Let's talk about encryption and decryption.

Http://liangrui.blog.51cto.com/1510945/372309

You may not understand the differences between public keys and private keys, as well as the specific steps for implementing security protocols such as HTTPS and SSL. Let's take a look at this.

What is encryption:

The basic process of data encryption is to process the files or data that were originally plain text in a certain algorithm, making it a piece of code that is not readable, usually called "ciphertext ", so that the original content can only be displayed after the corresponding key is entered, so as to protect data from being stolen and read by non-legal persons. The inverse process of this process is decryption, which converts the encoding information into the original data.

Encryption algorithms mainly include des (Data Encryption
Standard): symmetric algorithm, Data Encryption Standard, fast, suitable for encrypting a large amount of data;

3DES (Triple DES): It is a symmetric algorithm based on Des. it encrypts a piece of data three times with three different keys, with higher strength;

RC2 and RC4: symmetric algorithms that use variable-length keys to encrypt a large amount of data.
Des fast;

Idea (International Data Encryption Algorithm) International Data Encryption Algorithm, using
The 128-bit key provides high security;

RSA: by RSA
The company invented a public key algorithm that supports variable-length keys. The length of the file block to be encrypted is also variable, asymmetric algorithms;

DSA (Digital Signature Algorithm): digital signature algorithm, which is a standard
DSS (Digital Signature Standard) is not an encryption algorithm strictly;

AES (Advanced Encryption Standard): Advanced Encryption Standard, symmetric algorithm, is the next generation of encryption algorithm standard, fast, high security level, currently
One implementation of the AES standard is Rijndael.
Algorithm;

Blowfish uses a variable-length key, which can contain up to 448 bits and runs fast;

MD5: Not an encryption algorithm. It can only be a digest algorithm.

What are the differences between symmetric encryption and asymmetric encryption when we talk about encryption algorithms?

The symmetric encryption algorithm only has one key. when both parties exchange data, user a encrypts the data with the key and transmits the data in the channel. User B decrypts the data with the key after receiving the ciphertext and restores the file, since the data is transmitted in the transmission process as ciphertext, the purpose of data protection is achieved. The advantage of symmetric encryption algorithms is that the encryption speed is fast, and the encryption algorithm des
. 3DES RC4 RC2

Asymmetric algorithms were born after encryption algorithms. They adapt to the high degree of data confidentiality mechanism in the society. asymmetric encryption has two keys and becomes the public key and private key. The public key and private key are paired, for example, if user A has a private key and a public key pair, how do they use it?

 

Assume that Party A needs to send an email to user B. First, Party A needs to encrypt the data with its own private key to form a digital signature, and then encrypt it with Party B's public key. Then, after Party B receives the ciphertext, decrypt the file with the private key of Party B and restore the file with the public key of Party.

Some may ask how B knows the public key of a. Ca is the certificate issuing authority and is the core of PKI. Ca is the authority responsible for issuing certificates, certification certificates, and managing issued certificates. It should formulate policies and specific steps to verify and identify user identities, and sign user certificates to ensure the ownership of the identity and public key of the certificate holder,

CA also has a certificate (containing the Public Key) and a private key. Public users on the Internet pass the verification ca
To trust the CA
Anyone can obtain the CA certificate (including the public key) to verify the certificate it issued.

 

CA certificate issuance process diagram

If the user wants to obtain a certificate of his own, he should first send the certificate to the CA
Submit an application. In ca
After the applicant's identity is identified, a public key is assigned to the applicant and the CA
After the public key is bound with the applicant's identity information and signed for it, a certificate is issued to the applicant.

If a user wants to identify the authenticity of another certificate, he uses ca
. [1] The certificate is actually issued by the Certificate Authority (CA) to authenticate the user's public key.