Detailed analysis of the principle of asymmetric encryption algorithm

Use process:

Party B generates two keys (public and private)

Party A obtains Party B's public key and then uses it to encrypt the information.

Party B obtains the encrypted information and decrypts it with the private key. Party B can also encrypt the string with the private key.

Party A obtains the private key encryption data of Party B and decrypts it with the public key.

advantage:

More secure, the longer the key, the harder it is to crack

Disadvantages:

Slow encryption

Common algorithms:

RSA, Elgamal, Backpack Algorithm, Rabin, DH, ECC (Elliptic Curve Encryption Algorithm)

1 principle of using public key private key

1 Each public key corresponds to a private key.

2 Key pairing, let everyone know the public key, do not tell everyone, only what you know, is the private key.

3 If the data is encrypted with one of the keys, only the corresponding key can be decrypted.

4 If one of the keys can be used to decrypt the data, the data must be encrypted by the corresponding key.

The main applications of asymmetric key cryptography are public key cryptography and public key auth.

2 public key encryption and decryption

The purpose of encryption is to not expect the third party to see the communication content of the current two communication users.

2.1 encryption

A (customer) wants to send a text to B (server), but does not want others to see it, so I want to use asymmetric encryption to encrypt this text. Of course, B needs to have a pair of public and private keys:

1 B sends his public key to A

2 A encrypts the text with his public key by B, and then passes it to B.

3 B uses his private key to decrypt the message sent by A. It should be emphasized here that as long as B's private key is not leaked, the letter is safe, even if it falls in the hands of others, it cannot be decrypted.

Through these steps, B can successfully receive the information sent by A, and at the same time achieve the purpose of confidentiality.

2.2 decryption

If B wants to return information to A, it is much simpler:

1 B The information to be replied is encrypted by its own private key and then transmitted to A.

2 A solves this information with his public key before B.

The communication process described in public key encryption and decryption seems simple, but think about this question: In process 2, how does A's B reply to him in the process of transmission, has it been modified? This involves the concept of digital signatures.

3.1 digital signature (digital signature)

The official definition given by Microsoft: "Digital Signature" refers to an electronic security token that can be added to a file. Use it to verify the publisher of the file and to help verify that the file has changed since it was digitally signed.

3.1.1 Principle of Digital Signature

To achieve this goal, it is generally a hash calculation of the information to get a hash value, note that this process is irreversible, that is to say, the original information content cannot be derived through the hash. When the information is sent out, the hash value is encrypted and sent as a signature and information. After receiving the information, the receiver will recalculate the hash value of the information and compare it with the hash value (after decryption) attached to the message. If they are consistent, the content of the message has not been modified, because the hash calculation can guarantee this. Different content will definitely get different hash values, so as long as the content is modified, the hash value calculated according to the information content will change. Of course, unscrupulous people can also modify the content of the information and also modify the hash value so that they can match. In order to prevent this, the hash value is generally encrypted (that is, the signature) and then sent with the information.

3.1.2 How to use digital signatures

The following is an example to illustrate this process:

When B replies to A, he uses a digital signature.

1, B first use the hash function to generate a digest of the letter (digest)

2, B uses his private key to encrypt this digest, which generates a digital signature (signature)

3. B will attach this signature to the information to be replied and send it to A together.

4. After receiving the information of B, A removes the digital signature and decrypts it through B's public key to obtain the summary information of the letter.

5. A uses the hash function specified by B in the information sent to B, and compares the obtained result with the abstract obtained by decrypting in the previous step. If the two are consistent, it indicates that the information sent by B has not been modified.

3.2 Digital Certificate (Digital CerTIficate)

Is the problem over now? Far from it, Imagine, although A has determined that the information B has given him is unmodified, but how to determine the information that is returned to him is B? If there is an unscrupulous C, secretly change the public key of B saved by A to its own, and use the name of B to send information to A?

To solve this problem, A only needs to determine whether the public key he holds is B or not. This requires a digital certificate.

The digital certificate is used to verify the identity of the user to which the public key belongs. In daily life, if we want to verify the identity of a person, the usual practice is to check his identity card. We trust the credibility of the ID card authority, that is, the government agency, so as long as the verification of a person's ID card is not forged, we believe that the identity of this person is consistent with that described on the ID card.

A digital certificate is an identity card of a person or organization in the online world. The issuing authority is a cerTIficate authority (CA). The CA uses its own private key to sign the user's identity information (primarily the username and the user's public key), which together with the user's identity information form a certificate.

3.2.1 Composition of digital certificates

Certificate issuing agency (Issuer)

Indicates which certificate issued by the organization, that is, which certificate center (cerTIficate authority, CA for short) is issued (just create a certificate, not the user of the certificate).

Validity of the certificate (Valid from , Valid to)

That is, the effective time of the certificate, or the expiration date of the certificate. After the expiration date, the certificate will be void and cannot be used.

Public key

This is introduced in the introduction of the public key cryptosystem. The public key is used to encrypt and decrypt messages. It is a long string of numbers.

Certificate owner (Subject)

The certificate is issued to who, or the owner of the certificate, usually the name of a person or a company, the name of the organization, the URL of the company's website, and so on.

The algorithm used by the signature (Signature algorithm)

Refers to the encryption algorithm used by the digital signature of this digital certificate, so that the public key in the certificate issuing authority's certificate can be used to decrypt the fingerprint according to this algorithm. The fingerprint encryption result is a digital signature.

Fingerprint and fingerprint algorithm (Thumbprint, Thumbprint algorithm)

This is used to ensure the integrity of the certificate, which means that the certificate has not been modified. The principle is that when the certificate is issued, the publisher calculates the hash value (fingerprint) of the entire certificate according to the fingerprint algorithm (a hash algorithm) and puts it together with the certificate. When the user opens the certificate, he also calculates the certificate according to the fingerprint algorithm. The hash value (fingerprint), if it matches the value at the beginning, indicates that the certificate has not been modified. Because the content of the certificate is modified, the hash value (fingerprint) calculated according to the content of the certificate will change.