ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

CEK

The ephemeral symmetric key of CMS hybrid encryption, central to the AS2 envelope.

Definition

The CEK is randomly generated by the sender for each message and encrypts the content under AES-CBC or 3DES. Because asymmetric encryption is slow, only the CEK (not the content) is encrypted with the recipient's RSA public key — this is the hybrid model. A distinct CEK is wrapped for each RecipientInfo.

Origin

Concept defined in RFC 5652 (Cryptographic Message Syntax), notably sections 6.1 and 6.2 describing EnvelopedData and KeyTransRecipientInfo, IETF S/MIME WG.

Example in context

KeyTransRecipientInfo.encryptedKey = RSA_encrypt(recipientPublicKey, CEK) — the recipient decrypts the CEK with its private key, then decrypts the EDI content with the CEK.

  • EnvelopedData — the structure that carries the encrypted CEK.
  • RSAES-OAEP — the transport algorithm that wraps the CEK.

Last updated: June 20, 2026