LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How is a book on an e-Reader (DRM) typically protected with cryptography?

A combination of symmetric content encryption (AES), asymmetric session-key exchange (ECDH on the e-Reader's public key), digital signatures (ECDSA) for license + firmware integrity, and TLS for download. The device ID binds the license to specific hardware.

Layer Algorithm Purpose
Content encryption AES-128 / AES-256 (CBC or GCM) The actual e-book file is encrypted with a per-book key
License key exchange RSA-2048 / ECDH (P-256) When buying, the bookstore wraps the per-book key for the user's device public key
Digital signatures RSA-2048 / ECDSA-P256 Bookstore signs the license; device verifies before granting access
Hash functions SHA-256 / SHA-1 (older devices) Integrity check on book content and license file
CSPRNG CTR-DRBG (AES-based) Generates fresh per-session keys and authentication challenges
Transport security TLS 1.2 / 1.3 (HTTPS) Encrypts the download channel from bookstore to device
Firmware verification RSA / ECDSA + SHA-256 Device only runs signed firmware (prevents DRM-bypass jailbreaks)

The protocol in three phases:

  1. Device registration: the user's e-Reader (Kindle, Tolino) has a unique device public key. Registering ties it to a customer account.
  2. Purchase / download: the bookstore encrypts the e-book with a per-book AES key, wraps the AES key for the device's public key, signs the license, sends both over TLS.
  3. Reading: the device verifies the license signature, unwraps the AES key with its private key, decrypts the book.

The political reality of DRM:

  • The crypto is solid. Defeating DRM almost always means extracting the per-device private key (firmware reverse-engineering) rather than breaking AES.
  • Once extracted, anyone can decrypt anything bought on that account → DRM is a "speed bump" not absolute protection.
  • That's why publishers care less about cryptographic strength and more about raising the cost of bypass: device attestation, secure enclaves (TrustZone, Secure Enclave), firmware signing.

Tip: DeDRM tools that strip Kindle/EPUB protection have existed for years — the crypto isn't broken, the keys leak. Whether you find this acceptable depends on whether you think you own digital purchases or merely license them.

From Quiz: ISF / Cryptographic Protocols & Requirements | Updated: Jul 14, 2026