Encryption and decryption use the same key.
This encryption algorithm has the advantages of small calculation, fast encryption speed and high encryption efficiency.
The shortcomings are also obvious. Before transmitting data, both parties must agree and save the key. If either party reveals the key, the encrypted information will no longer be secure. In addition, every time we use symmetric encryption algorithm, we need to use a unique key that others don't know, which will make both parties have a large number of keys and make managing keys a burden.
Asymmetric encryption requires two keys for encryption and decryption, which are called public key and private key respectively.
The use of these two keys corresponds to each other. If the file is encrypted with the public key, the decryption can only be decrypted with the corresponding private key. Similarly, if a file is encrypted with a private key, only the corresponding public key can be used for decryption.
There is a disadvantage here: because B's public key is public, someone impersonates Party A to use B's public key to send a request.
Solution: First, Party A encrypts the message with its own private key to generate another ciphertext, and then sends the ciphertext to Party B. If Party B can decrypt the message with its own public key after receiving it, it means that the message is indeed sent by Party A. ..
Although the above method solves the problem of identity authentication, because everyone has a public key, as long as the message is intercepted in the middle of transmission, it will be decrypted; In addition, encrypting files can be a time-consuming process. For example, if the file is large enough, the cost of encrypting the whole file with the private key and decrypting it after getting it is undoubtedly huge. In order to solve these two problems, digital signature appeared.
The sending process of digital signature is as follows:
Using digital signatures, we can verify the integrity of the source and message. But there are still some defects. If a third person C secretly replaces A's public key with his own public key in B's computer, and then sends information to B with his own private key, then B will think that the received message is sent by A. ..
In order to solve this problem, there is a digital certificate.
Digital certificate is to solve the problem that it is impossible to distinguish the ownership of keys in computers. In fact, it is to make an ID card for the public key, so that others can find out who the public key really belongs to.
But there is still a problem: suppose there are 10 thousand people, each with a CA certificate, then B has to declare 10 thousand different CA public keys to verify their identity. It is out of the question.
So there is a "root certificate". The root certificate stores the public key of CA to verify all digital certificates issued by CA, and B only needs to save one root certificate to verify everyone's identity.
exceed
Original link:/kswkly/article/details/83617944