Shulou(Shulou.com)06/01 Report--

This article mainly explains "what are the basic knowledge points of cryptography". The content of the explanation is simple and clear, and it is easy to learn and understand. let's follow the editor's train of thought to study and learn what are the basic knowledge points of cryptography.

Introduction to symmetric encryption and asymmetric encryption

1. How not to be eavesdropped-- encryption

This encryption scheme is called a symmetric cipher in cryptography, and the encryption and decryption parties use the same key.

Well-known cryptographic algorithms are AES (2001), Blowfish (1993), DES (1977), and further, there are World War II-era Ennig codes (rotating engine principle, Germany), purple codes (rotating engine principle, Japan), and the famous Caesar ciphers (yes, the Caesar on the north bank of the Mediterranean), fence codes and so on.

two。 How to exchange keys-- asymmetric encryption

Solve the channel security problem

Bob generates a pair of public keys and private keys in advance, the private key pri is kept by itself, and the public key pub is sent to Alice.

Alice uses pub to encrypt the message content, and Bob uses pri to decrypt it.

It is important to note that only the private key can be decrypted, so even if Eve steals to pub (only pub is transmitted and easily stolen), she cannot decrypt it.

This kind of encryption is called asymmetric cryptography in cryptography, and the so-called "asymmetry" means that the encryption and decryption parties use different keys.

Well-known asymmetric algorithms are: DSA (digital signature algorithm, can only be used for signature, 1991), ECC (elliptic curve encryption, 1985), RSA (public key encryption algorithm, 1977) and so on.

In addition to encryption, these algorithms can also be used for digital signatures. Asymmetric algorithms have an Achilles' heel: low performance. In practical application, hybrid encryption system and hash signature system are generally adopted.

3. How to prevent data tampering-- MAC

The MAC in the figure refers to the message authentication code (Message Authentication Code). You don't need to know its principle now, just remember: (1) pass in two parameters, message and key, and get a value called MAC after a series of calculations. (2) only when message and key are the same, can the same MAC be obtained.

There are many ways to implement message authentication codes, the most common of which is HMAC (Hash MAC). Even if hash algorithm is used to implement MAC, there is another kind of MAC based on block cipher algorithm, which is not common.

As smart as you are, you will surely wonder what to do if key is stolen. This involves digital signatures, which we will talk about later.

4. How to verify identity-- MAC

MAC includes several implementation methods: MAC based on HASH is called HMAC, which is widely used.

Some students should have come into contact with Ali Yun's Access Key, which is actually the principle of HMAC.

When calling API between two systems, some students will use the same key to do md5 calculation to achieve API authentication. This is called "salted HASH" and can be simply understood as a simplified version of HMAC.

Similarly, what if the key is stolen? This can be solved with a digital signature.

5. Take it a step further-digital signature

The sender signs with the private key, while the receiver verifies the signature with the public key, which is the opposite of encryption.

6. ID card of public key-digital certificate

To forge the public key, Bob needs to generate the public key pub and private key pri in advance, and then distribute the pub to Alice. Then the attack process starts from this. Eve generates its own pair of public key pub' and private key pri', to intercept Bob's pub, and sends it to Alice with its own pub' pretending to be Bob's public key.

This is a "day-to-day" process, Eve through the forgery of the public key (man-in-the-middle attack), not only overhear the news of Alice, but also ensure that Alice and Bob are not aware of the whole process!

Eve likes to forge public keys. This time, Bob will ask Trent to register an "ID card"-- a digital certificate-- for his public key. Witness is like seeing people, oh no, witnessing is like seeing the public key! The following is the process of registering a digital certificate:

Bob requests Trent to register a certificate for its public key pub.

After receiving the request, Trent signs the pub (and identity information) with its private key pri'to get a sign.

Trent issues the certificate certificate = pub + sign to Bob.

Bob sends his certificate pub + sign to Alice.

Alice uses Trent's public key pub'to verify the signature of sign. If the verification is successful, it means that pub is indeed the public key of Bob, because she believes in the authority of Trent.

Eve can't ask Trent to get a Bob digital certificate for her, because Trent won't agree, just like the police won't give me someone else's ID card. Therefore, Eve cannot forge the public key of Bob.

Considering the efficiency of the asymmetric algorithm, in practical applications, we usually hash the data first, and then sign the hash value (digest) with the private key.

Trent is generally called Certification Authority (CA) in the field of cryptographic technology.

Based on the digital certificate, the industry has formulated a series of specifications and specifications, such as who issues the certificate, how to issue the certificate, how to invalidate the certificate and so on, which is called public key infrastructure (Public-Key Infrastructure, namely PKI).

Second, common cryptography of symmetrical encryption

AES,DES,3DES,TDEA,Blowfish,RC5,IDEA

3. Classical algorithm of asymmetric encryption

RSA, Elgamal, knapsack algorithm, Rabin, Dmurh, ECC (Elliptic Curve encryption algorithm)

Thank you for your reading. the above is the content of "what are the basic knowledge points of cryptography". After the study of this article, I believe you have a deeper understanding of what are the basic knowledge points of cryptography. the specific use of the situation also needs to be verified by practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.