WSE3.0 Building Web Services Security (2)

WSE3.0 Building Web Services Security (2) Asymmetric encryption, public key, key, certificate, signature differences and contacts, and X.509 certificate acquisition and management

Previous article WSE3.0 Building Web Services Security (1): WSE3.0 security mechanism and instance development, write a post to feel still need to add this cryptography related concept of article, because many concepts are easy to confuse, in understanding WSE3.0 Build Web Service security of time encounter trouble. In order to better learn WSE3.0 programming development, I specially sorted out the encryption, public key, certificate, signature of the knowledge point, to explain these concepts of the difference and contact, and finally will detail the X.509 certificate information, and how to obtain X.509 certificate and management X.509 certificate. The full text structure is as follows 1. Asymmetric encryption algorithm 2. Public and private keys, 3. Certificates and signatures, acquisition and management of 4.x.509 certificates. 5 Summary

In the previous section as well as the cryptographic algorithms provided for the. NET class library, let's take a look at the asymmetric encryption algorithm in more detail.

"1" Asymmetric Encryption algorithm:

Asymmetric encryption algorithm is also known as public key cryptography, according to the Kerckhoff Principle of cryptography: "All algorithms are public, only the key is confidential." That is, the designer of the security system cannot expect to use some secret unknown algorithm to keep secret, but should use a publicly validated algorithm--as long as the key is secure, the algorithm that the attacker of the known algorithm cannot actually crack the secret text is a good algorithm.

RSA algorithm is the most popular public key cryptography algorithm, it uses the length can change the key. RSA is the first algorithm that can be used both for data encryption and for digital signatures. The principle of the RSA algorithm is as follows:

1. Randomly selects two big prime numbers p and q,p not equal to Q, calculates N=PQ;

2. Select a natural number greater than 1 less than n e,e must be with (p-1) x (q-1) the mutual element.

3. D:dxe = 1 (mod (p-1) x (q-1)) is calculated with the formula.

4. Destroy P and Q.

The resulting N and E is the "public key", D is the "private key", the sender uses N to encrypt the data, and the receiver only uses D to unlock the data content.

RSA security relies on a large number of decomposition, n, which is less than 1024 bits, has been proven unsafe, and since the RSA algorithm is based on a large number of computations, making RSA the fastest and several times better than DES, which is the biggest drawback of RSA, it is often used only to encrypt small amounts of data or encryption keys. It should be noted that the security of the RSA algorithm is only a computational security, not unconditional security, which is determined by its theoretical basis. Therefore, in the process of implementing the RSA algorithm, every step should be considered as far as possible from the security aspect.

The basic process of realizing secret information exchange of Asymmetric encryption algorithm is: Party A generates a pair of keys and exposes one of them as public key to other parties; the party B who obtains the public key will use the key to encrypt the confidential information and send it to party A, and party A will then decrypt the encrypted information with another private key that he has saved. Party A can only use its private key to decrypt any information that is encrypted by its public key. The secrecy of asymmetric encryption algorithm is better, it eliminates the need of end user exchanging key.

"2" Public and private keys:

The symmetric encryption algorithm requires two keys: Public key (PublicKey) and private key (Privatekey). Public key is a pair of private key, if the data is encrypted with public key, only the corresponding private key can be decrypted, if the data is encrypted with private key, then only the corresponding public key can be decrypted. Because encryption and decryption use two different keys, this algorithm is called an asymmetric encryption algorithm.

Public Key cryptography: Public Key cryptography uses a private key that must be kept secret from unauthorized users and a public key that can be exposed to anyone. Both the public and private keys are mathematically correlated; data encrypted with the public key can only be decrypted with the private key, while data signed with the private key can only be authenticated with the public key. NET through abstract base class (System.Security.Crytography.AsymmetricAlgorithm) Provides the following asymmetric (public/private key) encryption algorithms:

•	DSACryptoServiceProvider
•	RSACryptoServiceProvider

So public and private keys appear in pairs in asymmetric encryption algorithms, and public keys are exposed to encrypt data, and anyone can use the public key to encrypt the data they pass on. The private key owner decrypts the data through his or her private key, and the private key is generally only known to the owner, so other people intercepting the data cannot decipher the contents of the information.