Symmetric encryption

Features: Encryption and decryption use the same key. Advantages: Fast encryption speed Disadvantages: Because the same key is used for encryption and decryption, the key needs to be transmitted during ciphertext transmission, which increases the risk of key leakage. Indicates DES or AES

  • DES

DES: Data Encryption Standard in Chinese. Is a block encryption algorithm with a key length of 56 bits. The algorithm processes data segments of fixed length each time, which is called grouping. The DES packet size is 64 bits. If the length of encrypted data is not a multiple of 64 bits, you can fill the bits according to a specific rule.

  • AES

AES is advanced Encryption Standard in Chinese. DES is a block encryption standard used to replace DES. The reason is that it uses a 56-bit key, which is easier to crack. AES, on the other hand, can use 128, 192, and 256-bit keys, and encrypt and decrypt data in 128-bit packets, which is relatively secure. Sophisticated encryption algorithms are theoretically unbreakable, except by using the exhaustive method. It is said that even with the world’s fastest computers, it would take billions of years to exhaust the 128-bit key.

Asymmetric encryption algorithm

Features: Asymmetric encryption is also known as public-private key encryption, that is, public key encryption can only be decrypted using the corresponding private key, and private key encryption can only be decrypted using the corresponding public key. Advantages: Security, the public key can be disclosed, as long as the private key is not leaked. Disadvantages: Low encryption speed Indicates RSA and ECC

  • RSA

The RSA public-key cryptosystem uses different encryption keys and decryption keys. It is computationally infeasible to derive decryption keys from known encryption keys. It is used to encrypt data or digital signatures. Because the encryption speed is slow, it is only used to encrypt small data.

  • ECC

The unit security strength of the ECC algorithm is higher than that of the RSA algorithm, that is, the key length required by the ECC algorithm is much lower than that of the RSA algorithm to achieve the same security strength. ECC algorithm is faster than RSA in encryption and decryption of private keys.

The hash algorithm

The hash algorithm is not strictly an encryption algorithm. Generally speaking, the encryption algorithm is reversible, that is: can encrypt can decrypt. The hash algorithm is lossy and irreversible. After the hash algorithm is encrypted, the digits are fixed. Because the encrypted string is unchanged. Therefore, it is generally used to verify the integrity of passwords and information. Disadvantages: Hash collisions are possible (different plaintext may have the same hash ciphertext), but the probability is extremely low. Indicates SHA or MD5

Mixed encryption

Symmetric encryption is easy to leak, and the encryption and decryption speed of asymmetric encryption is slow. The hash algorithm is irreversible, and has its own advantages and disadvantages. So in general, we use a combination of algorithms. Such as:

  • AES+RSA

Use RSA to encrypt AES key. AES algorithm encrypts text. The AES key encrypted with RSA is transmitted to the AES ciphertext. The receiver uses the RSA algorithm to obtain the AES key, and then uses the AES key to decrypt the text. AES+RSA is one of the most commonly used encryption methods. AES+RSA combines the advantages of the two algorithms and avoids the disadvantages of the two algorithms. This ensures the speed of encryption and decryption and the security of the key

  • Digital signature (asymmetric +Hash algorithm)

Digital signatures are verified by using the invariant character of the Hash algorithm after encryption. The process is as follows:

  1. The plaintext is encrypted using the Hash algorithm to form a digest, and the asymmetric encryption Algorithm private key is used to form a signature. The signature and plaintext are then sent to the receiver.
  2. The receiver decrypts the signature with the local asymmetric encryption algorithm public key to obtain the abstract
  3. Compare the received plaintext encrypted with the same hash algorithm with the digest obtained in step 2.

But here’s the problem: the public key of a digital signature is easy to tamper with and cannot be guaranteed to be legitimate. So we introduced certificate authorities to issue digital certificates.

  • Digital certificate verification process
  1. Submit information such as the public key, organization information, and domain name to the third-party CA to apply for a certificate
  2. After verifying the authenticity of the submitted information, the CA encrypts the applicant information using the Hash algorithm to generate an abstract, and then encrypts the abstract with the CA private key to form a signature. The signature is stored in the certificate together with the server public key, applicant information, issuing authority information, and validity time, and is issued to the applicant.
  3. The client requests the server, and the server returns the certificate. The client verifies that the domain name and validity period of the certificate correspond to the local certificate. (Generally, the client has built-in information about the trusted certificate, including the certificate public key.)
  4. The client reads the plaintext information in the certificate and encrypts the digest using the same hash algorithm.
  5. The client retrieves the public key pair of the certificate from the local device and decrypts the signature. If the signature pair is the same as the summary obtained in the previous step, the validity of the certificate can be confirmed. The corresponding server public key is also reliable

Pay attention to the public number [an old code farmers], more high-quality technical articles waiting for you to come

  • https

HTTPS is HTTP in an SSL/TLS shell. HTTPS is a transport protocol for secure communication over a computer network. It encrypts data packets by establishing full channels for communication over HTTP. SSL/TLS is a mixture of symmetric, asymmetric, and hash algorithms. It contains the above “digital certificate verification process” and “AES+RSA hybrid encryption”. Therefore, HTTPS is implemented by symmetric encryption, asymmetric encryption, and hash algorithm.

The general working flow of HTTPS is as follows:

  1. The client initiates an HTTPS request.
  2. The server returns the obtained public key certificate to the client.
  3. The client verifies the validity of the certificate through digital Certificate Verification Process. If the certificate passes, go to Step 4. If it fails, a warning message is displayed.
  4. The client generates a key for symmetric encryption, encrypts it with the server’s public key in the certificate, and sends it to the server
  5. The server decrypts it with its own private key to obtain the “symmetric encryption” key.
  6. The server uses the resulting “symmetric encryption” key to encrypt a piece of plaintext and sends it to the client. The client decrypts the obtained plaintext using a symmetric key
  7. The client sends a request and encrypts a plaintext with the symmetric key. After receiving the request, the server decrypts the plaintext with the symmetric key.

Here is an HTTPS flow chart:

This article was first published on the public account [an old code farmer]