Message encryption and signing

Turn from

Http://www.cnblogs.com/bitzhuwei/archive/2012/10/26/An_Introduction_to_Cryptography_and_Digital_Signatures.html

This paper explains how to encrypt, decrypt and digitally sign the message through the public key, so as to guarantee the safe sending and receiving of the message.

First:

It's best to figure out what we're going to do before we do things. This article is about how to ensure the security of the message (or message, check, whatever you call it) in the network transmission. Specifically, it is to ensure that the message can only be read by the specified recipient (recipient), and can only be sent by the specified sender (sender). This makes it possible to secure information from the sender to the receiver (recipient).

Let's start with question 1, "guarantee that the message can only be read by the specified recipient."

On the macro level, it can only be read by the designated recipient, which means that the recipient has something that no one else has. The unique thing about this recipient is his private key. The private key is a string, and only recipient knows what the string is, and its corresponding public key, which is known to everyone (the sender and the person who wants to get the message content). Recipient himself made the private key to keep it, and make a public key to publish it online. The public key can encrypt the message, but it cannot be decrypted; The private key can decrypt the message, but it cannot be encrypted (this is called Asymmetric Encryption asymmetric encryption). The sender (sender) encrypts the message with the public key and sends it to the recipient (recipient). The recipient receives the encrypted message, the direct look is a bunch of garbled characters, then he decrypted with the private key, read the original message content.

Now, there is a bad person want to read the message content, even if he is black to send from the Internet mail, is also encrypted, no private key he can not decrypt, also can not read the original message. (Here we want to believe the cryptographic decryption algorithm, which is the basis.) Otherwise, nothing safe can be achieved.)

Here, the diagram should look like this:

If I were the villain, I thought if I could not read the original, I would not let the real recipient (recipient) Read, I changed the encrypted mail (everyone can get the public key), or re-write an e-mail, encrypt it, impersonating the sender (sender) sent to you, so you also suffer a bit of sin.

So we need to be able to confirm the sender (sender), or we can only send the message by that sender, if someone else has modified the message in the middle, we will be able to identify it. This is question 2.

Again from the macroscopic point of view, here is the request Sender (sender) There is something others do not have. This is the sender's private key (private key)! Yes, the idea is the same as above!

Sender (Sender) calculates a hash value (which can be considered a string, which is a common method) for the incoming message, encrypts the hash value with its own private key, and then uses the message with the encrypted hash value with the recipient's public key Key) is encrypted and sent to the recipient (recipient) over the Internet. The recipient (recipient) receives the encrypted message, decrypts it with its private key (private key), gets the original message and the encrypted hash value, decrypts the hash with the sender's public key, gets the original hash value, and finally hashes the message from the source. The result is the same as the decrypted value of the previously received hash, which indicates that the message was not changed by the bad guy.

In this process, the sender's private key is used for encryption, the public key is used for decryption, and the previous recipient's public key, private key usage is exactly the opposite, but both uses are non-symmetric encryption decryption.

Here, the diagram should look like this:

If a bad egg modifies content sending, the recipient (recipient) Decrypts a hash value that is definitely different from the hash value that it calculates. (The probability of the two is much smaller than the 5 million.)

At this point our encryption and decryption work is done. However, there is a change in the actual application: Asymmetric encryption (asymmetric encryption) is a relatively slow calculation method, if the message content is many, it is not very useful. Therefore, in order to speed up, it combines the symmetric encryption (symmetric encryption) method. The symmetric key means that the key can be used for both encryption and decryption. This is the same as the key of the security door, you can either lock the door or open it. I call the home security door-type encryption and decryption method.

Now we introduce a symmetric key that enables the encryption and decryption of messages to be transmitted over an unsecured internet. The symmetric key must be available to both the sender and the receiver, and for security purposes, only the recipient and sender must know the symmetric key. Then you have to use a one-time key for each email and encrypt the key (don't faint). So the public key of the recipient (recipient) that was previously used to encrypt the message content is then encrypted with the symmetric key instead. Because the key is a very short string, so the calculation of the slow point is not in the way, because there are less things to calculate.

It is now the case that is shown.

This is the first illustration of this article to deduce the process.

Message encryption and signing