Shulou(Shulou.com)06/02 Report--

RSA belongs to asymmetric encryption algorithm. Although it solves the problem of "securely transmitting keys on insecure channels", the disadvantage is that the amount of computation is too large, resulting in a slow speed of addition / solution, so it uses a mixture of symmetric and asymmetric encryption algorithms in specific engineering applications, such as SSL/TLS protocol uses a mixture of RSA and AES algorithms. The specific process is to encrypt the symmetric password with the RSA algorithm and then pass it to the other party, and then the two sides use the symmetric encryption algorithm to communicate; in addition, RSA also plays the role of CA authentication (in fact, it verifies the public key of the other party signed by the private key of CA).

Thus it can be seen that the role of RSA has been reduced from "encrypting data" to "verifying CA certificates" and "shared symmetric keys". If the second function is replaced by the DH algorithm, then RSA is only used to verify CA certificates.

In order to understand the process of sharing symmetric keys with RSA, this paper uses a manual method to implement it step by step.

To encrypt the data to user B, user A takes the following steps:

1. B generates a public / private key pair, derives the public key from it, and passes it to A through the public channel.

2. A generates a symmetric password

3. A uses symmetrical encryption algorithm to encrypt files with AES.

4. An encrypts the symmetric password with the public key of B (forms a digital envelope)

5. A sends digital envelopes and ciphertext to B through the network and other channels

6. B decrypts the symmetric password with its own private key

7. B decrypt the ciphertext with the decrypted symmetric password

Specific operation steps:

1. B generates the RSA key pair file key.pri, then extracts the public key key.pub from it and passes it to A through the public channel:

Openssl genrsa-out key.pri 4096 openssl rsa-in key.pri-pubout-out key.pub

2. A generates a 32-byte random password file passwd.bin:

Openssl rand-out passwd.bin 32

3. Prepare the file test.txt to be encrypted, use the random password above, and encrypt the plaintext test.txt with the AES algorithm. The output ciphertext is test.enc,key derived function is pbkdf2:

Openssl enc-pbkdf2-aes-256-cbc-in test.txt-out test.enc-pass file:passwd.bin del test.txt

4. An encrypts the random password file passwd.bin with the public key key.pub sent by B to form a digital envelope passwd.enc:

Openssl rsautl-encrypt-in passwd.bin-inkey key.pub-pubin-out passwd.enc del passwd.bin

5. A sends the ciphertext test.enc and passwd.enc to B through the open channel:

6. B first decrypts the digital envelope with its own private key to get the symmetric password file passwd.bin:

Openssl rsautl-decrypt-in passwd.enc-out passwd.bin-inkey key.pri

7. B decrypts the message with a symmetric password to get the plaintext test.txt. The algorithm and secret key derivation function are the same as the parameters used in encryption:

Openssl enc-d-aes-256-cbc-pbkdf2-in test.enc-out test.txt-pass file:passwd.bin

Asymmetric encryption tools can be used. You can use gpg4win.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.