I've the task to transfer small binary messages (1 or 2 kb long) between a desktop application and mobile devices. The messages should be encrypted asymmetrically (RSA for instance). From what I've learned one should use a hybrid cryptosystem for this kind of task:
- Generate random symmetric key
- Encrypt plain text with symmetric key (using AES for instance)
- Encrypt symmetric key with public key
- Transmit cipher text and encrypted symmetric key
I'd like to not invent an own format for storing the cipher text and the encrypted symmetric key. So I stumbled over CMS standard (Cryptographic message syntax). At the first glance it looks exactly like what I need. If I understood the standard correctly it embeds the cipher text and the encrypted symmetric key as well as information about the used algorithms.
Can anybody say whether one should use the CMS standard for the outlined task? Does OpenSSL's CMS support is sufficient for my needs?
Cheers, Christian