Security System (0)--encryption and decryption algorithm, message digest, message authentication technology, digital signature and public key certificate

Reprint Address: http://www.cnblogs.com/songwenlong/p/6517165.html

Table of Contents 0. Overview 1. Security of data transmission 2. Guaranteed Integrity 3. Guarantee the authenticity of the data 4. Public key Certificate 5. Algorithm detailed index

Body

This article explains symmetric encryption, asymmetric encryption, message digest, MAC, digital signature, the use of public key certificates, deficiencies, and problems solved.

Security System (i)--des algorithm detailed

Security System (ii)--RSA algorithm detailed

Security System (iii)--SHA1 algorithm detailed back to top 0. Overview

When sender a sends data to receiver B, there are a few issues to consider:

1. Security of the data.

2. The integrity of the data, i.e. the data is not tampered with.

3. The authenticity of the data, that the data does come from the sender, is not replaced during the transfer.

4. The non-repudiation of the data, that is, verifying that the sender did send the data.

This article is only a complete set of system to do a whole introduction, follow-up article detailed explanation of each step and algorithm.

The overall structure of this paper is shown below.

Basic concepts:

Password: According to a specific law, used to communicate the information between the two sides of the symbol of the Ming-and-secret transformation.

Key: In modern cryptography, the secret key refers to a specific set of secret data, in the encryption, it controls the cipher algorithm in accordance with the specified method to transform the plaintext into the corresponding ciphertext, and a set of source identification information to transform the non-forgery signature; at decryption, it controls the cipher algorithm to transform the ciphertext into the corresponding plaintext in the specified way, and transforms the signature information into an undeniable source of evidence. Back to top 1. Security of data transfer

The method to ensure the security of data transmission is to encrypt it, and the commonly used encryption algorithm has symmetric and asymmetric encryption. 1.1 Symmetric encryption

Also known as shared encryption, plus decryption uses the same key.

Common algorithms:

DES 3DES AES RC5 RC6

Cases:

1). For security, a sends data encryption to B.

2). Ciphertext is intercepted even during transmission because it is not known that the key cannot be decrypted.

3). b After the ciphertext is received, it needs to be decrypted using the same encryption key.

4). Requires a to pass the key to B, but securing the key during transmission is a problem.

Advantages:

The calculation speed is fast.

Disadvantages:

In order to transmit the data, the data is encrypted and transmitted, but symmetric encryption requires the sender to pass the key securely to the receiver so that the receiver can decrypt it, so that the safe transfer of the key becomes a problem.

Problem:

How to ensure the security of the key. 1.2 Asymmetric Encryption

Also known as Public key cryptography, this set of key algorithms contains a matching key pair, divided into encryption key and decryption key. The encryption key is exposed, also known as the public key, when the decryption key is private, also known as the private key. The data sender uses the public key to encrypt the data, and the data recipient uses the private key for data decryption.

Common algorithms:

Rsa

Cases:

1). b generates a key pair, passes the public key to a, and the private key remains itself. The public key is not related even if it is obtained by someone else.

2). A The key passed by B will encrypt the plaintext data sent, and then send the ciphertext to a. Other people cannot decrypt even if they get ciphertext, because there is no matching private key to decrypt.

3). b receives a transmission of ciphertext, with its own private key to decrypt the ciphertext, get clear text.

Advantages:

Resolves security issues with the key.

Disadvantages:

First, the calculation speed is slow;

The second is that the public key cannot be guaranteed to be legitimate because the received public key cannot be guaranteed to be sent by B, for example, the attacker intercepts the B message and replaces the public key.

Here's a question, the solution: how to make sure the public key is legal. Back to top 2. Guaranteed Data Integrity Message Summary

A message digest function is an algorithm for judging data integrity, also known as a hash function or hash function, where the return value of a function is hashed, and the hash value is called a message digest or fingerprint.

This algorithm is irreversible, that is, it is not possible to reverse the derivation of a message through a message digest, so it is called a one-way hash function.

Common algorithms:

MD5 SHA

Cases:

When we use a certain software, we need to confirm whether it is the full version provided by the official after downloading and whether it has been tampered with. Typically, the software provider provides the hash value of the software, after which the user downloads the software, computes the hash value locally using the same hashing algorithm, and contrasts with the officially provided hash value. If the same, the software is complete and has not been modified.

Advantages:

The integrity of the data can be guaranteed.

Disadvantages:

The authenticity of the data cannot be guaranteed, that is, the data and hash values are not determined to come from the sender, because the attacker can completely replace the data with the hash value.

Problem:

How to verify that the sent data does come from the sender. Back to top 3. Guarantee the authenticity of the data

To ensure that the data comes from the sender, the acknowledgment message is from the correct sender, known as message authentication. 3.1 Message authentication code

The Message Authentication code (MSG authentication code, or Mac) is a technology that confirms the integrity of the message and authenticates it. A message authentication code can be simply understood as a one-way hash function associated with a key.

Cases:

1). A the shared key is sent to B before sending the message to B.

2). A use the shared key to calculate the Mac value for the message to be sent, and then send the message and Mac to B.

3). b after receiving the message and Mac values, use the shared key to calculate the Mac value compared to the Mac value received.

4). If the Mac value is the same, the message received is complete and a is sent.

There is also a symmetric cryptographic key distribution problem, which can be resolved using public key cryptography.

Advantages:

The integrity and authenticity of the data can be guaranteed.

Disadvantages:

Although the receiver can determine the integrity and authenticity of the message, resolve the problem of tampering and forgery of the message, it does not prevent a denial of the message being sent.

Cases:

Add a to B sent a message, B received, a denied that he sent a message to B, and deny that "although I and B can calculate the correct Mac value, but may be the key of B was stolen by the attacker, the attacker gave B messages." ”

Problem:

How to make it impossible for a sender to deny sending data. 3.2 Digital Signatures

Digital Signature can resolve a problem where the sender denies sending a message.

The focus of a digital signature is that the sender and receiver use different keys to authenticate, and to guarantee the uniqueness of the sender key, the public key algorithm can be used in turn to do this: A message is signed with the private key before it is sent, and B is authenticated with the paired public key after receiving the message; The message is that a is sent because only a uses the paired private key, and the third party is also the basis for the decision to ensure fairness.

Cases:

1). A the message is processed with a hash function to generate the message digest, and the digest is encrypted with the private key to generate the signature, and the signature and the message are sent to B.

2). Data is transmitted over the network to B, and of course, for security purposes, the data can be encrypted using the encryption method described above.

3). b After receiving the data, extract the message and signature for verification. The same hash function is used to generate the message digest, comparing it to the result of the signature being decrypted with the paired public key, if the same, indicating that the signature verification was successful. The message is a sent, and if the validation fails, the message is not sent by a.

Problem: