1. Asymmetric Encryption Process:If there is a and B communication in the real world, in order to realize the confidentiality, completeness, availability of information in the non-Secure communication channel (three nature of information security), A and B conventions use asymmetric encrypted channels for communication, the process is as follows:Description:domestic currently using dual certificate system, that is, the user has both a signing certificate, encryption certificate two certificates. The signing certificate is the authentication of the user, the result of negotiation with the CA, which can be used to authenticate user A, the encryption certificate is used to encrypt the information, and is generated by the user and the secret Key management system. Here we assume that all are appropriate for the CA to interact. ①: This process is the process of generating the public key private key, we are here based on the RSA algorithm implementation, the detailed explanation of the RSA algorithm is explained later. ②: This process is where the CA signs the identity of the user to verify the identity of a. So in the process of communication between A and B, a can send its own digital signature to B,b to obtain this digital signature can be decrypted by the CA's public key and authenticated, the process is explained later. ③④. ⑤:a encrypts and transmits the information to be transmitted, and B accepts the subsequent decryption process.
2. RSA algorithm:RSA principle: The RSA algorithm is based on a very simple number theory fact: it is easy to multiply two large primes, but it is extremely difficult to factorization the product, so you can expose the product as an encryption key. algorithm:(1) Select two different large primes p and q;(2) calculated product N=PQ and φ (n) = (p-1) (q-1);(3) Select a random integer e greater than 1 less than Φ (n), making gcd (E,φ (n)) = 1; Note: GCD is greatest common divisor. (4) Calculate D to make d*e=1modφ (n); Note: That is, D*e modφ (n) = 1. (5) for each key k= (n,p,q,d,e), define the encryption transform to EK (x) =xe mod n, decrypt the transform to DK (x) =yd mod n, here x,y∈zn;(6) P,q destroy, with {e,n} as public key, {d,n} as private key. Example:1. Suppose P = 3, q = One (P,q are prime numbers.) ), then n = PQ =;2. R =φ (n) = (p-1) (q-1) = (3-1) (11-1) =;3. According to GCD (E,φ (n)) = 1, i.e. gcd (e,20) = 1, make e=3, then D = 7. (two numbers can also be exchanged for a bit.) )
Here, the public key and key have been determined. The public key is (n, e) = (33, 3), and the key is (n, D) = (33, 7).
Code implementation:
public class Simplersa {/** * encryption, decryption algorithm * @param key public key or key * @param message data * @return */public static long RSA (int basenum, int key, long message) {if (base Num < 1 | | Key < 1) {return 0L; }//Encrypt or decrypt the data after long rsamessage = 0L; Cryptographic core Algorithm rsamessage = Math.Round (MATH.POW (message, key))% Basenum; return rsamessage; } public static void Main (string[] args) {//cardinality int basenum = 3 * 11; Public key int keye = 3; Key int keyd = 7; Unencrypted data long msg = 24L; Encrypted data Long encodemsg = RSA (Basenum, Keye, msg); Decrypted data Long decodemsg = RSA (Basenum, Keyd, encodemsg); System.out.println ("Before encryption:" + msg); SYSTEM.OUT.PRINTLN ("After encryption:" + encodemsg); System.out.println ("After decryption:" + decodemsg); } }
The result: The CA saves the user's public key, and anyone else wants to send the user information, simply query the public key, encrypt the send, and the user is decrypted with the secret key that only he knows.
3. Signature Certificate:The purpose of signing the certificate: To add a user to the B user sent the message "A Love You", B received after how to determine is A send it (because in the man-in-the-middle attack, if C intercepted a sent information, changed to "C Love You", B is unable to determine the sender of these two information, because he They all also use B's work to encrypt), thus produced the signing certificate technology. The signing certificate is used by the CA to encrypt the user's information with its own private key, and the user can send the message to the user by attaching their own signature certificate, which allows the recipient to verify the source of the information. When the recipient accepts the sender's signature certificate, it can decrypt the sender's identity with the CA's public key.
4. Transmission of information:Process:A. Alice Prepares the digital information (clear text) to be transmitted.
B. Alice hashes a hash (hash) of the numeric information and gets a summary of the information.
C. Alice encrypts the information digest with her own private key (SK) to get Alice's digital signature and attach it to the digital information. D. Alice uses Bob's public key (PK) to encrypt the cryptographic key that was just randomly generated and sends the encrypted ciphertext to BobE. Bob receives the ciphertext sent by Alice and decrypts the cipher with her own private key (SK).
F. Bob decrypts Alice's digital signature with Alice's public key (PK) to get a summary of the information.
G. Bob uses the same hash algorithm to perform a hash operation on the received plaintext and gets a new summary of the information. H. Bob compares the summary of information received with the summary of the newly generated information and, if it is consistent, indicates that the information received has not been modified. with digital signatures, these functions can be accomplished:(1) The confirmation information is sent by the signer;(2) Confirm that the information has not been modified since it was received by the signature;(3) The signer cannot deny that the information was sent by itself. However, the above process is problematic, for example, User C steals a computer information, the public key of B is changed to its own public key, a with this public key encryption information sent to B,c in the middle intercept this data can obtain these private information. How to deal with this situation? The signing certificate comes in handy. The Certificate Center uses its own private key to encrypt each user's public key and some related information to generate a digital certificate (Certificate). If the sender wants to check the recipient's public key before sending the message, just use the CA's public key to decrypt the B's signing certificate.
Asymmetric encryption process details (based on RSA Asymmetric Encryption algorithm implementation)