[node. js] Symmetric encryption, public key cryptography, and RSA

Original address: http://www.moye.me/2015/06/14/cryptography_rsa/

Introduction

For the addition and decryption, I have been in a knowledge of its reason why the state, the core part of the project does not rely on encryption and decryption algorithm, can reluctantly deal with the past, once the need for frequent applications such as AES/RSA algorithm, this state is quite a catch.

It's time to get to know the principle, so I found this graphic cipher technique to make up your own lessons:

In the book in the light of the guidance, supplemented by some common sense, here to do a comb:

Symmetric encryption Algorithm (shared key)

Symmetric encryption, as the name implies, is encrypted and decrypted with the same key. When it comes to symmetric encryption, XOR is another concept that has to be mentioned:

XOR (heterogeneous or encrypted)

The plaintext and the key make an XOR (10) operation will become ciphertext, the ciphertext and the key once the XOR operation will revert to clear text:

For example, the string "Wiki" (8-bit ascii:01010111 01101001 01101011 01101001) can be encrypted with key 11110011 as follows:

	01010111 01101001 01101011 01101001
	11110011 11110011 11110011 11110011
=	10100100 10011010 10011000 10011010

This method of encryption is similar to symmetric encryption, so the way to decrypt it is as follows:

	10100100 10011010 10011000 10011010
	11110011 11110011 11110011 11110011
=	01010111 01101001 01101011 01101001

We can also validate this feature with code:

var key = 0b10110010;var Number = 22;var encrypted = number ^ key;   Ten = ciphertext 164console.log (encrypted ^ key);   Ten = Clear Text 22

By using XOR, you can achieve the most basic symmetric encryption, provided that you choose a suitable key. Other symmetric encryption algorithms, such as Des/aes, are all extensions based on XOR.

AES Symmetric encryption

AES, the Advanced Encryption Standard (encryption), is a symmetric encryption algorithm that replaces the previous standard (DES) as the new standard (DES is superseded because its algorithm is flawed, causing it to be violently cracked in a short time, so des is deprecated, It is recommended to use AES). The current implementation algorithm for AES is Rijndael, which is a block cipher algorithm designed by the Belgian scientist Joan Daemen and Vincent Rijmen.

Grouping means that the input of the AES algorithm is to be grouped, the packet length can be selected in the 128/196/256 bit (that is, a cipher that can encrypt so many bits of plaintext to generate the same length of ciphertext, one time the encryption may need to iterate multiple rounds).

Mode

The Block cipher algorithm only encrypts fixed-length groupings, but we need to encrypt the length of the plaintext to exceed the packet length of the block cipher, and then iterate over the block cipher algorithm to encrypt a long plaintext. The iterative approach is called the Block cipher pattern.

There are many types of patterns, and the main patterns of block ciphers are:

• ECB mode: Electronic Codebook mode (electronic password)
• CBC mode: Cipher Block Channing mode (password Group link)
• CFB mode: Cipher FeedBack mode (ciphertext feedback model)
• OFB mode: Output FeedBack mode
• CTR mode: CounTeR mode (counter)

The operating flow of these modes is not to be discussed here, just know:

• The ECB is too simple to be secure and has been deprecated;
• CFB can be applied to replay attack;
• Both OFB and CTR can be reversed by the active attacker, and the corresponding bits in the plaintext are changed after the decryption, and the CTR is OFB to support concurrent computing, and CTR is a stream cipher;
• Although CBC does not support parallel computing, it is the safest of these patterns

Algorithm structure diagram for CBC mode:

Public key encryption algorithm

Public key encryption, also known as asymmetric encryption (asymmetric cryptography), is a cryptographic algorithm type, in which a pair of keys is required, one is a private key and the other is a public key. These two keys are mathematically related, and the information obtained by encrypting a user's key can only be decrypted with the user's decryption key. If one is known, it is not possible to calculate the other one. Therefore, if one of the two keys is exposed, it does not compromise the secret nature of the other. The public key is a public key, and the private key is not public.

Public key cryptography solves the problem of a symmetric cryptographic key distribution: How to safely pass the decryption key. The scheme is: do not pass, the encryption and decryption of the key is not the same, the characteristics are as follows:

• Ciphertext sender only needs encryption key (public key
• The ciphertext recipient only needs the decryption key (the private key
• Decryption key can not be obtained by eavesdroppers
• Encryption key is acquired by eavesdroppers and there is no security problem

RSA Public Key Cryptography

RSA is a public-key cryptographic algorithm whose name consists of the initials of three developers R. Rivest, A. Shamir and L. Adleman. RSA can be used for public key cryptography and digital signatures, the algorithm was patented in the United States in 1983, and the patent has expired (since the algorithm was published before the patent was filed, and in most other parts of the world this patent is not recognized).

