Shulou(Shulou.com)06/01 Report--

This article mainly explains "what are the common encryption algorithms in openssl". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Next let the editor to take you to learn "what are the common encryption algorithms of openssl?"

1. Symmetric encryption algorithm

The so-called symmetry means that both parties using this encryption method encrypt and decrypt with the same key. A key is an instruction that controls the encryption and decryption process. An algorithm is a set of rules that specify how to encrypt and decrypt.

classification

Commonly used algorithms are: DES, 3DES, AES and so on.

DES

The full name is Data Encryption Standard, or data encryption Standard, is a block algorithm that uses key encryption. In 1977, it was determined as the Federal data processing Standard (FIPS) by the National Bureau of Standards of the Federal Government of the United States, and authorized to be used in non-secret government communications. Since then, the algorithm has spread widely in the world.

3DES

That is, TripleDES, is an encryption algorithm for the transition from DES to AES, which uses three 56-bit keys to encrypt data three times. Is a safer variant of DES. It takes DES as the basic module and designs the packet encryption algorithm through the combined grouping method. It is more secure than the original DES,3DES.

AES

The full name is Advanced Encryption Standard, also known as Rijndael encryption method in cryptography, which is a block encryption standard adopted by the federal government of the United States. This standard, which is used to replace the original DES, has been analyzed by many parties and is widely used all over the world.

Advantages and disadvantages

The advantages of symmetric encryption algorithm are open algorithm, small amount of computation, fast encryption speed and high encryption efficiency.

The disadvantage of symmetric encryption algorithm is that before data transmission, the sender and receiver must agree on the secret key so that both parties can keep the secret key. Second, if one party's secret key is leaked, then the encrypted information is not secure. In addition, every time a pair of users use a symmetric encryption algorithm, they need to use a unique key that others do not know, which makes the number of keys owned by both the receiver and the sender huge, and key management becomes a burden on both parties.

Application

Save sensitive but decrypted information such as user's mobile phone number, ID card, etc.

2. Asymmetric encryption algorithm

Unlike symmetric encryption algorithms, asymmetric encryption algorithms require two keys: public key (publickey) and private key (privatekey). The public key and the private key are a pair. If the data is encrypted with the public key, it can be decrypted only with the corresponding private key; if the data is encrypted with the private key, it can be decrypted only with the corresponding public key. Because encryption and decryption use two different keys, this algorithm is called asymmetric encryption algorithm.

classification

Commonly used algorithms are: RSA, DSA, ECC and so on.

RSA

The full name is Digital Signature Algorithm, which is the first algorithm that can be used for both encryption and digital signature, and is easy to understand and operate. RSA is the most widely studied public key algorithm. In the more than 30 years since it was proposed, it has been tested by various attacks and gradually accepted by people. It is generally considered to be one of the best public key schemes at present.

DSA

The full name is Digital Encryption Standard, which is based on the discrete logarithm problem of integer finite fields, and its security is similar to that of RSA. An important feature of DSA is the disclosure of two primes, so that when using someone else's p and Q, you can confirm whether they are randomly generated or tampered with, even if you don't know the private keys. The RSA algorithm can't do that.

ECC

Elliptic Curves Cryptography, also known as Elliptic Cryptography, is a public key cryptosystem, which was first proposed by Koblitz and Miller in 1985. its mathematical basis is the difficulty of calculating elliptic discrete logarithms on Abel addition groups by using rational points on elliptic curves.

Compared with RSA,DSA, ECC has the following advantages:

Some studies show that the elliptical key of 160bit is the same as the RSA key of 1024 bit.

The processing speed is fast, and ecc algorithm is faster than RSA and DSA in the encryption and decryption speed of private key.

The storage space is small.

The bandwidth requirement is low.

Advantages and disadvantages

Asymmetric encryption is more secure than symmetric encryption: both parties of symmetrically encrypted communication use the same secret key, and if one party's secret key is compromised, the whole communication will be cracked. Asymmetric encryption uses a pair of keys, one for encryption and the other for decryption, and the public key is public, and the secret key is kept by itself, so there is no need to synchronize the key before communicating like symmetric encryption.

The disadvantage of asymmetric encryption is that encryption and decryption take a long time and slow speed, so it is only suitable for encrypting a small amount of data.

Application

Commonly used for signature and authentication

3. Hash algorithm

In information security technology, it is often necessary to verify the integrity of messages. The Hash function provides this service, which produces fixed-length outputs for input messages of different lengths. This fixed-length output is called a "hash" or "message digest" (Message digest) of the original input message.

classification

Commonly used algorithms are: MD5, SHA, HMAC and so on.

MD5

The full name is Message Digest Algorithm, which is called the fifth edition of message digest algorithm in Chinese. It is a hash function widely used in the field of computer security to protect the integrity of messages.

SHA

The full name is Secure Hash Algorithm, that is, secure hashing algorithm, which is mainly applicable to the digital signature algorithm (Digital Signature Algorithm DSA) defined in the Digital signature Standard (Digital Signature Standard DSS). There are several one-way hashing algorithms such as SHA-1,SHA-224,SHA-256,SHA-384 and SHA-512, of which SHA-1 is no longer secure.

HMAC

The full name is Hash Message Authentication Code, that is, hash message authentication code, which mainly uses the hash algorithm to generate a message digest as output by taking a key and a message as input. In general, message authentication codes are used to authenticate messages transmitted between two units that share a common key. HMAC can be bundled with any iterative hash function. MD5 and SHA-1 are such hash functions. HMAC can also use a key to calculate and confirm message authentication values.

Application

Verify the correctness of the download file, which can be found on the website.

Store user sensitive information, such as passwords, card numbers, etc., that cannot be decrypted

Suggestion

AES uses 128bits, RSA recommends 1024 digits, and ECC recommends 160bits. There is a limit to the length of RSA encrypted characters, so it is generally used in combination with AES+RSA.

Misunderstanding

Many bloggers interpret Base64 coding as an encryption algorithm, which is not rigorous. Base64 is not readable, but that doesn't mean the code is encrypted. Encryption needs to ensure that people without a key can not decrypt the information, let alone decipher any plaintext information from the ciphertext, but Base64 can easily reverse coding. In addition, Base64 coding obviously does not use the key and does not have the security of the encryption algorithm, so we have to correct this misunderstanding.

At this point, I believe that everyone on the "openssl commonly used encryption algorithms have a deeper understanding, might as well come to the actual operation of it!" Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.