share the data encrypts it with that public key and finally shares it with the user who will receive it, who then decrypts it with their private key. This way, both parties can share the information, and the connection is clean and secure.
Top comments (0)