The cryptographic technology that must be understood

Password system

Suppose Alice wants to send a message to her bank to transfer funds and hopes the news is confidential because it contains information such as her account number and the amount of the transfer. One option is to use a cryptography system that transforms the information that is being transmitted into an encrypted form, which can only be understood by those who want him to read. Once encrypted in this form, this message may only be deciphered with a key, if not, then this information is useless, because a good password system can make it difficult to decipher the original text is not worth their effort to spend so much.

Regular password : Also known as symmetric password, requires both the sender and the receiver to hold a key: a small piece of secret information used to encrypt and decrypt. If the key is confidential, then this message may not be readable except by the sender and the recipient. If Alice and the bank hold a key together, they can send confidential information to each other. However, the choice of the private communication key itself may not be invulnerable.

Public Key Password : Also known as asymmetric password, defines an algorithm that uses two keys to solve the key exchange problem, one key for encryption, and the other for decryption, which makes it easy to advertise a key (public key, short, public key) while preserving other (private key, abbreviation: Private key) It is possible to receive confidential messages.

Anyone can encrypt a message with the public key and only allow the holder of the private key to read it. In this way, Alice may use the public key to encrypt its confidential message and send it to the holder of the private key (the bank), only the bank can decrypt it.

Message digest

While Alice may encrypt its message to make it private, it should be noted that some people may tamper with or replace their original messages to transfer funds to their own accounts. One way to ensure the integrity of Alice's message is to send a simple summary of its message to the bank for the bank to match the message itself, and the message is correct if it matches.

Such a method is called a message digest, a one-way function, or a hash function. The message digest is used to establish a shorter and longer-term representation of a large, longer message, which is designed to make it extremely difficult to restore a digest to a message, and it is almost impossible to generate the same digest for two different messages, thereby eliminating the possibility of replacing one message for another while maintaining the same digest.

Another challenge for Alice is to ensure that the digest is sent to the bank for security, so that the integrity of the message can be ensured.

One workaround is to include a digital signature in the digest.

Digital signatures

When Alice sends a message to the bank, the bank needs to confirm that the message was sent by her rather than by the intruder stealing her account. To do this, you can include a digital signature that was established by Alice in the message.

A digital signature is established with an encrypted message digest and other information (such as a serial number) and the sender's private key. Although it is possible for anyone to decrypt a signature with a public key, only the issuer knows its private key, that is, only the holder of the key can issue it. The digest contained in the signature is valid only for that message, to ensure that no one can change the digest and keep the signature intact.

To avoid the signature being deciphered and re-used by the intruder, the signature contains a serial number. So, in case (just assuming) Alice did not send this message, although she may have actually issued it, the bank could be protected from fraudulent charges.

The cryptographic technology that must be understood