Web security technology (1)-understanding of encryption mechanisms

Web security technology (1)-understanding of encryption mechanisms
Data encryption algorithms include symmetric encryption, asymmetric encryption, and information summarization.
Symmetric encryption uses a single key to encrypt and decrypt data. There are DES, AES, RC-5 and other algorithms.
Asymmetric encryption uses a pair of keys (public and private keys) to encrypt and decrypt data. Algorithms such as RSA and ECC are available. Asymmetric encryption is more than 100 times slower than symmetric encryption.
The common usage is as follows:
Use the public key to encrypt data and use the private key to decrypt data. Use the private key to sign data and the public key to verify the signature.

If the information digest is an encryption algorithm, the encryption process does not require a key and the encrypted data cannot be decrypted, it is calculated based on the plaintext of an indefinite length to obtain a fixed length of data. Algorithms such as MD5 and SHA1 are available.

Key Specification

There are too many specifications, which are messy on the Internet. Please refer to the frequently used ones as per my understanding.

Key format: X.509: common certificate format, including public key information, user identity, and issue information. PKCS system standards: a set of public key cryptography standards developed by RSA Data Security companies and their partners. PKCS #8 describes the private key information format, including the private key and optional attribute sets. Key storage: DER: binary encoding. PEM: ASCII code. Encryption Mode

A block password can only encrypt a single block of data with the same length as the block length. to encrypt the extended data, you must split the data in advance, in addition, the last data block needs to be appropriately filled to extend to the length of the password block. The encryption mode is the block password working mode. It uses the same key to encrypt more than one data block.

The encryption mode is usually used for symmetric encryption or asymmetric encryption. However, asymmetric encryption is generally not suitable for encrypting long information, so it is replaced by hybrid encryption.

Ps: using RSA and DES as an example, mixed encryption usually uses DES to encrypt the plaintext first, then uses the RSA public key to encrypt the DES key, and then transmits the two ciphertext together. The receiver uses the RSA private key to decrypt the DES key information, and then uses the DES key to decrypt the specific content.

The simplest encryption mode is ECB (an electronic cipher book ). Other types include CBC, PCBC, and CFB.

ECB and CBC need to fill in the last part. There are many filling methods. The simplest is to fill in empty characters at the end of the plain text so that the plain text length is an integer multiple of the length of the Cipher Block.