The public-private key pair can be obtained by an algorithm.
Public key: A public and accessible secret key. Used for encryption and decryption, information encrypted with public key can only be solved with corresponding private key.
Private key: there is only one holder, and no one else can get it. Used for encryption and decryption. Only the corresponding public key can decrypt the information encrypted by the private key. Because the private key is unique, it can be used to identify the identity. It should be noted that the uniqueness of the private key is based on its own public key.
Asymmetric encryption: This process uses two different keys for encryption and decryption. Private key encryption can only be solved by public key, and public key encryption can be solved by private key. The general flow is: A generates a public-private key pair, gives the public key to B, B sends the information encrypted with the public key to A, and A decrypts it with the private key.
Calculate any set of input data by algorithms, and get a fixed-length output summary, such as MD5 algorithm and SHA- 1 algorithm of RSA Company.
Signature: It consists of two parts: summarizing the signed information to get a result value, and encrypting this value with the private key in asymmetric encryption (for example, app signature is to summarize its own files several times and then encrypt them with the private key, and https process signature is to summarize some enterprise certificate information and then encrypt them with the private key).
Certificate: public key related information, other information, such as certificate validity period, name, and finally information with private key signature, is generally in the format of X.509V3 international standard (the certificate fingerprint in app is the hash value of the information related to the signing tool, excluding the additional private key signature, which will only change with the change of signature keystore and will not change when the app changes, so it is used to match the package name for identity authentication, and is often used in the upgrade and installation scenario of app).
Keystore: certificate repository file, which stores certificate information, public key and private key (private key is protected by setting password). Access to private key requires password.
CA: a third-party trusted organization. Why do you need to use a third-party trusted authority (CA) in the asymmetric encrypted transmission of https? Everyone can determine the identity of the CA by decrypting it with the public key sent by the local CA. Because CA is the sole owner of the private key, what CA does is to sign a legal server certificate, so after the client authenticates the identity of CA, it naturally thinks that the server certificate signed by CA is legal.
Note that https involves two pairs of public key and private key, the private key of CA is used for signature, and its signature information is used to prevent tampering. The public key and private key of CA jointly determine the identity of CA. The public key and private key of the server are used to encrypt and decrypt information, and also to determine the identity of the server. Interactive information is used to negotiate symmetric keys.