This paper briefly discusses the most commonly used in the security of the two non-symmetric encryption of the DH algorithm and RSA algorithm, the text is not involved in some mathematical principles, this online has been a lot of articles described, and then repeated there is not much meaning (this kind of article as long as focus on two points, * * One is the key generation method, The second is the data encryption and decryption formula * *), this article is only to help the general user can clearly distinguish between the two algorithms of similarities and differences and applications, it will not be too long. For the DH and RSA algorithm, the most common point is that their theoretical basis is "Elementary number theory", since it is elementary then it means that if you need to understand its principles, we have to have a high school mathematics basis can be, or even junior high school mathematics, and will not apply to college mathematics related content, you do not have to pay attention to what limits, differential, integral, and so on, except that the RSA algorithm is based on the so-called "Euler theorem" (Fermat theorem is its special case), and DH is not very obvious involved, but there are two of the content may need to prove that this article does not involve, are related to the same remainder of the problem (elementary number of problems are associated with the congruence, Perhaps the most famous is the "grandson's theorem", or the "Chinese remainder theorem", which is described in any general book on number theory. So where are the different points? The most notable difference is that DH is used for dynamic exchange of keys, it will actually generate a key pair on the server and client, that is, two pairs of keys, and note that it is dynamic, and RSA contains only a set of key pairs, and is static, that is, once the private key is generated will not change, unless the display is replaced, The most obvious is to replace the private key file (because the key is too long, it is typically generated and placed in the file). With simple analysis, we can see why shared keys generated using the DH algorithm are not available because they are in the memory of the server and the client (for shared keys, both sides of the communication can self-compute, without swapping, because the client and server pass the computed key is the same, As long as they exchange their own public key, so there is no other than brute force, and because of the problem of large prime numbers, as well as the randomness of the key generation (random private key size of 1 to this large prime number minus one, so it is definitely coprime), so in the current conditions can not guarantee crack. In addition, because the RSA operation consumes the computational resources too much, it is only used for signing (that is, only a small amount of data can be verified, such as a digest of the contents of a digital certificate), is not used for real data content encryption, and the DH algorithm is only the Exchange key, the generated key is used for data encryption and decryption, The symmetric algorithm used to decrypt true data is generally AES (SSL, HTTPS usually uses this algorithm rather than the previous 3DES); So in OpenSSL there are so-called cryptographic algorithm suites, they are used for different purposes, And in OpenSSL there's a whole set of calculations for big number, notUsers generally do not call it directly.
Simple comparison of DH and RSA algorithms