Digital Signature and encryption and decryption

Source: Internet
Author: User
Tags asymmetric encryption

About digital signatures and encryption and decryptionArticleI have read this many times. Based on this fact, I can't convince myself, so I can't convince myself every time I read it. Recently, I was looking at oauth related things. The digital signature and encryption and decryption were not available. I just calmed down and looked at the information and tried to convince myself.

 

1. encryption and decryption Basics

Simply put, computer encryption is nothing more than encryption in plaintext P using the key K to obtain the ciphertext M:

K (p) = m

Decryption is to reverse the process:

K (m) = P

 

For key K, two methods are available: symmetric encryption and asymmetric encryption.

A. symmetric encryption: encryption and decryption, with the same key

B. asymmetric encryption: different keys (key pair VK and SK) are used for encryption and decryption. For example, if VK is used for encryption, SK is used for decryption. And vice versa. If you use SK encryption, use VK for decryption.

 

2. Digital Signature

The digital signature actually plays two roles: 1. verification. 2. encryption.

Verification here refers to verifying the identity of the sender to prevent forgery. Encryption refers to the encryption of plaintext to prevent leakage.

 

Digital signatures can be implemented either by using symmetric encryption or asymmetric encryption.

3. Use symmetric encryption to implement Digital Signatures

Note:

A. Use symmetric encryption (the same key is used for encryption and decryption ).

B. Third-party arbitration is required

Resource:

A. Two keys (Remember, the same key is used for encryption/Decryption) are called Ka and kb respectively.

Role:

ALICE: (plaintext Pa, key ka, ciphertext Ma)

BOB: (plaintext Pb, key kb, ciphertext MB)

Trent: simultaneously owned (Ka, KB)

Steps:

A. Alice encrypts the plaintext Pa with the key Ka to obtain the ciphertext Ma.

B. Alice sends Ma to Trent

C. The arbitrator Trent uses Ka to decrypt the MA and obtain the PA.

D. The arbitrator Trent adds Alice's ID card with PA and the Trent's ID card.

E. Trent encrypts the above (aliceid + trentid + Pa) with key kb to obtain MB.

F, Trent sends MB to Bob

G, Bob uses kb to decrypt the MB and get the PA, Alice's ID card, and Trent's ID card.

Note:

Because only the Trent knows the key and the ciphertext is transmitted on the network, you are not afraid to be peeked.

Secondly, the key transformation process is completed by Trent, which is credible here. Therefore, there is no forgery problem.

What? Alice does not admit that she has sent Pa. I am looking for Trent to explain it.

4. asymmetric encryption for Digital Signature

Note:

A. asymmetric encryption technology

B. Only the private key can be used to unbind things encrypted with the public key, and only the public key can unbind things encrypted with the private key.

C. Use two key pairs (each key pair contains one public key/private key) to complete digital signatures without third-party arbitration.

Resource:

A, the first key pair, Public Key VK-A, Private Key SK-A

B, second key pair, Public Key VK-B, Private Key SK-B

Role:

ALICE: plaintext Pa, first-to-private key SK-A, VK-A/VK-B

Bob: second pair of SK-B, VK-A/VK-B

Crack: because the public key is public, so crack is easy to get two public key VK-A/VK-B, how come? Maybe Google does. Who knows.

 

Steps:

A, Alice first encrypt the plaintext Pa with the private key SK-A (this step plays the role of anti-deny, only Alice has the private key SK-A)

B, Alice then encrypts the above results with the public key VK-B (this step plays the role of encryption, only Bob's private key SK-B can be unlocked)

C. Alice sends the ciphertext Ma obtained through the above steps to Bob

D, difficult to prevent, someone wants to peek, the result is not understand the hacker (hey, only Bob has SK-B this artifact)

E, there are people who want to forge, okay, you're so cruel, you can get the public key, so you can generate VK-A (x), VK-B (X)

F, Bob received three things: Ma, VK-A (X) and VK-B (X)

G, first use your own private key SK-B (MA) => SK-A (PA), and then use the public key VK-A (SK-A (PA) => Pa, haha, Alice came to the message.

H, VK-A (x), what? Try with SK-B, what can't see it!

I, VK-B (x), what? First with the SK-B to see, It is X ah. Try again VK-A, what can't see well, certainly not Alice. (Remember that the VK-A can only parse the contents encrypted by Alice's private key SK-A, others don't have A SK-A)

Note:

Information transmitted over the network is encrypted, so you are not afraid of being peeked.

What? You have a VK-A, you can see that Alice is encrypted by the private key, but every time the fuck alice sends is encrypted by the VK-B ciphertext.

Because Alice sent something through her own private key SK-A and Bob's public key VK-B at the same time added password, not afraid to be forged (no private key, how to create AH ), not afraid to be compromised (only Alice can use SK-A encryption, I use VK-A to unlock something, it must be you Alice hair ).

 

References:

Http://www.ruanyifeng.com/blog/2006/12/notes_on_cryptography.html

http://en.wikipedia.org/wiki/Public-key_cryptography

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.