When it comes to data encryption, these words are often involved:Algorithm, Original, secret, and key. Generally, the sender uses an encryption algorithm to encrypt the original text and then sends it to the receiver. Then, the receiver decrypts the ciphertext with the key to obtain the original text. Since common encryption algorithms are public, the key to the original text encryption is the key. Encryption and decryption all use the same key algorithm, which is called symmetric encryption. symmetric encryption represents the des family. So what are the defects of this symmetric encryption? Since encryption and decryption use the same key, this key must be stored in at least two places. If encrypted data is sent to multiple users, more people will know the key, this greatly increases the risk of key leakage. If the key needs to be transmitted to the receiver by the sender, how to ensure the security of key transmission becomes another headache. To solve this problem, asymmetric encryption is introduced in comparison with symmetric encryption.
What is asymmetric encryption? Asymmetric encryption refers to a type of encryption algorithm that uses different keys for encryption and decryption. This type of encryption algorithm usually has two keys, A and B. The ciphertext obtained from key a's encrypted data can only be decrypted by key B (even key a cannot be decrypted). On the contrary, only key a can decrypt the ciphertext obtained by encrypting data with key B. These two keys are called private keys and public keys respectively. As the name suggests, private keys are private keys that you reserve and cannot be disclosed, while public keys are published to the other side of encryption and decryption operations. For different purposes, the keys used for data encryption are also different (sometimes public key encryption and Private Key decryption; sometimes private key encryption and Public Key decryption ). Asymmetric encryption indicates the RSA algorithm.
So what are the purposes of asymmetric encryption?
The first purpose is data encryption.
Imagine which key is used for data encryption if I don't want anyone except the recipient to know the content of the data I sent? If I use private key encryption, the receiver needs to use the public key for decryption Based on the asymmetric encryption principle, and the public key has been published to the receiver. This solution seems feasible, however, this problem occurs on the public key. In asymmetric encryption, Public Key Disclosure not only refers to the disclosure of the receiver, but also to the thorough disclosure of the key, which can be obtained by anyone who needs it, in this way, there will be no secret to the data you send. In turn, if I use the public key to encrypt data, the receiver needs to use the private key for data decryption. Because the private key is only stored in the receiver, in this way, other people will not get the data content. In this case, in asymmetric encryption, if you need to protect your data from being obtained by a third party, the key must be generated by the receiver, and then the receiver discloses the public key, the sender uses the public key to encrypt the data and transmit it to the receiver. The receiver uses its own private key for decryption, thus ensuring data security. Therefore, asymmetric encryption is also called public key encryption.
The execution efficiency of asymmetric encryption is much lower than that of symmetric encryption, so we do not use asymmetric encryption algorithms for a large file or data. How can we encrypt a large file? In general, we can select a symmetric encryption algorithm to encrypt the file, and then use an asymmetric algorithm to encrypt the key of the symmetric algorithm, so as to ensure the security of the symmetric algorithm key transfer.
Another purpose of asymmetric encryption is to sign digital signatures.
What is a digital signature? The digital signature is the same as our signature on the contract. The receiver can use it to prove that the received data or file was sent by you. For example, if the sender needs to send a string of data d to the receiver, how does the receiver determine that data D is sent by the sender?
Step 1: The sender generates a pair of keys and discloses the public key to the receiver;
Step 2: The sender encrypts data D with the private key to obtain the ciphertext m, and then sends the data d and the ciphertext M together to the receiver;
Step 3: The receiver obtains the data d and ciphertext m, and then uses the public key to decrypt the ciphertext m to obtain the data d;
Step 4: Compare D and D. If D is equal, it indicates that D is sent by the sender.
In practice, we do not directly use the private key to encrypt the data or files to be sent. This is because the asymmetric encryption algorithm is very time-consuming and the ciphertext length must be greater than the plaintext length, the overhead of the direct encryption system is very high. So how can we solve this problem?
