Shulou(Shulou.com)06/01 Report--

Since ancient Egypt, the longer the length of this cryptographic key, the stronger the reliability of encryption.

A key is a set of specific strings, which is the only parameter that controls the conversion between plaintext and ciphertext, and acts as a "key".

Symmetric encryption algorithm: the key used in decrypting data is exactly the same as that used in encryption, also known as private key algorithm.

Symmetric cryptographic algorithms: insecure algorithms must ensure the security of keys.

Advantages: fast encryption, encrypted data will not become larger

Disadvantage: there is a problem in secret key exchange

The encryption algorithm only tells you that the algorithm participates in naughn key nim2.

Symmetric encryption algorithm (private key algorithm)

DES:Data Encryption Standard (56bite length encryption) 3DES (168bite length encryption)

AES:Advanced Encryption Standard (128/192/256bite length encryption)

Public key management

In order to protect the safe transmission of data in the network from illegal theft and malicious tampering, the sender needs to encrypt the data before sending the data, that is, through a certain algorithm, the plaintext data is converted into ciphertext data by using a key; after receiving the ciphertext data, the receiver needs to decrypt it, that is, through a certain algorithm, the ciphertext is restored to plaintext data by using the key to obtain the original data.

Asymmetric key algorithm: data encryption and decryption using different keys

In the asymmetric key algorithm, one of the keys used in encryption and decryption is the public key and the other is the private key saved by the user key. It is difficult to calculate the private key from the public key.

A key is used when encrypting plaintext, which is commonly known as the public key, but another key must be used when decrypting the ciphertext, which is commonly known as the private key. The public key is responsible for encryption, not decryption, and must be decrypted with a private key.

Asymmetric encryption algorithm

Disadvantages: slow encryption, encrypted data will become larger

Purpose: mainly used for exchanging secret keys and other asymmetric encryption algorithms.

Public key encryption algorithm is slower than private key encryption algorithm.

Asymmetric key algorithms: RSA, DSA (digital signature algorithm), ECDSA

There are two main uses of asymmetric key algorithms:

1. Encrypt / decrypt the sent data: the sender encrypts the data using the receiver's public key, and only the receiver with the corresponding private key can use the private key to decrypt the data, thus ensuring the confidentiality of the data.

2. Authenticate the identity of the data sender: SSH

When the data is in the process of transmission, if the data is hijacked and modified, it is usually difficult for the data receiver to find out whether the data has been tampered with halfway. There is a checksum behind each data packet. The Hash algorithm is used to give the value, and then the data packet is received to calculate whether the Hash value matches, and the mismatch rejects the packet.

The difference between Hash and encryption: integrity checking, verifying data integrity

1. Hash algorithms are often designed to generate text with the same length, while the length of text generated by encryption algorithms is related to the length of plaintext itself.

2. The hash algorithm is irreversible, while the encryption algorithm is reversible.

Hash algorithm

Hash is mostly used for authentication and authentication peer parties only need to exchange the hash value of the password when authenticating each other.

Current Hash algorithms: MD5 (hash value of 128bite length), SHA-1 (hash value of 128bite length)

If the protected data is used for comparative verification only and does not need to be restored to plaintext later, hash is used; if the protected data needs to be restored to plaintext later, encryption is required.

The combined encryption and decryption process is also called digital envelope.

Use the symmetric encryption algorithm to encrypt a large number of data, each time a new random key (session key) is generated and the session key is encrypted and transmitted using the public key of the asymmetric encryption algorithm. After the session key reaches the opposite end, the session key is decrypted with the private key corresponding to the public key of the asymmetric encryption algorithm, and then the session key is decrypted with the private key of the symmetric encryption algorithm. Get the required plaintext data

Digital certificate: equivalent to network × × ×

Digital signature: encrypt your own private key and decrypt your own public key

Digital signature A process of encrypting an information digest using the private key of the signer.

The ciphertext obtained in the signature process is called signature information.

First of all, calculate a summary of the plaintext information through the hash algorithm, encrypt the digest using the sender's private key, get the encrypted digest, then encrypt the plaintext using the receiver's public key, decrypt the ciphertext using the receiver's private key, get the plaintext, calculate the digest value by hash algorithm, and then decrypt the encrypted digest using the sender's public key. The summary value is obtained, and if it is the same, it is proved that it was sent by the sender.

Functions of digital signatures:

1. Ensure the integrity of information transmission.

2. Identity authentication of the sender (original authentication)

The local certificate is a digital certificate issued by CA to the entity; the CA certificate is also known as the root certificate

Certificate trust chain

Layer 1 is the root certificate (Thawte Premium Server CA)

Layer 2 is the certificate that Thawte uses specifically to sign

The third layer is Mozilla's own certificate.

The set of standards adopted by CA in accepting certificate requests, issuing certificates, revoking certificates, and issuing certificate revocation lists (CRL) are called CA policies.

PKI (Public Key Infrastructure) Public key Infrastructure: a system that secures system information through the use of public key technology and digital certificates and is responsible for verifying the identity of digital certificate holders

Bind the identity of the certificate holder and the associated public key by issuing a digital certificate

The working process of PKI

1. The client (PC) applies for a certificate from the CA server

2. RA (registry) examines the identity of the entity and sends the entity identity information and public key to CA (part of the CA server) by digital signature.

3. CA verifies the digital signature and agrees to the application and certificate issued by the entity.

4. The RA registry receives the certificate returned by CA, sends it to the LDAP server to provide directory browsing service, and notifies the entity that the certificate has been issued successfully

5. The client (PC) obtains the certificate, which can be used to communicate securely with other clients (PC) using encryption and digital signature.

6. When the terminal revokes its certificate, it submits an application to CA, and CA approves the revocation of the certificate, updates the CRL, and publishes it to the LDAP server.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.