Quiz Entry - updated: 2026.07.14
How is a book on an e-Reader (DRM) typically protected with cryptography?
A combination of symmetric content encryption (AES), asymmetric session-key exchange (ECDH on the e-Reader's public key), digital signatures (ECDSA) for license + firmware integrity, and TLS for download. The device ID binds the license to specific hardware.
| Layer | Algorithm | Purpose |
|---|---|---|
| Content encryption | AES-128 / AES-256 (CBC or GCM) | The actual e-book file is encrypted with a per-book key |
| License key exchange | RSA-2048 / ECDH (P-256) | When buying, the bookstore wraps the per-book key for the user's device public key |
| Digital signatures | RSA-2048 / ECDSA-P256 | Bookstore signs the license; device verifies before granting access |
| Hash functions | SHA-256 / SHA-1 (older devices) | Integrity check on book content and license file |
| CSPRNG | CTR-DRBG (AES-based) | Generates fresh per-session keys and authentication challenges |
| Transport security | TLS 1.2 / 1.3 (HTTPS) | Encrypts the download channel from bookstore to device |
| Firmware verification | RSA / ECDSA + SHA-256 | Device only runs signed firmware (prevents DRM-bypass jailbreaks) |
The protocol in three phases:
- Device registration: the user's e-Reader (Kindle, Tolino) has a unique device public key. Registering ties it to a customer account.
- Purchase / download: the bookstore encrypts the e-book with a per-book AES key, wraps the AES key for the device's public key, signs the license, sends both over TLS.
- Reading: the device verifies the license signature, unwraps the AES key with its private key, decrypts the book.
The political reality of DRM:
- The crypto is solid. Defeating DRM almost always means extracting the per-device private key (firmware reverse-engineering) rather than breaking AES.
- Once extracted, anyone can decrypt anything bought on that account → DRM is a "speed bump" not absolute protection.
- That's why publishers care less about cryptographic strength and more about raising the cost of bypass: device attestation, secure enclaves (TrustZone, Secure Enclave), firmware signing.
Tip: DeDRM tools that strip Kindle/EPUB protection have existed for years — the crypto isn't broken, the keys leak. Whether you find this acceptable depends on whether you think you own digital purchases or merely license them.