Security Basics-Analysis of encryption and decryption, signatures, and certificates

Security Basics-Analysis of encryption and decryption, signatures, and certificates

Although I am not doing information security, I am surrounded by various information security things. You can copy the public key to github to implement password-free fetch and push code. The hadoop Node also implements password-free login through the public key. However, I still don't know why. Today I can't help but figure out why. They are symmetric encryption, asymmetric encryption, digital signature, and certificate.
1. symmetric encryption
Encryption is a well-understood concept. It is to protect an information so that others cannot know its true face. The key is used to encrypt information. Like a key, a key is used to lock a door. A key is used to lock digital information. Like a key, a key can be used to open a door and decrypt digital information. Symmetric encryption is used when the encrypted digital information is the same as the key used to decrypt the digital information, for example:

In the figure, the encryption method is the lock, the key is the key, and the encryption method and the key are treated as a function together.
Symmetric encryption has a big problem. When we encrypt one thing with a key and another person wants to decrypt this thing, we must use the encryption key, that is, if you want to transmit encrypted information to others, and you also need to transfer the key over the network, it is very dangerous. Therefore, asymmetric encryption is available.
Ii. asymmetric encryption
Asymmetric encryption is a different encryption method for encrypting and decrypting digital information. Each user who uses asymmetric encryption generates a key, called the public key and private key respectively. The private key can be decrypted, and the public key that is locked by the private key can also be decrypted. We use PA to represent Alice's public key, and SA to represent Alice's private key, so there is the following equation:
M = SA (PA (M ))
M = PA (SA (M ))
M indicates the encrypted information. The Public Key is made public and only known to you. When we need to transmit private information to someone, we will take the public key of the person and encrypt the information. Only the private key of the person can be unencrypted, the private key of the person is owned by only one person, and the fixed information is absolutely safe. For example, Bob wants to send a secret message to Alice, as shown in:

Even if the hacker obtains the encrypted C, he cannot obtain the original information because he cannot know Alice's key.
However, the problem arises again. How can Alice determine that the person who sent the message to her is Bob, not someone else? This is what digital signatures do, and can also be implemented through asymmetric encryption.
Iii. Digital Signature
PB represents Bob's public key, and SB represents Bob's private key. Bob can encrypt the information M sent to Alice with his own private key to obtain the encrypted information C, and then encrypt (M, C) with Alice's public key PA, get MC /. After Alice obtains MC/, she first decrypts MC/with her own private key to obtain (M, C), and then decrypts C with Bob's public key PB, check whether the decryption result is equal to M. If the decryption result is equal, the message is indeed Bob. Otherwise, the message is not. Because only Bob can obtain C According to M, this can be counted as Bob's signature.
But now the question comes again. How can Alice determine that PB is Bob's public key? If PB is not Bob's public key, but forged by others, then the signature verification process will be meaningless. The digital certificate allows Alice to determine that PB is indeed Bob's public key.
Iv. Certificate
A digital certificate is provided by an authority and its public key is well known. Whose Public Key is stored in the certificate and is encrypted by the private key of the Authority. Bob can transmit a certificate containing her own public key to Alice. Alice obtains the contents of the certificate through the public key of the authority, so that she can determine whether PB is Bob's public key.
Now the problem has to be solved again. Asymmetric encryption (a 512-bit key) is usually time-consuming, while symmetric encryption (for example, the key of the AES algorithm is only 128-bit, 192-bit, or 256-bit) is faster, in addition, the hash value of the number information is calculated quickly. The difference between symmetric encryption and hash calculation is that it is reversible and irreversible, therefore, they are both used together with asymmetric encryption to increase the efficiency of encryption and digital signature calculation.
5. Improve encryption and signature efficiency
The combination of symmetric encryption and asymmetric encryption improves encryption efficiency. Specifically, the information is encrypted using symmetric encryption, and then the symmetric encryption key is encrypted using asymmetric encryption. The symmetric encryption information is very fast, and the asymmetric encryption is very short. Therefore, the encryption efficiency is improved.
The combination of asymmetric encryption and hash functions improves the efficiency of Digital Signature calculation. Specifically, the hash function is used to calculate the hash value of the numeric information M. For example, the MD5 value is only 128 bits, and then the hash value is encrypted to C. Alice decrypts C using Bob's public key PB, and uses the same hash function to calculate the hash value to check whether the two results are the same, so as to verify whether the file is transmitted by Bob.