Say I encrypt a file symmetrically. Then encrypt both the key and the file with public/private key. This is what I understand to be called envelope encryption.
I understand the key pair offers an outer layer of protection.
But once that outer asymmetric layer of encryption is decrypted, I have the symmetric key, so I can easily decrypt the second, symmetric, encryption.
It looks to me envelope encryption is only as strong as its outer key/pair encryption. What am I missing? Thanks =)
This approach isn't about an extra layer of security, it's about performance. Public-key algorithms are typically slow. Symmetric algorithms are very fast. So the (potentially very large) message is encrypted quickly with a symmetric algorithm using a random key. Then just the key is encrypted using a public-key scheme. This gives the benefits of a public-key scheme, with the performance of a symmetric scheme.