|
The principle is practiced in the NSA's secure mobile phone called Fishbowl.<ref name=":0" /> The phones use two layers of encryption protocols, [[IPsec]] and [[Secure Real-time Transport Protocol]] (SRTP), to protect voice communications. The Samsung [[Galaxy S9]] Tactical Edition is also an approved CSfC Component.
==Examples==
The figure shows from inside to outside the process of how the encrypted capsule is formed in the context of Echo Protocol, used by the Software Application GoldBug Messenger.<ref>{{cite web |url=https://goldbug.sourceforge.net |title = GoldBug – Secure E-Mail-Client & Instant Messenger}}</ref> GoldBug has implemented a hybrid system for authenticity and confidentiality.<ref name=":0">Adams, David / Maier, Ann-Kathrin (2016): BIG SEVEN Study, open source crypto-messengers to be compared – or: Comprehensive Confidentiality Review & Audit of GoldBug, Encrypting E-Mail-Client & Secure Instant Messenger, Descriptions, tests and analysis reviews of 20 functions of the application GoldBug based on the essential fields and methods of evaluation of the 8 major international audit manuals for IT security investigations including 38 figures and 87 tables, URL: https://sf.net/projects/goldbug/files/bigseven-crypto-audit.pdf – English / German Language, Version 1.1, 305 pages, June 2016 (ISBN: 110368003X – DNB: 2016B14779)</ref>
'''<u>First layer of the encryption:</u>'''
The ciphertext of the original readable message is hashed, and subsequently the symmetric keys are encrypted via the asymmetric key – e.g. deploying the algorithm RSA.
In an intermediate step the ciphertext, and the hash digest of the ciphertext are combined into a capsule, and packed together.
It follows the approach: [[w:Authenticated encryption#Encrypt-then-MAC|Encrypt-then-MAC]]. In order for the receiver to verify that the ciphertext has not been tampered with, the digest is computed before the ciphertext is decrypted.
'''<u>Second layer of encryption:</u>'''
Optionally it is still possible, therefore to encrypt the capsule of the first layer in addition with an [[w:Advanced Encryption Standard|AES-256]], – comparable to a commonly shared, 32-character long symmetric password. Hybrid Encryption is then added to multiple encryption.{{Citation needed|date=September 2022}}
'''<u>Third layer of the encryption:</u>'''
Then, this capsule is transmitted via a secure [[w:Transport Layer Security|SSL/TLS]] connection to the communication partner.
==References==
| 