How to combine symmetric and asymmetric encryption to encrypt large files?

Question

I understand that it is possible to combine symmetric and asymmetric encryption in a way that makes use of the performance of symmetric encryption, and also getting the benefits of being able to separate the knowledge needed for encryption from that needed for decryption.

Could someone explain this scheme in more detail?

To be concrete, I want to encrypt a few tens of thousands of files at a time, including some that are ~100GB in size.

`gpgtar` .... [man page](https://www.gnupg.org/documentation/manuals/gnupg/gpgtar.html) — RubberStamp, Feb 09 '19 at 21:05
will those files be transmitted over the internet or just encrypted and stored locally? — Bokis, Feb 09 '19 at 21:26
Keep in mind, if you are using something based on OpenPGP, this might already be done for you https://security.stackexchange.com/a/162001/90657 — multithr3at3d, Feb 10 '19 at 01:26

score 4 · Answer 1 · answered Feb 09 '19 at 22:23

4

To get the benefits of both types of encryption algorithms you can create a symmetric key to encrypt the data efficiently and then encrypt that key asymmetrically. Only the private key owner can decrypt and have access to the symmetric key.

answered Feb 09 '19 at 22:23

Bokis

154
10

1

Agree, but you should find an existing tool to do this for you, rather than rolling your own. :-) – Ben Feb 09 '19 at 22:30
1

gpg does this already... use `-r` to encrypt the symmetric key with the recipient public key... – RubberStamp Feb 09 '19 at 22:47

How to combine symmetric and asymmetric encryption to encrypt large files?

1 Answers1

Related