Two types of cryptosystems
Symmetric key cryptosystem : encryption key and decryption key are the same
Data encryption standard DES
The plaintext is grouped, each group is 64 bits long, and each group is encrypted to generate 64-bit ciphertext data.
The secret key is 64 (actually 56 bits, 8 for verification)
The confidentiality of DES depends on keeping the secret key secret, and the algorithm is public.
The disadvantage is that the 56-bit long secret key means that there are 256 possible secret keys, which are easy to decipher.
Public key cryptosystem : use different encryption keys and private keys
Reasons: 1. The key distribution problem of the symmetric secret key cryptosystem 2. The demand for digital signatures
In a symmetric key, it is difficult for both encryption and decryption parties to use the same key, and it is difficult to determine in advance to use the same key. If the key is transmitted online, it will also be intercepted (after interception, the information will not be sent to the receiver, only the receiver) knows, the malicious person intercepts the information, obtains the key, forges it, and uses the key Encrypted and sent to the receiver. Although the receiver can decrypt it, it cannot guarantee that the correct letter of the information is sent by the sender.
Digital signature: The entry information was sent by someone, not by someone else intercepting the original information on the Internet and sending forged information.
Among the public key keys, the encryption key PK is public, and the decryption key is confidential. Both the encryption algorithm and the decryption algorithm are public.
B encrypts the ciphertext with A’s public key and sends it to A, and A uses his own key to decrypt it. Because only A knows his own key and does not upload the key online, the malicious person can only intercept the information B sent to A. , But cannot know the content of the information, but the malicious person can still disguise the ciphertext, because the malicious person also knows the public key of A. So it needs to be digitally signed
Digital signature function
1. The receiver can be sure that the message was sent by the sender, and other people cannot forge the signature of the message. Message authentication
2. The receiver is sure that the received data is exactly the same as that sent by the sender and has not been tampered with. Message integrity
3. The sender cannot deny the signature of the message afterwards. Undeniable
1. A uses its private key to perform D operation (decryption operation) on the plaintext (which contains the content of the message sent to B and tells B that this is the ID sent by me) to obtain the unreadable ciphertext. Pass to B
2. In order to verify the signature, B uses A's public key to perform E operation to restore the plaintext.
Note that anyone can use A's public key to perform E operations on the message to get the plaintext, but it cannot be tampered with, because it does not know what the A key is.
Even if the interceptor tampered with the message, but does not have A's key, then even if the tampering is sent to B, B will get unreadable plaintext after decryption, and know that the message is tampered with.
But doing so can prevent malicious people from forging information, but malicious people can also see the content of the message, so in order to prevent the content from being seen.
A uses its private key to perform operations on plaintext D, and B’s public key to perform operations on E.
B uses its own private key D to calculate the received ciphertext, and then uses A's public key E to calculate
Everyone’s public key can be found online (for example, a server has everyone’s public key)
Authentication: Verify that the two parties in the communication are indeed the objects they want to communicate with, not other imposters.
Points: 1. Message authentication: the received message is sent by the sender and not forged by others. 2. Entity authentication
Many messages do not need to be encrypted but need digital signatures, so that the receiver can identify the authenticity of the message, but signing a very long message will waste too much time. At this time, you can use the method of authenticating the message
Message Digest (MD) is a simple method for message identification
A takes the longer message X through the message digest algorithm to obtain a short message digest H, and then uses its own private key to perform D operation on H and digitally sign it. Get the signed message digest-called the message authentication code MAC
Append the MAC to X and send it to B.
After B receives it, it separates the message X from the MAC. Then perform the same message digest operation on message X
Use A's public key to decrypt MAC, E operation, and message digest
If it is the same as the message digest of the E operation, it can be judged that it was sent by the sender and there is no forgery.
It only needs to verify the counterparty entity communicating with itself once during the whole time of system access