First of all, it is said that SSH is not the three main framework of Java tradition, but a kind of security shell protocol based on application layer and transport layer, and familiar with Linux friends often use a tool of SSH Secure Shell cilent. This paper is also based on this tool encryption principle of learning, in the SSH encryption principle, the use of RSA Asymmetric encryption algorithm, this article also do a learning and understanding.
asymmetric encryption algorithm
In the daily work of production, we often need to communicate data, developers often need to decrypt the data to ensure that the data security. Data encryption algorithm is not symmetric encryption and asymmetric encryption two, commonly used des, Sanchong des, AES, etc. are symmetric encryption, that is, through a key can be data encryption and decryption, once the key leaks, the transmission of data is not secure.
The core of asymmetric encryption algorithm originates from mathematics problem, it exists the concept of public key and private key, and it takes two keys to complete encryption and decryption operation. We often say that "public key encryption, private key Encryption" or "private key encryption, public key decryption" is the category of asymmetric encryption, the RSA algorithm described later is also a typical asymmetric encryption algorithm. The public key encrypted data must be decrypted using the private key, and the data encrypted by the private key can only be decrypted by the public key.
Compared with symmetric encryption, the security of asymmetric encryption has been improved, but there are obvious shortcomings, the efficiency of asymmetric plus decryption is much less than symmetric plus decryption. Therefore, asymmetric encryption is often used in some applications or areas where security requirements are high.
Typical RSA Asymmetric encryption
RSA encryption algorithm is a typical asymmetric encryption algorithm, it is based on large number of factorization math problem, it is also the most widely used asymmetric encryption algorithm, in 1978 by the United States Massachusetts Institute of Technology (MIT) three-bit learning: Ron Rivest, Adi Shamir and Leonard Adleman co-proposed.
The principle is simple, we assume that there is message sender A and message receiver B, through the following steps, we can complete the encryption of the message delivery:
Message sender A locally constructs the key pair, the public key, and the private key;
Message sender A sends the resulting public key to the message receiver B;
When B sends the data to a, it is encrypted by the public key , and a is decrypted by the private key after receiving the data, and a communication is completed;
Conversely, when a sends data to B, the data is encrypted with the private key , and B is decrypted by the public key after receiving the data.
Because the public key is the message sender A is exposed to the message receiver B, there is a security risk in this way, if the public key is leaking during the data transfer, a data encrypted by a private key may be decrypted.
If a more secure cryptographic messaging model is to be established, the message sender and the message receiver are required to build a set of key pairs and expose their respective public keys to each other, and when the message is delivered, A through B's public key encrypts the data, B receives the message through B's private key Decryption, whereas B is encrypted by the public key of a, and a is decrypted by the private key of a after it receives the message.
Of course, this approach may have the potential for data transmission to be simulated, we can use digital signature technology to further enhance security. Due to the existence of multiple asymmetric encryption and decryption, the efficiency of this method is more serious.
SSH encryption principle
In the principle of SSH security protocol, is a combination of asymmetric encryption and symmetric encryption algorithm, look first:
Here is a description:
First, the server will generate a public key and private key through asymmetric encryption;
When the client initiates the request, the server exposes the public key to the client, and the public key can be exposed arbitrarily;
After the client obtains the public key , it first produces a session key consisting of 256 random digits, which is called a password;
The client encrypts the password through the public key and sends it to the server side;
The server side is decrypted by the private key to obtain the communication password;
After that, the client and the service side of the information passing, all through this password for symmetric encryption.
Personal feeling, such a design to a certain extent improve the efficiency of encryption and decryption, however, and the client service side to build a set of key pairs of encryption and decryption method compared to the security may be reduced. In the above-described through the password encryption process, the data can also be tapped, but because the key is 256 random numbers, there are 10 of the 256-way combination, so it is very difficult to crack. Relative or relatively safe. The server side and the client both know the key in advance, ssh this way, and the server is getting the key through decryption.
DH key exchange algorithm
The principle of SSH is based on RSA Asymmetric encryption, RSA is based on large number of factorization math problem, the following mentioned DH key exchange algorithm is based on the discrete logarithm problem on the finite domain.
DH algorithm is a key negotiation algorithm, only for the allocation of keys, not for the addition and decryption of messages. It provides a secure way to exchange keys for data encryption and decryption by exchanging the keys. Like the SSH principle, the password is exchanged, but the DH algorithm is more secure.
Let us give an example to illustrate the hypothesis that there are two sides, a, B, a as the sender, and B as the receiver. The following steps allow you to build a key password that belongs to both parties, as follows:
First, A, b both sides, in the communication before the construction of their own key pair, the assumption is public key A, private key A, public key B, private key B;
-
A exposes its own public key a to b,b through private key B and public key a key b
Similarly, B will own the public key B Exposure to A,A throughprivate Key Aand the public key B key a
Finally, the interesting point of this algorithm is that the key a and key b are consistent, so that both A and B have a "secret" password that belongs to both parties;
The result of DH algorithm is that symmetric encryption is excessive to asymmetric encryption, which lays a foundation for the generation and development of the subsequent asymmetric encryption.
Summary: In the process of writing, read some of the encryption and decryption algorithms, made the understanding, after all, the industry has specialized, there may be some understanding of biased, or even wrong place, I hope you criticize correct.
See here: SSH encryption principle, RSA Asymmetric Encryption algorithm learning and understanding
SSH encryption principle, RSA Asymmetric Encryption algorithm learning and understanding