This problem is a reader a problem encountered in the process of the interview, prepared for the interview should be remember, one of the difference between the asymmetric encryption and asymmetric encryption is symmetric encryption speed is slow, but when we do business development is usually a direct call algorithm, to explore, it is not too much so if the interviewer asks about this problem, It does take people by surprise. This article is a good way to say it.
Symmetric and asymmetric encryption
First of all, let’s talk about what symmetric encryption is and what asymmetric encryption is. This section mainly uses some examples to introduce what symmetric encryption and asymmetric encryption are. If you already know what symmetric encryption is, you can skip this section.
Symmetric encryption
High school students Xiao Ming and Xiao Hong are a pair of “underground lovers”, but they sit in front of the classroom, one after the classroom, so the evening self-study time can only pass the note. At this time, a very embarrassing thing appeared, because the note can not be directly handed to the other party, so the note has to pass through multiple people, but there are always one or two gossips like to read what is written in the note. To the teacher in charge to avoid being caught and peer classmates, they agreed, with the modern Chinese dictionary as “password”, after passing notes, the note content is to write the word on the page number and order in the dictionary, so even if note being looked, he who does not know what the password is also won’t know the real content in the paper. In the above example, the paper strip is the carrier of information, the content in the paper strip is the information, the Chinese dictionary is the key, and the page number and sequence of the text mapped to the Chinese dictionary is the encryption method (algorithm). Symmetric key algorithm (Symmetric encryption for short) uses the same key for encryption and decryption or two keys that can be easily calculated with each other. Common symmetric encryption algorithms include AES, DES, and 3DES. Symmetric encryption can be simply defined as: One party encrypts information using the key and sends the ciphertext to the other party. The other party decrypts the ciphertext using the same key and converts the ciphertext into plain text that can be understood. The relationship between them can be seen in the picture below (to borrow from @Hanshijun’s picture) :
disadvantages
Although this encryption method is simple, its disadvantages are also very obvious. In the above example, if the person passing the note knew of their encryption, they could also have interpreted their note by consulting a Chinese dictionary. As shown in the figure below. So it’s easy to understand why so many anti-japanese films will appear crazy scramble for the password.
Asymmetric encryption
Here’s another example that’s very common in life. Small friends in the community can often receive letters in their own mailbox, such as your admission notice, of course, more likely to be advertisements. However, while anyone can throw an email in there, only you can open the mailbox and see the email. The above procedure is a very graphic asymmetric encryption.
publicKey
PrivateKey (privateKey)
RSA, DSA, ECC
Only the private key can unlock the contents encrypted with the public key, and only the public key can unlock the contents encrypted with the private key.
Usage of public/private keys
The first use: public key encryption, private key decryption. — Used for encryption and decryption of the second use: private key signature, public key check. — used for signature is actually very easy to understand: since it is encryption, it is certainly do not want others to know my message, so only I can decrypt, so can draw the public key is responsible for encryption, private key is responsible for decryption; Since it is a signature, it is certainly do not want someone to impersonate me to send a message, only I can release this signature, so can draw private key responsible for signature, public key responsible for verification.
Here’s one thing: signature ≠ encryption, which means you can’t understand something you’re not supposed to see. And a signature means you can’t deny anything you did.
Why is asymmetric encryption slower than symmetric encryption?
With these two types of encryption introduced, we can finally return to the beginning of this article. Why is asymmetric encryption slower than symmetric encryption? This is because the main operation of symmetric encryption is bit operation, which is very fast. If you use hardware computing, the speed will be faster. The AES algorithm, for example, as shown in the figure below, is essentially displacement and substitution.
However, asymmetric encryption calculation is generally complicated, such as RSA, which involves large number multiplication, large number modulus and so on. Its encryption and decryption can be expressed by the following formula:
In general, asymmetric encryption (such as RSA) decrypts slower than encryption. For details, see Why IS RSA Decryption slow?
space-time
What? You ask me where did I get this formula? What about mathematical induction?
Viewed this way, asymmetric encryption is inefficient but has low storage costs and relative security, which explains why it is so widely used.
HTTPS
Since we can not achieve both safe and fast encryption and decryption, we can only try to achieve a dynamic balance in actual use. Therefore, in our projects, we usually adopt the following method of combining the two encryption algorithms:
- Start by randomly generating the single-request encryption key (clientAesKey, 16 bits long, can be composed of 26 letters and numbers)
- RSA is responsible for encrypting a string (clientAesKey),
- AES is responsible for encrypting the plaintext string (clientAesKey) into a ciphertext.
- During decryption, RSA is used to obtain the string (clientAesKey), and AES is used to decrypt the ciphertext.
The title of this section is HTTPS because this encryption and decryption method is used in HTTPS. For details about HTTPS, please refer to my good friend Han Shi Jun’s article “Love also need to understand HTTPS”. Now, if an interviewer asks you what encryption is used in HTTPS, you probably know the answer.
