PKI entry-level Introduction

With the rapid development of e-commerce, information security has become one of the key issues, especially the requirements of online payment and online banking for information security. In order to carry out secure e-commerce activities on the Internet, public key infrastructure (PKI) has been widely used at home and abroad. Do we really need PKI? What is the use of PKI? The following uses a case to analyze the problem step by step: Party A wants to send a contract document to Party B, who is far away from abroad through the Internet. This contract document is very important to both parties and cannot be omitted, in addition, this file cannot be learned by others. How can we securely send this contract?

Question 1: The most natural idea is that a must encrypt the file to prevent others from viewing its content. So what encryption technology should it use, can contract transfer be safe and fast?
Some mature symmetric encryption algorithms, such as des, 3DES, and RC5, can be used to encrypt files. Symmetric encryption uses symmetric encryption technology, which features that the same key is used for file encryption and decryption, that is, the encryption key can also be used as the decryption key, this method is called symmetric encryption algorithm in cryptography.

Question 2: If a hacker intercepts this file, can he use the same algorithm to decrypt it?
No, because both encryption and decryption require two components: encryption algorithm and symmetric key. The encryption algorithm requires a symmetric key for decryption. Hackers do not know this key.

Question 3: Since hackers do not know the key, how can B securely obtain the key? By phone, a hacker may intercept the phone and send the key to B over the Internet. What should I do?
The method is to use asymmetric key algorithms to encrypt and transmit symmetric keys. Unlike symmetric encryption algorithms, asymmetric encryption algorithms require two keys: public key and private key ). A public key is a pair of private keys. If a public key is used to encrypt data, only the corresponding private key can be used for decryption. If a private key is used to encrypt data, only the corresponding public key can be decrypted. Because encryption and decryption use two different keys, this algorithm is called asymmetric encryption algorithm (public/private keys can be generated by specialized software ). Both parties have a pair of public/private keys. The public key can be transmitted over the Internet, and the private key is saved on its own. In this way, Party A can use Party B's public key to encrypt the symmetric key in the symmetric encryption algorithm mentioned in question 1. Even if the hacker intercepts the key, the hacker does not know the private key of Party B, but does not open the symmetric key. Therefore, the hacker cannot decrypt the ciphertext. Only Party B can unlock the ciphertext.

 
Question 4: Since Party A can use Party B's public key to encrypt its symmetric key, why not directly use Party B's public key to encrypt its file? This is not only simple, but also saves the steps to encrypt files using symmetric encryption algorithms?
You cannot do this. Asymmetric encryption algorithms have two disadvantages: Low encryption speed and 10-10-slower than symmetric encryption algorithms ~ 100 times, so only small data (such as symmetric keys) can be encrypted. In addition, encrypted ciphertext will become longer. Therefore, symmetric encryption algorithms are generally used to encrypt their files, and symmetric keys used by asymmetric algorithms are then used to encrypt symmetric keys.

Problem 5: If a hacker intercepts the ciphertext, the hacker also intercepts the symmetric key encrypted with the public key. Because the hacker does not have the private key of Party B, the hacker cannot unlock the symmetric key, however, if he uses symmetric encryption algorithms to encrypt a fake file and uses the public key of B to encrypt the symmetric key of the fake file and send it to B, B will assume that he received the file sent by, it will use its private key to decrypt the fake file and is happy to read its contents, but it has not been replaced. In other words, Party B does not know that it was not sent to Party A. What should I do?
The answer is to use a digital signature to prove its identity. A digital signature uses hash algorithms, such as MD5 and SHA-1, to extract a Digest from large data blocks. However, the Digest cannot use the hash algorithm to restore any original text. That is, the Digest will not reveal any original plaintext information, but if the original information is changed, the summary is certainly different. Therefore, a can digest the file and encrypt it with its own private key (because the asymmetric algorithm is reversible, that is, the private key can be used to unbind the file encrypted by the public key, and vice versa ), in this way, even hacker interception is useless. Because the hacker does not obtain any information from the abstract, but B is not the same, he can use the public key of a to decrypt and obtain its abstract (if a public key can be used to unbind this abstract, this abstract must have been sent by a, because only the public key of a can unbind the Information encrypted by the private key of A, and the private key of A is only known by ), the same hashing algorithm is also applied to the files received (the decrypted contract files), and the digest is the same by comparing them, you can see whether the file has been tampered with (because if the abstract is the same, the information is certainly not modified, which is a feature of the hash algorithm ). This not only solves the problem of proving the sender's identity, but also solves the problem of file tampering.

