Marco Linux Learning note three--encryption

1. Clear text transmission

Ftp,http,smtp,telnet

2. Confidentiality:plaintext--> Conversion Rules-->ciphertext

ciphertext--> Conversion Rules-->plaintext

Integrity: Single encryption algorithm, extract data signature. As input, the output must be the same; The avalanche effect, the small change in input, will cause a huge change in the result, regardless of the original data, the result size is the same, irreversible, unable to restore the original data based on the signature.

3. Key

4. Symmetric encryption: There is a cryptographic algorithm, there is a key

5. Key exchange algorithm

IKE (Internet key Exchange,internet key exchange protocol)

Classic with Diffie-hellman protocol

6. Asymmetric encryption algorithm, public key encryption algorithm.

This section is from: www.cnblogs.com/darksir/p/3704198.html

We first assume that a data sender and a data receiver (called Xiao Red and Xiao Ming!) ）

Sender Little Red has a pair of keys: a public key and a private key.

Receiving Fangxiaoming also has a pair of keys: a public key and a private key.

Note: These four keys (passwords) are different!

The concept of public key: The public key can be transmitted over the network, that is, the receiving sender can know each other's public key, of course, if you use network sniffing technology, you can also sniff the content of the public key on the network, but you only have the public key is unable to decrypt the file.

The concept of the private key: The private key is the user's own private, not in the network transmission (that is, do not need to receive the sending parties to exchange this key), which guarantees the security of the password, hackers can not sniff the key in the network, but is strictly stored in the user's own host.

Public key and private key relationship: Public key encrypted data only the private key can be unlocked, the private key encrypted data only the public key can unlock, and neither can unlock themselves! This is the key to ensure that data cannot be stolen! The only difference between a public key and a private key is that the public key is exchanged over the network, and the private key itself is not transmitted over the network.

Imagine the following scenario:

Sender of red to receive Fangxiaoming send a love letter (well, in order to match the following figure I can only make a female chasing male story, let the majority of hanging silk under the fantasy! , but little red, girls, more shy, afraid of some ulterior motives to steal to see his sweetheart's whisper, the use of encryption technology, so that the network bored people can not peep it's love letters.

The first step : Xiao Red with her own private key to the love letter on the first lock, the private key only she knows.

The second step : actually two people know each other before (communication over), this time already have the other party's public key, so little red and on the basis of the first step with Xiao Ming's public key to the love letter added a second lock.

The third step : This time small red side has already put the love letter encrypted, she is satisfied, because already foolproof! She sent two locks of love letters to the Internet to send to xiaoming, this time the network of hackers may have been small red and xiaoming first tryst and exchange of public key when the two people's public key stolen. But think of the red lock process, the most outside a lock (second lock) is to use Xiao Ming's public key encryption, that is to use Xiao Ming's private key to decrypt to open, but the hacker can only have two people's public key, and can not get Xiaoming's private key, which effectively avoid the data stolen, even if hackers intercepted love letters, can only see a bunch of messy garbled, and can not really know the content of the love letter.

The Fourth step : Xiao Ming successfully received a small red love letter, the use of their private key, successfully untied the outer lock. (The outer lock is small red with Xiao Ming's public key lock!) ）

The fifth step : Xiao Ming again took out a small red public key, untie the love letter inside the layer of the lock. At this time, it can be determined that the love letter is really red hair, and not others forged to bluff their own. (The inner lock is small red with its own private key lock!) ）

Note: The whole process of using two locks to the data transmission process strictly encrypted, the data in the transmission process can not be decrypted, unless the hacker invaded the receiver (xiaoming) of the computer, stole his private key. Therefore, this method can be guaranteed in the transmission process is strictly confidential, even if the exchange between the sending and receiving the public key is sniffing can not reveal. Of course, there is no absolute security, as mentioned above, the direct invasion of the computer there is no secret.

Q: If Xiao Red only with Xiao Ming's public key encryption, the hacker to get the data can not be solved, why add two locks?

A: The first lock on small red's private key is called "signature" (Guaranteed not to be a hoax by others), to ensure the true nature of the data source. That is, if the data only accept the public key to lock, the hacker can not open, but may be disguised as the direction of sending Xiao Ming (receiver) to send data, and receive Fangxiaoming because the data is not the sender's private key locked, unable to determine the identity of the sender, so if a lock, hackers still have the advantage!

7. Asymmetric Encryption & symmetric encryption

From: www.cnblogs.com/darksir/p/3705554.html Inter-network data encryption transmission whole process (SSL encryption principle)

Asymmetric encryption: the encryption form of public and private keys is called asymmetric encryption, is two different secret keys do not want to lock and unlock, they can not open their own.

Symmetric encryption: symmetric encryption is only a secret key, use it to shackle also use it to unlock. Symmetric encryption has a security implication because you have to let both the sender and the receiver know the secret key, which is a risk of having to transfer the secret key over the network. But symmetric encryption also has the advantage, that is, the algorithm is the time complexity of the bottom, the encryption process is fast, and the time complexity of asymmetric encryption is very high, if a very long full-text are asymmetric encryption is obviously unrealistic.

Smart people. The method of encrypting the symmetric encryption key with asymmetric encryption algorithm can be achieved both. SSL encryption

You will find a lot of ingenious places here.

1, the use of asymmetric encryption to ensure the absolute security of data.

2, the use of symmetric encryption to encrypt the original text, simplifying the complexity of time, and useful asymmetric encryption encryption symmetric key, so that the transmission of symmetric key is absolutely safe. Perhaps you will think, the original text is only using symmetric encryption algorithm to add the secret, we only need to brute force to crack this symmetric password. Here to illustrate, this symmetric key is randomly generated, transparent to the user, generally should also be very long, to crack this basic is also unrealistic.

3, the use of the non-reversible hash function, the results of the uniqueness of the data validation, effectively ensuring the integrity of the data.