Because the payment node contains sensitive data, it should be encrypted. The following example shows the same information, but the payment node is replaced by the EncryptedData node. EncryptedData node contains a pair of payment Encrypted ciphertext within the contents of the node. The EncryptedData node is a reference from the DataReference node in the security header.
In this case, of course, you can sign the message with a digital signature to prevent a malicious person from tampering with the data, or to use a timestamp or other unique identifier to determine if the information is being attacked.
Types of encryption
Symmetric encryption and incorrect encryption
The encryption algorithm can be divided into symmetric encryption and asymmetric encryption. In symmetric encryption algorithms, a key is used for exchanging information between two parties. The sender encrypts the data using a copy of the private key. On the receiver, use the copy of the same private key to decrypt the data. Most of them have to be encrypted, Examples of encryption based on shared passwords and shared security identities.
In this type of system, a central server distributes shared keys to consumers who need security interaction. The disadvantage of symmetric encryption is the management of shared keys, the distribution and protection of their security, especially on public networks such as the Internet.
To overcome the difficulty of managing keys in a public network, use a pair of keys to replace a single key. In the wrong encryption algorithm, both parties have a private key and a key.
The public key is generated by an irreversible method of manipulating the private key, so once one of the two is used to encrypt the data, the other one can be used to decrypt it. In addition, the private key cannot be inferred from the public key, and only the private key is used to decrypt the data encrypted with the public key. When sending an asynchronous encrypted message, The sender uses the receiver's public key to encrypt the message, making sure that only the receiver can use his private key to decrypt the text. If you do it in a different way, anyone can use the available public key to decrypt the text. Asymmetric encryption is the foundation of PKI, PKI is the basis of X.509 security standards. The asymmetric encryption algorithm is a typical algorithm based on the processing of large numbers, such as exponential logarithmic operation. It requires more CPU time to encrypt and decrypt than the encryption algorithm. For this reason, asymmetric encryption is often used to securely transmit a symmetric "session" key, Used to encrypt the remainder of the interaction, which is only valid for the duration of the information exchange.
Because public keys can be easily obtained, encrypting with public keys eases the difficulty of distributing and managing keys. Unfortunately, the cost of this convenience is that the encryption algorithm is usually a few orders of magnitude slower than the encryption algorithm. Because of this, the asymmetric encryption method is used only to handle relatively small data. For example, security keys and identities and digital signatures .
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
