Hybrid encryption application scheme

Encryption and decryption algorithms are divided into symmetric algorithm encryption and asymmetric algorithm encryption.
Symmetric algorithm: the same encryption and decryption keys require the sender and receiver to agree on a key before secure communication. Therefore, the confidentiality of the key is essential to the security of communication. Symmetric encryption algorithm is characterized by open algorithm, small amount of calculation, fast encryption speed, and high encryption efficiency.
Asymmetric encryption algorithms require two keys: public key (publickey: public key for short) and private key (privatekey: private key for short). The public key and the private key are a pair. If the public key is used to encrypt data, only the corresponding private key can decrypt it. Because encryption and decryption use two different keys, this algorithm is called an asymmetric encryption algorithm. The asymmetric algorithm has high security and the encryption speed is much lower than the symmetric algorithm.
Symmetrical and asymmetrical algorithms each have their own advantages and disadvantages. With the continuous development of computer system capabilities, the use of a certain algorithm or a certain type of algorithm alone can no longer meet actual usage requirements. Therefore, hybrid encryption has become one of the current mainstream encryption schemes. Take the long-supplied public key cipher for symmetrical ciphers, and take the long-supplement symmetrical cipher for public key ciphers. The following briefly introduces the application of hybrid encryption.
The encryption process is as follows:
Use a random number generator to generate a temporary session key tmpkey.
Use the temporary session key to convert the message to ciphertext C1.
Use the public key of the asymmetric key to encrypt tmpkey to obtain the ciphertext C2.
C1 || C2 is combined to get the final ciphertext C3.
The decryption process is as follows:
Separate C1 and C2.
Use the private key of the asymmetric key to decrypt C2 to obtain the temporary session key tmpkey.
Use the temporary session key tmpkey to decrypt the ciphertext C1 to obtain the plaintext message.
In hybrid encryption, the session key is required to have good randomness; the symmetric algorithm has enough key length; the asymmetric algorithm must also have enough key length, and the above conditions can be met to make the encryption system more secure. The LKT encryption chip has a true random number generator, which can generate highly random session keys, and can also support hardware asymmetric algorithms, such as RSA and SM2, to protect the storage and operation of private keys and tmpkey.