Asymmetric algorithms, hash, and certificates

Reprinted please indicate the source

Http://blog.csdn.net/pony_maggie/article/details/35389657

Author: Pony

These concepts have been widely used in the Financial electronic payment field. I suddenly feel that it may be better understood to introduce them together. I hope to understand the relationship between them in the simplest and simplest way.

 

An asymmetric algorithm

For asymmetric algorithms, you only need to know the following. The key is a pair. One is called a public key and the other is called a private key. The former is made public and the latter is kept confidential. Suppose you have a pair of public and private keys that give you a string of data. You can use the private key to encrypt them, and then put both the passwords and public keys out. Others can use this public key to decrypt them. In turn, others can also use this public key to encrypt a string of data, and you can use the corresponding private key for decryption. It can be used to indicate:

 

Binary hash

Hash is also called hash. People who have learned data structures are familiar with this concept. Simply put, a string of Data A can be very long. You can use an algorithm to convert them into a very short fixed length (no matter how long the source string is) b. This process is called hash, and data B is called the hash value (or the digest value) of data ).

 

Further in-depth. In most cases, a and B correspond one to one (this is what we hope). That is to say, if I have another A1, its hash values B1 and B will not be equal. But the ideal is full, and the reality is objectionable. B1 may be equal to B. This phenomenon is known as "Collision". Increasing the number of digits of hash values is a method to prevent collision. Because the longer the number of digits, the smaller the probability of identical digits. Currently, it is considered that hash values with more than 128 bits can effectively prevent collision. When we talk about signatures later, we assume there is no collision.

 

Finally, we can add that hash is irreversible, that is, you cannot restore A from B to A, even if the hash algorithm is public.

 

 

Three-digit Signature

In our life, we use signatures to represent our own identities. For example, if the leaders sign a document and you see the signature, they confirm that the signature is signed by the leaders and represents himself. The signature only occupies a small amount of information (generally two or three words, the Japanese may be longer), but it can represent your entire person's information. This idea is indeed of great significance, we use it in the electronic signature process, that is, digital signature.

 

The digital signature process is like this. For example, James has a string of data a to be sent to Xiaohong, and James first generates a digest B of A with hash, then, encrypt B with a private key and attach it to the back of a to send it to Xiaohong. Xiaohong has a Public Key (because it is public). She uses this public key to decrypt the data after a to get B, then, calculate a B1 hash by yourself. If B1 is equal to B, it indicates that the data is sent by James, because only James has a private key, next, it can be noted that a has not been modified during transmission, because if it has been modified, the hash value is definitely not equal. The above process can be described as follows:

 

 

 

There may be problems. Does data a seem to be unencrypted ?, This is indeed the case, because this is not the concern of Xiaohong. Xiaohong only cares about whether the data is transparent and the data content is not that important. In fact, it is not hard to understand. Just like you go to the supermarket to swipe your card for shopping, you need to sign the ticket as a credential for reconciliation. People only care about whether the signature is yours or not, and they are not so concerned about the content of the ticket.

 

Four certificates

 

Think about the signature verification process above. It seems to be seamless. But there is actually a problem. Where does Xiaohong's public key come from? Some people say that this is not public. You can do anything you like. You can ask someone else for it, or you can find it online. In fact, the premise of the signature verification is that Xiaohong already assumes that the public key in her hand is one-to-one with James's private key. If Mr. Smith generates an illegal public/private key pair, and then sends it to Mr. Smith and tells her that this is James's, the problem will arise. Therefore, Xiaohong needs a clear way to confirm that her public key is valid.

For example, if a person stands in front of you and you cannot judge whether he is a good person or a bad person, but if the court tells you that this person is a murderer, you will definitely choose to believe it because the court is an authoritative institution. Similarly, "public sensitive information" such as the Public Key also needs to be identified by an authority. This organization is Ca (Certification Authority ). In this way, as long as the Public Key is obtained from the CA, it can be regarded as legal.

 

CA generally does not directly issue a public key. It usually organizes the public key information and some additional information (such as the date and validity period of the Public Key) together for delivery in a certain format, the data in this Organization is called a certificate. The role of a certificate is that it has a certain format. This format is still a standard and is used all over the world. This makes it easy to spread. Currently, the widely used certificate is the famous X.509 Certificate.