...
- Secret-key encryption requires pre-sharing a key to both parties, which is often not possible without potentially compromising the secret key (if either party inadvertently discloses the secret key, then the entire encryption is compromised). If a pre-shared secret key were used, a hacker could reverse-engineer our executable and potentially extract the secret-key.
- Public-key encryption (at least the RSA algorithm, which is the only widely accepted public key cryptographic method known) is only suitable for small messages (several hundred bytes). We very often need to be able to securely transmit very large files. Furthermore, public-key requires both the private key and the encrypted data to be available to the same process in order to be decrypted, and the private key is stored on a very secure server that is not accessible by nor has access to the MTD archive files.
By using public-key encryption to protect a randomly generated secret-key, and the secret-key to protect the sensitive date, we can overcome these problems and create a very secure file. This technique is commonly referred to as a digital envelope. Using this technique, we have effectively made it impossible (or mathematically unfeasibleinfeasible) to decrypt the contents of the MTD files, by any workstation, whether owned by MCS or the client who created the file, or even developer machines with access to all MCS source codes. It can only be decrypted with the assistance of the MCS server that contains the RSA private key.