Cryptographic algorithms: Symmetric and Asymmetric encryption

Symmetric encryption algorithm

Symmetry is the use of the same encryption method used by both parties to encrypt and decrypt the same key. A key is an instruction that controls the process of encrypting and decrypting. The algorithm is a set of rules that specify how to encrypt and decrypt.

The advantages of symmetric encryption algorithm are that the algorithm is open, the computation is small, the encryption speed is fast and the encryption efficiency is high.

The disadvantage of symmetric cryptography is that before data is transmitted, the sender and receiver must agree on a secret key, and then both parties can save the secret key. Second, if a party's secret key is compromised, then the encrypted information is not secure. In addition, each time the user uses the symmetric encryption algorithm, you need to use a unique secret key that other people do not know, which will make the two sides have a huge number of keys, key management becomes a burden on both sides.

The common symmetric encryption algorithms are DES, 3DES, AES, Blowfish, Idea, RC5, RC6.

Asymmetric encryption algorithm

Asymmetric encryption (public key cryptography): Encryption and decryption of cryptographic algorithms using different keys, also known as Public private key cryptography. Assuming that two users want to encrypt the exchange of data, the two sides exchange the public key, using the other side of the public key encryption, the other side can be decrypted with their own private key. If there are n users in an enterprise, the enterprise needs to generate N-pair keys and distribute n public keys. Suppose a uses the public key of B to encrypt the message, signed with A's private key, B receives the message, first verifies the signature with a's public key, and then decrypts the message with its private key. Because the public key can be exposed, the user simply takes care of their private key, so the distribution of the encryption key becomes very simple. Also, because each user's private key is unique, other users can verify that the source of the information is true, in addition to the public key of the sender of the message, by digitally signing to ensure that the sender cannot deny that the message was sent. The disadvantage of asymmetric encryption is that the decryption speed is much slower than symmetric encryption, and in some extreme cases, it can be even 1000 times times slower than symmetric encryption.

Working principle

1.A to send information to B, both A and B generate a pair of public and private keys for encryption and decryption.

The private key of the 2.A is confidential, A's public key tells B;b's private key secret, and B's public key tells A.　　3.A to send a message to B, a uses the public key of B to encrypt the information because a knows the public key of B.　　4.A sends this message to B (the message has been encrypted with B's public key). 5.B after receiving this message, B decrypts a message with its private key. All other people who receive this message cannot decrypt it, because only B has a private key for B. This encryption algorithm is widely used, such as SSH, HTTPS, TLS, electronic certificate, electronic signature, electronic ID card and so on. how to ensure that the public key of others is not his own? That is to prevent the public key information is changed. 　　The practice is to set up a certificate center. Refer to this article for details: digital signature, digital certificate, encryption algorithm

How can I prevent the transmission of information from being tampered with?

MD5 the practice of preventing data tampering (Information-Digest algorithm 5)　

The general idea is to send the data (denoted by src) and a string that we know by ourselves (denoted by a key), which becomes a piece of signature text (denoted by sign) through an algorithm. After the data src and sign are received on the server side, the signature text (in SIGN1) is computed using the same algorithm. Compare whether sign and sign1 are consistent. If the consistency indicates that the data (SRC) has not been tampered with.

First, the algorithm needs

How to understand the "signature verification" simply?

First, we need to find a function f (x) to get sign through Src,key, as follows:

Sign = f (src,key);

This function f (x) satisfies a few conditions

1, easy to calculate, there is a lot of content need to sign, speed is very important

2, compressibility, no matter how much the SRC calculated sign needs to maintain a fixed length. Easy to compare and not consume a lot of memory space

3, anti-modification, the original data to make any changes, even if only 1 bytes, the resulting sign value has a very big difference

4, strong anti-collision (irreversible), know sign, want to solve the SRC and key is impossible or very difficult. The reversible function of the function f (x) is not found

Ii. Specific practices

F (x) selects the MD5 algorithm, MD5 full name Message-digest algorithm 5 (Information-Digest algorithm) is an irreversible encryption algorithm.

1, parameter processing, will need to verify the signature parameters and corresponding values are processed into string src according to certain rules

2, make signsrc = Src+key

3, sign = Md5encrypt.getmessagedigest (SIGNSRC);

The client calculates the sign according to this method, the service side then calculates the sign1 by the same method, compares whether the two are identical, can complete the verification.

The public key of the asymmetric encryption algorithm and how to generate the private key is how to decrypt the contents of the public key?

See: Principles of RSA algorithm

Cryptographic algorithms: Symmetric and Asymmetric encryption