Encrypting data symmetrically and asymmetrically [duplicate]

Question

This question already has an answer here:

How to combine symmetric and asymmetric encryption? (1 answer)

Closed 8 years ago.

As far as I have learned so far, asymmetric encryption is too costly for long data. Additionally, from a technical perspective, it's not even possible to encrypt arbitrarily large portions of data (the size of the data is limited by the size of the key being used).

As far as I know the usual workaround is to create a (random) key, use that key to encrypt the data symmetrically, and then only encrypt this key using an asymmetric algorithm.

Now I have two questions:

1. Is the approach I described so far correct?
2. What do I do with the encrypted key? Of course, I store or send the encrypted data somewhere, but what about the key? If I understand it correctly, I need to store this key as well, right?

Answer 1

You are basically correct. Create a random key. Encrypt the key itself with the Public Key of the person at the other end, Bob. Send Bob the encrypted key, which they will be able to decrypt with their Private Key. This is the asymmetric encryption part.

You also use your key to encrypt that large amount of data (but not too large). Now you send Bob the encrypted data. Bob has the encrypted data and the (decrypted) key and so can use symmetric decryption to extract the data from the cyphertext you sent.

Once you have sent the data and key, you should probably securely destroy the key and not use it again unless you have a good reason to keep it. Generate a new key the next time you need to send something. Even if you are sending something to Bob again, use a new key. Even if you are resending the same data to Bob again, use a new key. Sending too much data on a single key can allow attacks on your data.