ClassicSys - Email
Distribution of national SessionKeys
The following steps must be executed to create Alice's SessionKey
to Bob :
- Alice asks the TA for a SessionKey giving the ID-numbers of
the sender (herself) and the receiver
- based on these information, the TA constructs a stamp (ID
sender + ID receiver)
- the TA encrypt this stamp with his PrivateKey to generate
the SessionKey from Alice to Bob, Kses
- the TA reconstructs the PrivateKeys (and inverse ones) of
Alice and Bob : KAlice, K-1Alice,
KBob, K-1Bob
- the TA computes the SessionKeys (direct, inverse, inverse
complementary, and inverse of the inverse complementary) : Kses,
K-1ses , Kcomp (=[11...1] XOR
K-1ses) and K-1comp
- the TA sends 4 different encrypted blocks to Alice :
- the first block contains the SessionKey from Alice to Bob,
Kses, encrypted with the inverse PrivateKey of Alice,
K-1Alice (*)
- the second block contains the stamp (ID of sender + ID of
receiver) encrypted with the inverse SessionKey
- the third block contains the inverse SessionKey from Alice
to Bob, K-1ses, encrypted first with the
inverse PrivateKey of Bob, K-1Bob,
and then with the inverse PrivateKey of Alice, K-1Alice.
- the last block contains the stamp first encrypted with the
inverse of the complementary inverse SessionKey, K-1comp,
and then with the inverse SessionKey, K-1ses.
(*) Of course, knowing the ID-number of an end-user, the TA is
able to reconstruct his PrivateKeys (direct and inverse keys).
This is done internally in a way that they are not accessible
to humans.
What are these 4 blocs for ?
- The first block permits Alice to reconstruct the SessionKey
whenever she sends a message to Bob. The SessionKey is NOT recorded
by Alice...
- The second block permits Alice to verify that the received
blocks concern the SessionKey between herself and Bob.
- The third and fourth blocks will be included in all the messages
that Alice will send to Bob.
- The third block permits to Bob to decipher all the messages
sent by Alice.
- With the last block, Bob is sure that the SessionKey was generated
by the TA.