Public key encryption algorithm what the hell?

This article refers to the following information (recommended reading):

a). Public Key Cryptography

b). Diffie-hellman Key Exchange

c). Public Key Certificate

Public key encryption algorithm, also known as asymmetric encryption algorithm, around this algorithm extends a lot of things, such as: Public and private key pair, key exchange, authentication, certificate, Signature ...

1. Key pair

Let's start with the key pair, which is at the heart of all the other development technologies.

A public-private key pair is actually an extension of a mathematical element that produces the following process (the way it originated):

Figure 1

Where A is Alice's private key, and A is Alice's public key. B is Bob's private key, and B is Bob's public key.

Well... Because I do engineering, can not lead the reader to delve into its mathematical theory, interested in Google, we return to this mathematical theory and key pairs of the link.

The interesting place is that a encrypted content only a can decrypt, whereas a encrypted content only a can decrypt. A encrypted content a itself cannot be decrypted, and a encrypted content a itself cannot be decrypted.

2. Key exchange

Strictly speaking, public key exchange. (In public-key cryptography, the private key is always held only by the owner, and the public key can be distributed or exchanged)

Assuming that Alice and Bob are now using public-key cryptography to communicate, they can do this:

1). Alice will give the public key to Bob

2). Bob returns the public key to Alice

3). Alice uses Bob's public key to encrypt a string of messages to Bob

4). Bob receives encrypted information and decrypts it with his private key

5). Bob uses Alice's public key to encrypt a string of messages back to Alice

6). Alice receives encrypted information and decrypts it with her private key

And then keep communicating like this.

where 1), 2) process we call the key exchange

3. Authentication

We clearly know a fact, 2. In the key exchange, Alice and Bob do not always communicate on the leased line, and in the process of exchanging the key, there is a good chance that the villain will appear, so let's look at a picture.

Figure 2

A is Alice,b is Bob,pri_a is Alice's private key, Pri_b is Bob's private key, Pub_a is Alice's public key, Pub_b is Bob's public key.

M is bad, Pub_m is M's public key.

The dashed part is the process of key exchange, and the solid line part is the process of passing the message.

You can see that during the key exchange, M can impersonate Bob to Alice, give Pub_m to Alice, impersonate Alice to Bob, give Pub_m to Bob, and then tamper with Alice's fuck message after it has been intercepted and sent to Bob.

This attack is called a man-in-the-middle attack, which is generally bad.

In order to prevent this kind of man-in-the-middle attack we need to introduce a certificate that can be used to identify the identity of a communication party, which can be used for authentication.

4. Certificates

Let's take a look at what the certificate is: A certificate is used to identify the identity of the owner of a public key.

In 3. Authentication, if Alice and Bob have certificates, they can exchange certificates, not just public keys, so that the bad guys can't tamper with the message.

Let's take a look at this process:

1). When Alice will cert_a to Bob, by the Bad man M. Intercept, but M helpless, he can't tamper with this certificate, he can only leave Cert_a to Bob

2). Then Bob sent Cert_b to Alice and was intercepted by M., but M was unable to tamper with the certificate, and he could only transfer cert_b to Alice.

3). Alice received Cert_b, after some analysis, to determine this really Bob's certificate, and then readily accepted. After that, use Cert_b to encrypt the message and send it to Bob.

4). The bad guy M. intercepted the message Alice had encrypted with Cert_b, but he couldn't solve the cipher, so he had to transfer the cipher to Bob.

5). Similarly, Bob returns to Alice, and the bad guy M can't tamper with it.

5. Signature

In 4. The certificate we can find a problem, if the bad guy M accidentally got Bob or Alice's certificate, then he can impersonate a party. So how do we deal with this situation? (There is no feeling a ring set One ring)

Smart and witty man. The signature is used for public-key cryptographic communication, and we look at the concept of signature: Encrypt a piece of information using the private key, which is the signature. Well.. Yes, you're right, the signature is the secret key cipher.

Why is this cipher called a signature? This cipher can only be encrypted by the private key owner because it unlocks the ciphertext's public key. The name of the study is to do not deny sex.

So Alice or Bob is sending out a message, making a digest algorithm such as MD5/SHA1 the message, and then encrypting the Digest with the private key to form the signature of the message, and finally the message and the signature are sent together. Receiver

After the signature is decrypted, the message is summarized and the message is not tampered with, and the exact sender of the message is known.

In fact, in the public Key cryptography communication system, very few times full use of asymmetric encryption and decryption, more often the use of public key cryptography communication system to negotiate a session key after the symmetric encryption and decryption communication (SSL/TLS roughly so), this is another big topic, you audience friends, next time goodbye.

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Public key encryption algorithm what the hell?