Information encrypted by A with A's private key can only be decrypted by others with A's public key. It can be proved that this information must have been sent by A.
* * * Enjoy the secret key (symmetric encryption): it is fast, but it cannot guarantee the security of the secret key when transmitting between the client and the server.
And public key (asymmetric encryption): secure and slow.
1. The client requests SSL (Secure Sockets Layer) communication, and the message contains the SSL version and encryption algorithm it supports.
Secondly, the server responds with its own public key certificate and negotiates the SSL version and encryption components.
3. The client unseals the server public key certificate according to its local trusted CA public key to obtain the server public key. The client generates a random code sequence, encrypts it with the server public key, and then sends it back to the server.
4. After the server decrypts with the private key, it encrypts and sends the string back to the client.
5. After the client confirms the identity of the server, it generates a symmetric encryption algorithm and a * * * shared key, which are encrypted with the server public key and then transmitted to the server.
6. After that, both parties use symmetric encryption algorithm to encrypt the data and transmit it.
In the above process, one is used to obtain the legal server public key, and three are used to confirm whether the server is the real private key holder (because anyone can obtain the server public key).
It is absolutely safe to encrypt with a true random number sequence as long as the plaintext bit sequence, because it is meaningless to get the whole key space after exhaustive decoding.
The cryptographic algorithm of block processing is called block cipher.
Feistel network is adopted.
With 64 bit as the encryption unit, it is divided into two parts, each part is 32 bit.
The encryption process lasts several rounds. In each round, a sequence is generated by using the sub-key and the data on the right through the round function, and then the sequence is XOR-operated with the data on the left.
After each round, switch left and right.
The encryption and decryption structure is the same, the number of rounds is arbitrary, and the functions are arbitrary.
Encrypting, decrypting and encrypting plaintext with the key 1, 2,3 is called triple DES.
The decryption process should be compatible with the old version of DES. If the keys of 1, 2, 3 are the same, it becomes an ordinary DES.
1 and 3 have the same key, but 2 is different, so it is called DES-EDE2.
1, 2,3 have different keys, which are called DES-EDE3.
Rijndael algorithm and SPN structure are adopted.
The input packet is 128bit( 16 bytes), and the key length can be 32 bits, which can be selected between 128 and 256 bits.
The algorithm consists of multiple rounds, 10~ 14 rounds.
In one round:
Subbytes, input by byte, with each byte as the index, look up the table to find the value and replace it.
ShiftRows (shift rows), by byte, disturb the output above.
MixColumns, operated by 4 bytes and bits.
XOR with the round key.
Block cipher: a certain length of data at a time.
Stream cipher: For the continuous processing of data stream, it is necessary to keep the internal state and record the progress.
After the plaintext block is encrypted, it becomes a ciphertext block directly.
Features: Attackers can manipulate plaintext without decryption.
The plaintext block is XOR-ed with the previous ciphertext block and encrypted to get its own ciphertext block.
The previous ciphertext packet of the first packet is replaced by an initialization vector (random bit sequence).
You need to start from scratch when encrypting. Because it needs to be XOR with ciphertext packets.
When decrypting, the ciphertext packet is decrypted and directly XOR with the ciphertext packet.
For the same plaintext group, the ciphertext values may not be equal.
Ciphertext packets may be destroyed, affecting parts.
The lack of ciphertext grouping bits affects all.
In the previous ciphertext block, a bit sequence is obtained by encryption algorithm, which is called key stream.
Clear text grouping, XOR with key stream, get your own ciphertext grouping.
When decrypting, the encryption algorithm encrypts the ciphertext packet to get the key stream, which can be XOR with the ciphertext to get the plaintext.
Repeated attack: Assuming the same key. Four packets were sent and the attacker saved the last three. The next day, you sent four more packages, and the attacker replaced the last three. After the receiver decrypts, only the second packet is wrong.
For each packet, the keystream is obtained after initializing vector encryption. The plaintext and the key stream are XOR, and the ciphertext is obtained.
The speed is high, and the key stream can be generated in advance, or the process of generating the key can be parallel to XOR operation.
Encrypt each counter to obtain the key stream. The key stream is XOR with the plaintext packet to obtain the ciphertext packet.
