Shulou(Shulou.com)06/01 Report--

With the rise of the Internet, more and more information and resources have to be transmitted through the network; however, in these data transmission, there are always some "unrelated people" who do some acts that endanger the security of data, such as eavesdropping, theft, tampering and so on. so we have to encrypt the data to ensure the secure transmission of the data.

So there are several encryption methods:

First, symmetric encryption:

This algorithm simply means that both the sender and receiver of the data must have the same key (the key used to encrypt the data). In the transmission of the data, both the data and the key are transmitted in an encrypted way.

Features: in data encryption, data is divided into fixed large blocks and encrypted one by one; encryption and decryption are also fast

Defect: because the encryption and decryption use the same key, both the sender and the sender need to keep the key, resulting in an increasing number of keys; the confidentiality of key distribution is also too difficult

2. One-way encryption:

This kind of encryption is a simple encryption process, which can not be decrypted by itself, so it can not be used to encrypt data information directly. There are two commonly used algorithms: MD5 and SHA algorithm, using this method to encrypt a certain segment of the data to get a thing called "signature". This kind of "signature" can be used to determine the authenticity and integrity of the original data.

Features: fixed-length output; avalanche effect (changing any byte in the original data will make the signature change completely)

3. Public key encryption algorithm:

There are two kinds of keys used in this algorithm: private key and public key (generated by private key extraction)

Private key size: 512bit, 1024bit, 2048bit, 4096bit, 8192bit, 16384bit

This encryption method has a high level of security for data encryption; to put it simply, data is encrypted with a private key, and decryption must be decrypted with a public key; if a public key is used, the private key must be used to decrypt the data.

Because the size of the private key is too large, the encryption of data will consume too much system resources and time; so there are defects.

Usually, this encryption method is rarely used to encrypt large amounts of data, so it can be used to encrypt the following:

Encryption of ⑴ digital signature

The digital signature is used to allow the receiver of the data to confirm the identity of the sender.

⑵ key encryption

In the key exchange in symmetric encryption, the public key encryption method can be used to encrypt the key.

Encryption of small segments of ⑶ data

When the data to be transmitted is small, public key encryption can be used.

Common public key encryption algorithms:

RSA: encrypted digital signature

DSA: digital signature algorithm; can only implement the function of digital signature; this algorithm is sometimes called DSS

ELgamal

With the above encryption methods, the joint application in data transmission can achieve the purpose of secure data transmission.

From the public key encryption method, we can see that both sides of the data transmission must have each other's public key before the data can be decrypted; then the question is, how to obtain this public key? So there is a third party, that is, CA (Certification Authority).

CA is the center of identity authentication, which is used to confirm the true identity of the owner of the public key; it is similar to the × × × in our lives.

The work of the CA organization:

1. Exchange of certificates between the two parties of the communication

two。 The two parties negotiate the encryption algorithm

3. Both parties verify the authenticity of the certificate

4. Using the public key of CA to decrypt the signature of CA in the certificate shows that the source of the certificate is reliable.

5. Encrypt the certificate with a general encryption algorithm to obtain the eigenvalues; compared with the decrypted eigenvalues, if the same, it shows that the integrity of the certificate is reliable

6. Check whether the validity period of the certificate is within the legal time range. If it expires, the certificate will not be recognized.

7. Check whether the principal name of the certificate corresponds to the destination of this communication

The International Organization for Standardization (ISO) defines the institution and certification standard for certificates, the X.509 protocol standard.

The certificate mainly includes:

Name of the owner:

The public key submitted by the owner

Validity period

The version number of the certificate

Serial number of the certificate

Issuing algorithm ID

The name of the issuing CA

Principal name

Unique identification of the issuer

Digital signature of the issuer

Extended information

With this organization, we can safely transfer data over the network; a brief summary of how the data is transmitted:

1. Both sides of the communication exchange certificates with each other and go to the trusted CA for certificate verification

two。 The sender uses some symmetric encryption algorithm to encrypt the data; the encrypted data uses one-way encryption to calculate its eigenvalue; the sender encrypts the eigenvalue with its own private key to prove the reliability of the data source; the sender uses the receiver's certificate to encrypt the symmetric key.

3. After receiving the data, the receiver first uses its own private key to decrypt the symmetric key; then uses the sender's public key to decrypt the eigenvalues, and then uses the same one-way encryption algorithm to re-settle the eigenvalues of the encrypted data; compare the two eigenvalues; if the eigenvalues are the same, it indicates that the data is complete; then decrypt the original data with the decrypted symmetric key

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.