In RSA, plaintext, keys, and ciphertext are numbers, and public private key pairs are two pairs of numbers:

• The public key is (number E, number N)
• The private key is (number D, number N)

Encryption is the use of clear text in the E-order to find the result of the MoD N (take the remainder), the process can be expressed by the following formula:

ciphertext = plaintext E mod N

The D-Order of the number of ciphertext can be obtained by the MoD n, and the decryption process can be expressed by the following formula:

Clear text = ciphertext D mod N

Generate key Pair Process

(1) Seeking N

Randomly generates two large prime numbers p and q, then N = p * Q

(2) Seeking L

The temporary amount L is only used to generate the key pair, it is the least common multiple of p-1 and q-1 (least common multiple, LCM), and with LCM (x, y) to represent "x and y least common multiple", the L can be expressed as:

L = LCM (p-1, q-1)

(3) Ask E

The following relationship exists between E and L:

1 < E < L

GCD (E, l) = 1 E and L greatest common divisor 1 (E and L coprime)

To find the number that satisfies gcd (E, L) = 1, or to use a pseudo-random number generator. The pseudo-random number generator generates a candidate for e in the range of 1 < e < L and then determines whether it satisfies the condition of gcd (E, L) = 1.

(4) Ask D

The number d is calculated from the number E. The following relationships must be between D, E and L:

1 < D < L

E * D mod L = 1

As long as the number D satisfies the above conditions, it can be decrypted by (number D, number N) through encrypted ciphertext (number E, n).

Simulation Practice

Use a smaller number to practice a RSA key generation and decryption:

(1) Seeking n

Select two prime numbers, for example: P = 17 and q = 19

N = 17 * 19 = 323

(2) Seeking L

L = LCM (p-1, q-1) = LCM (16, 18) = 144

(3) Ask E

The greatest common divisor of E and L must be 1:

GCD (E, L) = 1

There are many e-numbers that meet the criteria, and the prime numbers within 100 are:

5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97

We pick one, like 5 as E, then the public key pair is (e=5, n=323)

(4) Ask D

D must meet:

E * D mod L = 1

In the case of E = 3, D = 59 is satisfied because:

5 * MoD 144 = 1

So the private key pair is (d=29, n=323)

Both public/private key pairs are available for encryption and decryption, assuming clear text 42:

(5) encryption

ciphertext = plaintext E mod N = 5 MoD 323 = 264

(6) Decryption

Clear text = ciphertext D MoD N = + 323 mod = number ratio is larger, can be decomposed to power:

(323 MoD) * (323 MoD) * (9 mod 323) mod 323 = 42

The algorithm principle of RSA

To learn more about the math behind RSA, you can refer to the Nanyi RSA algorithm principle (i) and (ii)

AES and RSA application hybrid cipher system

By comparison, we know:

• RSA is more difficult to crack than AES, because it does not need to worry about the key in the transmission process of leakage, there is only a possibility of brute force;
• AES has the advantage of grouping as a wheel, plus decryption speed is very fast, generally speaking, AES speed hundreds of times times the RSA

So in real-world applications, we will mix AES and RSA, for example to encrypt a file that is not small in size, and might do this:

1. Generates a one-time random key that encrypts a file using AES's CBC mode AES-256-CBC (encrypted packet 256-bit)
2. After encryption is complete, in order to safely pass this one-time random key, we use the recipient's RSA public key to encrypt it, with the encrypted file sent together
3. The receiver uses the private key for decryption, obtains the original AES key, and decrypts the file

Example

The application of the above scenario, such as in node. JS, can be implemented as follows:

(1) Generate AES with secret key:

var passwdlength = n;  Initialize the random vector length var Aespassword = require (' crypto '). Randombytes (passwdlength); require (' FS '). Writefilesync (' Aespassword ', Aespassword); Writing files for use with OpenSSL

(2) Use OpenSSL AES to encrypt files represented by filename:

OpenSSL enc-aes--cbc-kfile aespassword-in filename-out filename.out

(3) using the Open RSA encryption key

OpenSSL enc rsautl-encrypt-pubin-inkey id_rsa.pub- in Aespassword-out aespassword.out

The filename.out and aespassword.out are sent to each other, and the receiver uses OpenSSL to perform a reverse operation to decrypt it.

Reference

1. OpenSSL command manual: http://netkiller.github.io/cryptography/openssl/index.html
2. Node-rsa:https://github.com/rzcoder/node-rsa

More articles please visit my blog new address: http://www.moye.me/

[node. js] Symmetric encryption, public key cryptography, and RSA