Build your own key center

With the surge in information exchange, the demand for information confidentiality has also rapidly expanded from military, political, and diplomatic fields to civil and commercial fields. Computer technology provides powerful means and tools for the Research and Implementation of information security. Data Encryption is an important part of computer network security. Due to the security of the Internet itself, to ensure security, not only passwords must be encrypted, but also files transmitted online. To ensure Email Security, people adopt encryption technologies such as digital signatures and provide encryption-based identity authentication technology.

Currently, encryption is mainly divided into symmetric encryption and asymmetric encryption. If the encryption key used by the sending method is the same as the decryption key used by the receiver, or the other key can be easily obtained from one key, such a system is called a symmetric key system. If the encryption key used by the sending method is different from the decryption key used by the recipient, it is difficult to launch another key from one key. Such a system is called an asymmetric key system. Symmetric keys use a single key to encrypt or decrypt data. asymmetric encryption algorithms have two keys (public keys and private keys ), encryption and decryption can be completed only when they are used together. Asymmetric algorithms have two keys and are widely used on the Internet.

The following describes how to implement information security:

1. public key encryption technology: the public key encryption system has two different keys, which can separate the encryption and decryption functions. One key becomes a private key, which is secretly saved, and the other is a public key, no need to keep the public key confidential. For a public key, just as its name is, the public key may be made public on the Internet. Main Public Key algorithm: RSA algorithm.

2. Message Authentication Technology: it is used to provide technical guarantee for digital signature technology. Information Authentication is also called integrity verification. The secure one-way hash function is used to output a fixed-length hash value for input messages of any length, the hash value is the message digest, just like the fingerprint of the file. The hash value is unique, so message integrity authentication is provided. The main information digest algorithms are MD5 and SHA.

3. Digital Signature Technology: Message Authentication technology is used to confirm the sender's identity and information integrity.

The following describes the practical application and relationship of the above three technologies.

1. if A wants to send an image to B, in order to prevent third-party interception, encryption is required. B generates A pair of key pairs (including the public key and Private Key), and B's public key is public, anyone can use the public key as the key to send A confidential message to B. A can use the public key of B to encrypt the image and then transmit it over the network, after B is encrypted, it uses its own private key to decrypt the image and obtain the original image. Other recipients cannot decrypt the image because they do not have a private key. 1. (public key refers to the public key, private key refers to the private key, encryption refers to encryption, and decryption refers to decryption .)

2. if A wants to send an image to B, in order to prevent third-party modifications and undermine the integrity of the image, A needs to verify the integrity of the data. MD5 or SHA algorithm is used to hash the image, generate a message digest and send it to B together with the image. After B receives the message, it uses the same algorithm to regenerate the message digest for the image, if the second message digest is the same as the original one, it can be considered that the original image has not been modified, a bit like CRC. II

3. if A wants to send an image to B, B can identify it as sent by A after receiving it, and A cannot deny the image he sent, make sure that the image has not been modified during transmission. A generates A pair of key pairs. A sends the public key to B. A uses MD5 or SHA algorithms to hash the image and generate A message digest. A encrypts the message digest with its own private key, the digital signature is obtained. Then, B decrypts the digital signature using the public key sent by A to obtain the message digest of the original image, and then uses the same hash algorithm to reproduce the message digest of the image, then compare the two message digests to verify the integrity of the image.

In the first case, only data is encrypted, and the sender's identity cannot be guaranteed because the public key is public, anyone can send a file to B.

In the second case, the data integrity check ensures that the data is not modified during transmission. However, if a third party simultaneously modifies the data and message digest, match the data with the message digest, so that security cannot be ensured, and the recipient cannot verify the sender's identity.

In the third case, the receiver can ensure the sender's identity, and the sender cannot deny the sender's sending behavior and ensure data integrity, but the data is not encrypted, third parties can see the data content. This technology is mainly used in the contract. users do not need to prevent third parties from peeking. As long as the contract integrity and the identity of the sender are guaranteed, generally, the source of a message is more important than the content of the hidden message.

The difference between digital signature and message authentication is that Message Authentication allows the Peer to verify whether the message sender and the message sent have been tampered. When there is a conflict of interest between the sending and receiving sides, simply using message authentication cannot solve the dispute between them, only by using digital signatures.

The zone where digital signatures and public keys are encrypted is yes. Digital Signatures-the sender uses its own private key to encrypt messages, and the receiver uses the sender's public key to decrypt messages, public key encryption: the sender uses the receiver's public key to encrypt messages, and the receiver uses its own private key to decrypt messages.

Well, after talking about so many theories, let's take a look at it. Because it is personal encryption rather than Enterprise encryption, you don't need to use the Windows 2000 Server Certificate Service, because individuals do not need to verify the public key issued between the Organization, we use the http://www.d--b.webpark.pl produced by cryton,: http://www.d--b.webpark.pl/down/crypton1-2.zip main interface three, we respectively on the above three cases of practice:

1. click Create new public/private key pair. The program will generate a random 512-bit RSA key pair. The Export public key is the Export public key, and the Export public/private key pair is the Export key pair, import public key is the import public key, import public/private key pair secret is dragged to the software interface, 7, we choose encrypt encryption, Delete and vipe refers to encryption ".

2. the sender first imports sensitive information into the program. Then, the sensitive information .txt is dragged into the program. Select Sign file (s) Upload in the same directory and select Verify signed file (s). If Signature is OK, the file has not been modified, otherwise, the file is modified.

3. For the third type of digital signature, please exercise on your own. It should not be difficult, mainly encryption. sgn files.

The main extensions and descriptions are as follows:

. Crp encrypted file.
. Pbl public key.
. Ppk key pair.
. Sgn message summary.

 

Advanced applications:

In the third case described above, data is not encrypted, so there are security problems. Some people want data to be encrypted and transmitted, so we will introduce the double-ring encryption method, the sender and receiver generate their own key pairs. Both parties know each other's public key. First, the sender imports the key pair and uses the hash algorithm to generate a message digest for data operations. Then, the sender and the receiver package the data and message digest, use the recipient's public key to encrypt the packaged file and then send it to the receiver. After receiving the message, the receiver decrypts the packaged file with its own key pair and then verifies the message digest with the sender's public key, then compare, so that we can judge the data integrity and verify the sender's identity. Because the public key of both parties is used, there is a double-layer encryption effect.