LAB 25 (Heterogeneous Keys pair V s Homogeneous Key Pair) - arunsinghchauhan38-arch/CLOUDARCHITECTDOC GitHub Wiki

Heterogeneous Keys pair V/s Homogeneous Key Pair

In Oracle Cloud Infrastructure (OCI), a homogeneous key pair means both keys are of the same type (e.g., RSA public/private or symmetric key versions), while a heterogeneous key pair involves different key types or algorithms (e.g., RSA with ECC, or asymmetric keys protecting symmetric keys). Homogeneous pairs are simpler and standard for most OCI Vault/KMS operations, while heterogeneous setups are used for hybrid encryption and advanced compliance scenarios.

🔄 Heterogeneous Key Pair in OCI

Definition: Private and public keys use different cryptographic algorithms — for example, RSA private key with ECC public key.

Authentication Path

  1. Key Generation → Keys created using different algorithms (RSA + ECC).

  2. User Signs Data → Private key (RSA) signs the message.

  3. Transmission → Signed message sent to the server.

  4. Hybrid Verification → Server uses ECC public key and hybrid cryptographic logic to verify or decrypt.

  5. Access Granted → Verification succeeds through algorithm translation.

Examples in OCI:

  • Using an RSA key for signing and an ECC key for encryption.

  • Hybrid encryption: Asymmetric key (RSA/ECC) used to protect a symmetric key that encrypts bulk data.

  • External Key Management (HYOK): OCI Vault integrates with third-party HSMs, allowing different key types to coexist.

Advantages:

  • Algorithm diversity: Protects against vulnerabilities in a single algorithm.

  • Compliance: Meets regulatory requirements for multi-layered encryption.

  • Flexibility: Useful in hybrid cloud or cross-platform environments.

Example Path

User (RSA Private Key) → Sign → OCI IAM (ECC Public Key) → Hybrid Verify → Access Granted

Use Case

  • Cross-cloud or hybrid cryptography

  • Systems combining RSA for encryption and ECC for signatures

  • Multi-cloud federation setups

🔑 Homogeneous Key Pair in OCI

Definition: Both keys (private and public) use the same cryptographic algorithm — for example, RSA–RSA or ECC–ECC.

Authentication Path

  1. Key Generation → Both keys created using the same algorithm.

  2. User Signs Data → Private key signs the message (RSA signature).

  3. Transmission → Signed message sent to the server.

  4. Verification → Server verifies using the public key of the same algorithm.

  5. Access Granted → Successful verification grants access.

Example Path

Code

User (RSA Private Key) → Sign → OCI IAM (RSA Public Key) → Verify → Access Granted

Use Case

  • Standard IAM authentication

  • SSH connections

  • TLS handshakes

Examples in OCI:

Symmetric keys stored in OCI Vault for encrypting block storage volumes.

RSA public/private key pairs used for signing or encrypting data.

Advantages:

  • Simplicity: Easier lifecycle management (rotation, versioning).

  • Compatibility: Fully supported across OCI services (Object Storage, Block Volumes, Databases).

  • Performance: Optimized for OCI-native integrations.

⚙️ Comparison Table