Hybrid Systems

Hybrid systems combine the strengths of symmetric and asymmetric ciphers. In a hybrid system, an asymmetric cipher is used for authentication and data integrity, and a symmetric cipher is used for confidentiality. Symmetric ciphers are faster than asymmetric ciphers, so it makes sense to use symmetric ciphers for most of a message or conversation. Likewise, asymmetric ciphers are well suited to authentication and session key exchange.

You can “roll your own” hybrid system, as I’ll demonstrate in Chapter 10 and Chapter 11. Here I’ll discuss the most widespread hybrid standards.


Pretty Good Privacy (PGP) is a piece of software that was designed to bring strong cryptography to the masses. It encrypts messages, using a combination of symmetric and asymmetric ciphers. Encrypted messages can then be safely transported over an insecure network, like the Internet. Another user with PGP can then decrypt the messages. PGP provides authentication, data integrity, and confidentiality.

PGP contains no startling cryptographic innovations; it uses well-known, off-the-shelf cryptographic algorithms. It is important because it is a de facto standard. The last widely distributed version is PGP 2.6.2, which uses RSA for signing and key exchange and IDEA for message encryption. PGP 5.0 is the latest version, released in August 1997; it supports additional algorithms for signing and encryption.

The Cryptix toolkit includes some support for PGP; for more information, see http://www.systemics.com/software/cryptix-java/ ...

Get Java Cryptography now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.