CEK
The ephemeral symmetric key of CMS hybrid encryption, central to the AS2 envelope.
Definition
The CEK is randomly generated by the sender for each message and encrypts the content under AES-CBC or 3DES. Because asymmetric encryption is slow, only the CEK (not the content) is encrypted with the recipient's RSA public key — this is the hybrid model. A distinct CEK is wrapped for each RecipientInfo.
Origin
Concept defined in RFC 5652 (Cryptographic Message Syntax), notably sections 6.1 and 6.2 describing EnvelopedData and KeyTransRecipientInfo, IETF S/MIME WG.
Example in context
KeyTransRecipientInfo.encryptedKey = RSA_encrypt(recipientPublicKey, CEK) — the recipient decrypts the CEK with its private key, then decrypts the EDI content with the CEK.
Related terms
- EnvelopedData — the structure that carries the encrypted CEK.
- RSAES-OAEP — the transport algorithm that wraps the CEK.