The key
A key is like a key that opens the door to network security. Encryption key is mainly used for the information, in what is now the Internet is so developed society, more and more people in the network communication, file transfer, how do we ensure their transmission of information will not be tampered with, on the way of how to ensure that our transport information can only be seen by each other, this is the key role in the theme of today’s discussion now. Key is divided into the symmetric and asymmetric keys, symmetric key is refers to the use of encryption and decryption keys are the same, asymmetric keys is to point to use different keys to encrypt and decrypt, often referred to as a public key and a private key, private key to save myself, public key will be out, when people want to transmit information to you, you can use your public key encrypt, release out Then when you receive the message you can decrypt it using your own private key. Note that the public key and private key must be used in a pair for asymmetric encryption. That is, if the private key is used for encryption, only the public key can be used for decryption, or if the public key is used for encryption, only the private key can be used for decryption. The same key cannot be used for both encryption and decryption.
Common encryption algorithms
If you want to complete encryption and decryption, it is not enough to only use the key, there is also a more important encryption algorithm, according to the two encryption methods mentioned above: Symmetric encryption and asymmetric encryption, encryption algorithm can also be divided into symmetric encryption algorithm and asymmetric encryption algorithm, in addition to there is a one-way encryption algorithm, let us detail the different encryption algorithm, and their differences, we should choose the appropriate encryption algorithm. Because there are many kinds of encryption algorithms, only some common algorithms will be selected here for comparison.
One-way encryption
One-way encryption is irreversible encryption, that is, the original text cannot be retrieved from the encrypted information. Common unidirectional encryption algorithms include MD5, SHA, and HMAC.
Symmetric encryption algorithm
Common symmetric encryption algorithms: DES, 3DES, AES, etc.
Asymmetric encryption algorithm
Common asymmetric encryption algorithms: RSA, DSA, ECC, etc.
Choice of encryption algorithm
The selection of encryption algorithm is mainly considered from the following perspectives:
-
Encryption speed The asymmetric encryption algorithm runs much slower than the symmetric one. Therefore, if a large amount of data needs to be encrypted, you are advised to use the symmetric algorithm to improve the encryption speed.
-
Using restricted signatures only asymmetric encryption algorithms can be used.
-
Key management Symmetric encryption algorithm. Because encryption and decryption all use the same key, how to ensure the security of the key is particularly important. Therefore, asymmetric encryption algorithm is generally preferred when the amount of data to be encrypted is very small.
-
Key bit Generally speaking, the longer the key is, the slower the running speed is. The key should be selected according to the actual security level. Generally speaking, RSA recommends 1024 bits, ECC recommends 160 bits, and AES uses 128 bits.
In the actual operation process, we usually adopt the way is: the management of symmetric algorithm using the algorithm of asymmetric encryption keys, and then use symmetric encryption algorithm to encrypt data, so that we will integrate the advantages of the two types of encryption algorithm, implements the encryption speed of both advantages, and realize the advantages of safe and convenient management key.
Encryption to decrypt
A typical flow using an asymmetric encryption algorithm is shown below:
Digital signature (private key for signing, public key for authentication)
Imagine the following scenario: would you transfer the money directly to a friend who asked to borrow money from you via wechat? With all the con artists out there, how many people have had bad experience so we’re gonna have to call your friend and make sure it’s him. The same goes for sending information over the Internet. How do you know it won’t be tampered with? That’s where signatures come in. A digital signature is a digital signature composed by the sender according to the information to be sent and the summary of the information encrypted with his private key. The user uses his private key to process the information. The key is owned only by the sender, so a file that cannot be generated by others is generated, and a digital signature is formed.
The information in this paper,
In the previous introduction to digital signatures, a concept called information digest (digital digest) was mentioned. Instead of using messages to be sent, digital signatures are generated directly. Instead, digital signatures are generated using information digest, and then digital signatures are generated using information digest.
- The length of the message to be sent is variable. The length of the message determines the signature speed, while the length of the message summary is fixed. Therefore, the problem of signature efficiency can be solved well.
- Message digest function is a one-way function without trap gate, that is, it can only digest the positive information, but cannot recover any message from the digest, or even find any information related to the original information.
A typical flow using signatures is shown below:
The digital certificate
In the process of using the signature, the public key is public and can be imported to the computer by itself. If C accesses B’s computer and changes A’s public key to its own, C can pretend to be A and send information to B. How can B ensure that it is using A’s public key? A digital certificate is used to identify the key. The public key is usually transmitted in the certificate.
Digital certificates can not be generated by themselves, but need to be issued by a special Certificate Authority (CA). The ca uses its own private key to encrypt A’s public key and related information to generate A digital certificate. The following figure shows what is wrapped up in a digital certificate:
Reference documentation
Blog.csdn.net/tianlang519…
Blog.csdn.net/lovelichao1…
www.jianshu.com/p/4932cb149…
www.jianshu.com/p/8a55423f2…