The number generated by the counter consists of the random sequence nonce+ numbers increasing from 1.
For each group, the counter is incremented and encrypted to obtain the key stream.
Data packets can be processed in any order, because the initial digital sequence required for encryption can be calculated.
In order to ensure safety, there are geographical restrictions, and different keys are needed to communicate with different people, which is very cumbersome.
Each employee has his own key, and the key distribution center uses the personal key to package the temporary session key and distribute it to each employee.
Ciphertext = e-power module n of plaintext
E and n are RSA encryption keys, that is, the combination of e and n is the public key.
Plaintext = d power module n of ciphertext
The combination of d and n is the private key.
Find two large prime numbers p and q and multiply them to get n.
L is the least common multiple of p- 1 and q- 1.
A random number generator that continuously generates numbers until the following conditions are met:
1 & lt; E & ltL
The greatest common divisor of e and l is 1.
According to e, calculate d.
1 & lt; E & ltL
E × D MOD L = 1
Make sure that e and l are coprime, then d must exist.
It is easy to find logarithm, but difficult to find discrete logarithm.
We haven't found an effective algorithm to decompose a large number into prime factors.
The difficulty of finding discrete logarithm under MOD N
After encryption, the ciphertext length is doubled.
Taking advantage of the difficulty of finding the square root in modulus n
Cryptography is realized by special multiplication of specific points on elliptic curves.
The inverse operation of this multiplication is difficult.
One-way hash function is also called message digest function, hash function and hash function.
The input message is also called the original image.
Hash value is also called message digest and fingerprint.
Integrity is also called consistency.
The length of the calculated hash value is fixed according to any message.
Take a short time.
Different messages have different hash values.
There is one way
MD stands for message digest.
Hash values of 128bit can be generated, but their anti-collision ability has been broken.
SHA- 1 has a hash value of 160bit, and its strong collision has been broken.
The rest are collectively called SHA-2, and the length of hash value is the number after each one.
Eu version
Third generation SHA
The message is limited to 2 64 bits.
The message length must be an integer multiple of 5 12 bits. Such 5 12 bits are called an input packet.
Process:
Add 1 at the end of the message.
Then add 0 until the 448-bit position of the last packet.
The last 64 bits need to save the length of the original message.
Calculate 80 32-bit values for each packet.
Process:
Divide 5 12bit into 32bit × 16 groups, which are called W0~W 15.
According to the law, four groups are selected from the 15 group, XOR operation is performed, and the result is circularly shifted to the left by 1 bit to obtain another group. Repeatedly, a total of 80 groups were obtained.
ABCDE has five 32-bit buffers to store the internal status of 160-bit messages.
It takes 80 steps to mix the internal state with each 5 12 bit input packet.
Finally, the final internal state of 160bit is obtained.
Violent cracking: violent search for files with the same hash value as the contract of 654.38 billion yuan.
Birthday attack: prepare two contracts with the same hash value, 654.38 billion yuan.
You can distinguish between tampering and camouflage, so you need authentication technology.
Authentication technology includes message verification code and digital signature.
Message verification code: it can ensure that the message of the communication object will not be tampered with.
Digital signature: anyone can be sure that the communication object will not be tampered with.
Message authentication code, short for MAC.
It is equivalent to using a one-way hash function with a * * * shared key.
SWIFT: responsible for inter-bank transactions. Before using public key cryptography, keys were distributed manually.
IPsec: The security of IP protocol is increased, and the message authentication code is adopted.
SSL/TLS: A protocol for online shopping and other scenarios.
Process:
The key is filled to the input packet size required by the one-way hash function.
The filled key is XOR-ed with the ipad (36 in 16 loops continuously) to get the ipadkey.
Combine the message and calculate the hash value.
XOR the filled key with OPAD (5C in16) to get opadkey.
Combined with the hash value obtained above, the new hash value is calculated as the final MAC value.
Prove to a third party
Prevent denial
Because only two parties know the key, the third party can't be sure to get the legal key and can't calculate the legal MAC value by itself.
RSA: The one that decomposes the difficulty with prime factors.
ElGamal: Taking advantage of the difficulty of finding discrete logarithm, the digital signature has loopholes, and now it is only used for public key cryptography.
