I need to implemented security for client-server communication. I have implemented the following hybrid cryptosystem: http://en.wikipedia.org/wiki/Hybrid%5Fcryptosystem
To encrypt a message addressed to Alice in a hybrid cryptosystem, Bob does the following:
- Obtains Alice's public key.
- Generates a fresh symmetric key for the data encapsulation scheme.
- Encrypts the message under the data encapsulation scheme, using the symmetric key just generated.
- Encrypt the symmetric key under the key encapsulation scheme, using Alice's public key.
- Send both of these encryptions to Alice.
To decrypt this hybrid ciphertext, Alice does the following:
- uses her private key to decrypt the symmetric key contained in the key encapsulation segment.
- uses this symmetric key to decrypt the message contained in the data encapsulation segment.
I am using RSA For a public-key cryptosystem, and AES for symmetric-key cryptosystem. Every thing works fine, but I am not sure how to handle AES initialization vector. Currently, I am concatenating the AES key and initialization vector encrypting it with the public key and sending that to server.
I just wanted to get some opinions about this approach. How this problem is solved by other communication protocols SSL etc.
Thanks.