Microsoft CryptoAPI encryption Technology (i)

In this era of information explosion, we have to be vigilant about the security of the message. As a way of guaranteeing the security of data information, encryption is more and more concerned by people.

Next, I'll share some of my superficial understanding of Microsoft CryptoAPI with you, and let me know what's wrong.

First, the encryption method:

In the beginning, computer research is to solve the German password, people did not think of the computer to bring today's information revolution. With the development of computer and the enhancement of computing power, cryptography has made great progress. Generally speaking, there are several forms.

1, Public key encryption technology

Encryption and decryption use different keys, called "Public Key" and "private key" respectively. As the name implies, "private key" is not to let others know, and "public key" is to be open. The two must be paired, and the data encrypted with the public key must be used with its corresponding private key to unlock it. This technique is highly safe and widely used, but it is inefficient.

2, symmetric key encryption technology

Requires that the encryption and decryption process use the same key, so that the key must be decrypted only by both sides to know, otherwise it will not be safe. This technique is not safe, but it is highly efficient.

3, combined with public and symmetric key encryption technology

Public-key cryptography, with speed at the expense of high security, and symmetric encryption for low security in exchange for high performance, so another common encryption method is to combine the above two technologies.

The symmetric encryption algorithm is used to encrypt the data and then the symmetric key is encrypted using a more secure but less efficient public key encryption algorithm.

4. Digital signature and identification

is to "sign" the encrypted data so that the recipient can know the source of the encrypted data and whether it has been changed.

Second, CryptoAPI

Microsoft's CryptoAPI is the cryptographic API recommended by PKI. Its function is to provide application developers with a standard cryptographic interface for using security services such as encryption, authentication, and so on in a Win32 environment. CryptoAPI is between the application and the CSP (cryptographic service provider) (see figure I).

The CryptoAPI programming model is similar to the graphics Device interface GDI for Windows systems, where the cryptographic service provider CSP is equivalent to a graphics device driver, the encryption hardware (optional) is equivalent to the graphics hardware, and the upper application is similar, without the need to deal directly with the device driver and hardware.

CryptoAPI consists of five parts: a simple message function (simplified messages functions), a low-level message function (low-level messages functions), a basic cryptographic function (base cryptographic Functions), Certificate codec functions (certificate Encode/decode functions), and certificate Library management functions (certificate Store functions). The first three can be used to encrypt or sign sensitive information, which can guarantee the privacy of network transmission, and the authentication of network information communication can be ensured through the use of certificates.