Dsa: a variant of schnorr algorithm and ElGamal method, which can only be used for digital signature.
Rabin: It takes advantage of the difficulty of finding the square root in MOD N and can be used for digital signature and public key cryptography.
For example, verisign's authentication business is divided into three levels, and the higher the level, the stricter it is.
X.509 specifications formulated by ITU, ITU and ISO are as follows.
Generally includes the following contents:
Certificate before signing-various messages of the signing object.
Digital signature algorithm-the algorithm used when signing.
Digital Signature-The generated digital signature.
PKI: a series of specifications and instructions for effective use of public keys.
The components of PKI are as follows
There are two methods: one is generated by a certificate authority, and the other is generated by PKI users themselves.
The certification authority has a digitally signed CRL (Certificate Expiration List), which records the number of expired certificates.
When authenticating, from top to bottom (root certificate).
For keys, the key is the size of the key space.
The actual length of DES key (that is, the length after deleting the bits with verification errors) is 7 bytes.
The actual length of DES-EDE2 is 14 bytes, and the actual length of DES-EDE3 is 2 1 byte.
The key length of AES can be selected from 128, 192 and 256 bits.
Session key: a key that is used only once in each communication.
Master key: a key that can be reused.
CEK: content encryption key
KEK: key encryption key
Key management method of each step
Two methods:
Generating keys with random numbers: Use an unpredictable pseudo-random number generator to generate random numbers.
Generate a key with a password: generally, password+ a string of random numbers called salt, and take their hash values as the key (this method is called password-based password).
Enjoy in advance
Key distribution center
Use public key
Diffie–Hellman key exchange
Key update: a technology to improve communication confidentiality
Principle:
When using * * * communication, change the key regularly.
Both parties use the same method to hash the current key and use it as the next key.
Advantages:
Backward security: prevents the decoding of past content.
Encrypt the key and save it.
Meaning:
Encrypting multiple keys simultaneously can reduce the number of stored keys.
Steps:
P is a very large prime number, and g is the generator of p.
The purpose is to send the information of random number A to B implicitly.
The purpose is to send the information of random number B to A implicitly.
Calculation method: key = (g b mod p) a mod p = g (a× b) mod p.
Calculation method: key = (g a mod p) b mod p = g (a× b) mod p p.
For a prime number p, only its generator can cover all numbers from 0 to P- 1 when G x mod P is performed.
Usage: used for safe storage of keys.
Origin:
As soon as the session key CEK is generated, the message is encrypted.
Second, the session key CEK needs to be kept secret, and the session key is kept secret by using the key encryption key KEK.
Third, we now need to keep the key KEK secret and choose to use a password to generate this KEK.
The problem of confidentiality ultimately boils down to keeping the key safely, but we can't remember the key.
Therefore, the one-way hash function is selected to generate the hash value of the password as the key.
This key does not need to be saved, we can get it at any time through the password, and the password is irreversible and easy to remember.
By the way, in order to prevent dictionary attacks, password+salt (random number sequence) is needed when generating password hash value.
Attack method with pre-prepared candidate list
randomness
unpredictability
Invisibility
These three attributes become stricter with our deepening. It's called:
Weak pseudo-random number (not applicable to cryptography)
Strong pseudo-random number
True random number
The pseudo-random number generator is public and the seed is confidential.
It is easier to ensure the unpredictability of seeds.
The seed is used to initialize the internal state of the pseudo random number generator.
R 1 = (A × R0 + C) MOD M
The data is limited and cannot be used for encryption.
One-way hash function is the basis to support the unpredictability of pseudo-random number sequence.
Encrypt the internal state with symmetric keys such as AES.
From the current time, use encryption algorithm to find the mask of encryption time (because the key is unknown, others can't infer the mask information).
XOR with internal state, encrypted and output to obtain pseudo-random number sequence.
After the pseudo-random number sequence is encrypted, it is regarded as the next internal state.
In extreme cases, the password software is fully functional.
TLS is the superposition of TLS recording protocol and TLS handshake protocol.
Responsible for message encryption, compression and verification.
Agree on the encryption algorithm and key used by the client and the server.
Responsible for transmitting the signal to change the password
Notify the other party when an error occurs.
Transmission data