SUN Solaris Cryptographic Framework cipher System

Claiming to be a Solaris system administrator, you should understand the Solaris Cryptography system:

The Solaris OS cryptographic Framework (SCF) cryptographic system provides users with application and kernel-module encryption services in a seamless and transparent manner, with little detection and interference from user applications, including commands, user program interfaces, kernel programming interfaces, and its optimized encryption algorithm program, including:

The Aes-advanced Encryption Standard Advanced Encryption Standard, the United States federal government standard, is a designated standard cryptography system that will be used in the future by government and banking users because it is fast and very suitable for modern requirements (such as smart cards), And the size of the key that can be used is wide.

Arc4-the Public implementation of RC4

Blowfish-bruce Schneier was published in 1995 with a maximum 448-bit variable long key.

Des-data encryption Standard, formally adopted by the United States Government in 1977, is the most widely used cryptographic algorithm in the world. In addition to government, banking is the largest user of encryption, the main problem is that its key length is very short, the key is actually 64 bits, but the key has 8 bit parity bit, the DES key is actually only 56 bits at work, completely unsuitable for today's situation, it has been replaced by the AES Advanced Encryption Standard algorithm.

3DES-Triple DES, which performs three DES with 2 keys in a particular order, or three individual keys.

Dh-diffie-hellman key protocol, an idea proposed by the founder of the public Key cryptography, Diffie and Hellman, allows two of users to exchange information on public media to generate "consistent", shareable keys

Dsa-digital Signature algorithm is a United States the government for standard Digital, the so-called digital signature is the sender of information with its private key pair The feature data extracted from the message (or digital fingerprint) is used to operate the RSA algorithm to ensure that the sender cannot deny having sent the information (that is, non-repudiation), and also ensure that the message message is tampered with (i.e. integrity) at the end of the signature. When the receiver receives the message, it can verify the digital signature with the sender's public key.

Hmac-keyed-hash Message authentication Code,mac has several ways of working. The first approach is to place the secret key at the end of the data before calculating the digest. Without a secret key, you cannot confirm that the data has not been altered. Another way to calculate the complexity is to compute the hash as usual, and then use the symmetric algorithm (such as DES) to encrypt the hash. To authenticate a hash, you must first decrypt it. HMAC is a type's MAC calculated using a cryptographic hash function in combination with a secret key.

Mac-message Authentication code message authentication codes, using a key to generate a fixed-size small block of data, and added to the message. The key can be used to authenticate suspicious data and ensure that the encrypted bit stream is not maliciously modified in transit.

Md5-message-digest algorithm the information-Digest algorithm developed by MIT for digital signatures, makes a hash transformation of the message, transforms any length of messages into a 128-bit large integer, And it is an irreversible string transform algorithm, the typical application of MD5 is to generate a digital fingerprint of a message to prevent tampering, that is, digital signature applications. August 17, 2004, the United States International Cryptography Conference, Shandong University professor Wangxiaoyun successfully cracked MD5 algorithm report, found that can quickly find MD5 collision, that is, two files can produce the same fingerprint.

Pkcs-public-key Cryptography Standards is a set of public-key cryptography standards developed by the U.S. RSA Data security Company and its partners, including certificate requests, certificate updates, certificate invalidation form publishing, extended certificate content, and digital signatures, A series of related protocols in the format of digital envelopes. A PKCS has been published Pkcs#1 to pkcs#15.

PKCS#5-Password based encryption Standard is a method of encrypting a string using a security key derived from a password. Use MD5 to derive the key from the password and to encrypt it using the DES-CBC mode. It is primarily used to encrypt private keys that are transferred from one computer to another, and cannot be used to encrypt messages.

PKCS#11-Defines a technology-independent programming interface for cryptographic devices such as smart cards and PCMCIA cards.

rsa-, 3 Researchers at MIT, is the most famous public-key algorithm and the first algorithm to be used for both encryption and digital signatures, with export restrictions. The general idea behind RSA it is easy to multiply two large primes, but it is extremely difficult to decompose their products, so you can expose the product as an encryption key. In 1999, the factorization of a specific RSA 512-digit (called RSA-155) was completed in 7 months. Because of the large number of calculations, RSA is slower than des in the fastest possible situation.

Rc4–rsa's algorithm is applied to e-mail systems such as Lotus Notes.

The Sha-1-Secure Hashing Algorithm (SHA), developed by the National Institute of Standards and Technology (Institute of Standards and Technology), was released in 1994 as a revised version of the original algorithm, called SHA-1. Compared to MD5, SHA-1 generates a 160-bit message digest, which is considered more secure even though it is slower to execute. The maximum length of plaintext messages can be up to 264 bits.