Problem 6: The symmetric encryption algorithm is used to encrypt the file, the asymmetric algorithm is used to encrypt the symmetric key, and the hash algorithm is used to verify the identity and information of the sender, is this safe?
The answer is no. The problem is that Party B cannot be sure that the so-called public key of Party A must be a. The solution is to use a digital certificate to bind the public key and the owner of the public key.
A digital certificate is a digital signature signed by the certificate authority that contains information about the public key owner and the public key. It is a series of data that identifies the identity information of all parties in the network communication, it provides a way to authenticate identity on the Internet, which is similar to a driver's driving license or an ID card in everyday life. People can use it to identify each other in interactions.
The simplest certificate contains a public key, name, and digital signature of the certificate authorization center. Generally, the certificate includes the key validity period, the name of the issuing authority (Certificate Authority), and the certificate serial number. It is issued by a ca, also known as the Certificate Authority Center. As a trusted third party in e-commerce transactions, CA is responsible for verifying the validity of public keys in the public key system. The CA center issues a digital certificate to each user who uses the public key. The digital certificate is used to prove that the user listed in the certificate legally owns the public key listed in the certificate. The digital signature of CA prevents attackers from forging or tampering certificates. Ca is the core of PKI and manages certificates of all users (including various applications) under the PKI structure, binds the user's public key with other user information to verify the user's identity on the Internet.
Because the digital certificate is public, just like the public phone book, in practice, the sender (that is,) A copy of your digital certificate, together with the ciphertext and digest, will be sent to the recipient (that is, B ), B checks the validity of the certificate by verifying the signature of the Authority on the certificate (you only need to use the public key of the trusted authority to verify the signature on the certificate ), if the certificate check is normal, you can believe that the public key contained in the certificate does belong to the person listed in the certificate (that is, ).

 
Question 7: It seems safe now. However, security vulnerabilities still exist. For example, although Party A issues the contract documents to Party B, however, Jia refused to acknowledge that he had signed the document at the time indicated by the signature (digital signature is equivalent to the text signature of the written contract), blamed the computer for the fault, and thus did not perform the contract, what should I do?
The solution is to use a trusted clock service (provided by an authority), that is, signed by a trusted time source and file signer. In a written contract, the date of signing of the document is the same as that of the signature. It is important to prevent forgery and tampering of the document (for example, the contract generally stipulates that the document will take effect from the date of signing ). In electronic files, because the user's desktop time is easy to change (inaccurate or changeable), The timestamp generated by this time cannot be trusted, therefore, a third party is required to provide the timestamp Service (DTS), which is an online security service project provided by a dedicated organization ). This service provides security protection for the publication time of electronic files.
The process of Timestamp generation is as follows: the user first encrypts the file that requires timestamp into a digest using hash encoding, and then sends the Digest to DTs, DTS encrypts the file (digital signature) after adding the date and time information for receiving the file digest, and then sends it back to the user. Therefore, the timestamp is an encrypted document. It consists of three parts: the abstract of the file that requires timestamp, the date and time when DTS received the file, and the digital signature of DTs. Since the Trusted time source and the file signatory sign the file together, and thus prevent the Party (that is, Party A) of the document signature from being fraudulent in time, it is undeniable.

 
Question 8: Is there a digital certificate that binds the public/private key to the identity, and an authority provides the clock service to make it undeniable? No, there is still a problem. B still cannot prove that the other party is a, because it is entirely possible that someone else has stolen a's private key (for example, someone else is not using a's computer ), then I sent information to Party B as a. How can this problem be solved?
The solution is to use technologies such as strong passwords, authentication tokens, smart cards, and biometric features to authenticate users who use private keys to determine that they are legal users of private keys.
Before solving this problem, let's take a look at how PKI-based authentication currently works. Take the browser or other application that registers for certificate application as an example to describe that a key storage will be created when the key is generated for the first time, and the browser user will be prompted to enter a password, the password is used to construct the encryption key required to protect the key storage. If the key store only has weak password protection or no password protection at all, any user who can access the computer browser can access those private keys and certificates. In this scenario, how can I trust the identity created using PKI? Because of this, a strong PKI system must be built on the basis of strong authentication of the private key owner. The main authentication technologies currently include: strong passwords, authentication tokens, smart cards, and biometric features (such as fingerprint and eye mask ).
Take the authentication token as an example: assume that your private key is saved in the encryption container of the backend server and you want to access the private key, the user must first use the authentication token (for example, the user enters the account name, the pass code and pin displayed on the token). If the authentication is successful, the user's encrypted container is downloaded to the user's system and decrypted.
By solving the above problems, the security requirements for sending files are basically met. The following is a summary of this process. For A, the entire sending process is as follows:
1. Create a symmetric key (generated by the corresponding software and one-time), encrypt the contract with it, and pack the symmetric key with the public key of Party B.
2. create a digital signature, hash the contract (such as the MD5 Algorithm), and generate the original digest, A uses its own private key to encrypt the abstract (the public/private key can be created by itself or provided by the CA ).
3. Finally, Party A sends the encrypted contract, packaged key, encrypted summary, and digital certificate (issued by the CA) to Party B.
After receiving the encrypted file, Party B needs to do the following:
1. After receiving the accesskey, use the private key of Party B to decrypt the accesskey to obtain the symmetric accesskey.
2. Obtain the public key of a through the digital certificate of A and use it to unbind the abstract (called abstract 1 ).
3. Use the same hash algorithm as the sender to create a Digest (called digest 2) for the decrypted contract ).
4. Compare Summary 1 and Summary 2. If they are the same, the information is not tampered with and comes from.
The process of transmitting information from A to B does not seem complicated, but it actually consists of many basic components, such as symmetric/Asymmetric Key Cryptography technology, digital certificates, digital signatures, and certificate issuing authority (CA) and public key security policies, among which the most important and complex is the establishment of the certificate issuing authority (CA. The following articles will introduce ca.