First, we need to understand another concept: Message Digest. The so-called message digest is the only fixed-length value corresponding to a file or data calculated by a one-way algorithm. It is also called a digital digest. According to different algorithms, the message digest length is generally 128 bits or 160 bits. Common message digest algorithms include MD5 and sha1. The message digest of a file is the same as the fingerprint of a person. It can uniquely represent this file. If this file is modified, its message digest will change. Therefore, we can sign the message digest of a file instead of itself. In addition, we can verify the message digest to determine whether the sent data is complete or has been modified. In this way, the above example can be roughly changed to the following:
Step 1: The sender generates a pair of keys and discloses the public key to the receiver;
Step 2: The sender abstracts the data d and obtains Q;
Step 3: encrypt Q with the private key to obtain the ciphertext MQ, and then send the data d and the ciphertext MQ together to the receiver;
Step 4: The receiver obtains data d and ciphertext MQ, and uses the public key to decrypt the ciphertext MQ to obtain Q1;
Step 5: the receiver uses the same algorithm to digest the data d and obtain Q2;
Step 6: Compare Q1 and Q2. If yes, it means that D is sent by the sender and has not been modified.
Now, we have introduced a lot about the use of asymmetric encryption. Next we will look at how to use C # To implement RSA asymmetric encryption.
The objects involved in encryption operations in. NET are all under the namespace system. Security. cryptography.ProgramAdd using system. Security. cryptography. The RSA encryption algorithm is implemented by the rsacryptoserviceprovider object. The followingCodeData encryption and decryption and signature and verification are implemented respectively.
1: StringPublickey, privatekey;
2:Rsacryptoserviceprovider rsaprovider;
3: VoidInitial ()
4:{
5:// Declare an RSA algorithm instance. The length of the key is 1024 bits specified by the rsacryptoserviceprovider Type constructor.
6:// After rsacryptoserviceprovider is instantiated, rsacryptoserviceprovider automatically generates key information.
7:Rsaprovider =NewRsacryptoserviceprovider (1024 );
8:// Export the public key of the RSA algorithm to the publickey string. If the parameter is set to false, the private key is not exported.
9:Publickey = rsaprovider. toxmlstring (False);
10:// Export the private key of the RSA algorithm to the privatekey string. If the parameter is set to true, the private key is exported.
11:Privatekey = rsaprovider. toxmlstring (True);
12:
13:
14: Byte[] Encryptdata (Byte[] Data)
15:{
16:Rsacryptoserviceprovider RSA =NewRsacryptoserviceprovider (1024 );
17:// Import the public key to the RSA object and prepare encryption;
18:RSA. fromxmlstring (publickey );
19:// Encrypt data and return the encrypted result;
20:// The second parameter is used to select the padding format.
21:ReturnRSA. Encrypt (data,False);
22:}
23:
24: Byte[] Decryptdata (Byte[] Data)
25:{
26:Rsacryptoserviceprovider RSA =NewRsacryptoserviceprovider (1024 );
27:// Import the private key to RSA for decryption;
28:RSA. fromxmlstring (privatekey );
29:// Decrypt the data and return the decryption result;
30:ReturnRSA. decrypt (data,False);
31:}
32:
33: Byte[] Sign (Byte[] Data)
34:{
35:Rsacryptoserviceprovider RSA =NewRsacryptoserviceprovider (1024 );
36:// Import the private key and prepare the signature
37:RSA. fromxmlstring (privatekey );
38:// Use MD5 to digest the message, sign the digest, and return the signature data.
39:ReturnRSA. signdata (data,"MD5");
40:}
41:
42: BoolVerify (Byte[] Data,Byte[] Signature)
43:{
44:Rsacryptoserviceprovider RSA =NewRsacryptoserviceprovider (1024 );
45:// Import the public key to verify the signature
46:RSA. fromxmlstring (publickey );
47:// Return the data verification result
48:ReturnRSA. verifydata (data,"MD5", Signature );
49: }