The following is a diagram and an explanation of how an asynchronous cryptosystem works, given the following constraints: it must be supply non-reupdiation of origin (proof that the message was sent by the vendor; authentication and proof of integrity), integrity (the message was not modified during the process of transmission), confidentiality (if intercepted, the message may not be read), and verification of origin and identity.

Click for a bigger view


The plaintext message creates a hash of it and is also placed into an encryption function using a symmetric key. The hash function that was created is placed into an encryption function using the private key of the sender, outputting a digital signature. The plaintext message that was originally placed into the encryption function using the symmetric key also takes in the newly acquired digital signature, and outputs an encrypted message (confidentiality). The symmetric key mentioned earlier is also placed into an encryption function that encrypts the key with the public key of the receiver, thus outputting an encrypted symmetric key. Both the encrypted message and key are sent across the network to the recipient. Receiver: Starting with the encrypted symmetric key, it is decrypted in a function with the recipient's private key, thus acquiring the symmetric key. Then, the encrypted message and newly acquired symmetric key are placed into a decryption function using the symmetric key, outputting the digital signature and plaintext message. Now, we must validate that all of the acquired pieces are valid (integrity/non-repudiation/verification of origin come into play during validation). We must now decrypt the digital signature of the sender by using a few pieces of information. First, we take our public key and private key of certificate authority, encrypt it, take the public key of the certificate authority, place both into a decryption function, then we get the public key of the sender and place it into a decrypt function (as mentioned earlier) along with the digital signature (in order to validate each public key). This outputs a hash that will need to be compared to our acquired plaintext message's hash. Now we place our plaintext message into a hash algorithm, generate the hash, and compare the two acquired hashes. If they are the same, this means that the plaintext acquired is valid (integrity). Therefore, throughout this process, all requirements have been met.