? Compared with symmetric encryption, asymmetric encryption has improved security, but it also has obvious shortcomings. Asymmetric encryption and decryption are far less efficient than symmetric encryption and decryption. Therefore, asymmetric encryption is often used in some applications or fields with high security requirements.
RSA encryption algorithm is a typical asymmetric encryption algorithm, which decomposes mathematical problems based on factorization of large numbers. It is also the most widely used asymmetric encryption algorithm. It was put forward by three scholars of Massachusetts Institute of Technology (MIT) in 1978: Ron Livingstone, adi shamir and Leonard Aderman.
? Its principle is relatively simple. We assume that there is a message sender A and a message receiver B, and we can complete the encrypted transmission of the message through the following steps:
? (1) Message sender A constructs a key pair, a public key and a private key locally;
? (2) The message sender A sends the generated public key to the message receiver B;
? (3) When B sends data to A, it is encrypted with public key, and after A receives the data, it is decrypted with private key to complete a communication;
? (4) On the contrary, when A sends data to B, it encrypts the data through the private key, and B decrypts the data through the public key after receiving it.
? Because the public key is disclosed by the message sender A to the message receiver B, there are certain security risks in this way. If the public key is leaked during data transmission, the data encrypted by A through the private key may be decrypted.
? If we want to build a more secure encrypted messaging model, we need the message sender and the message receiver to construct a set of key pairs and disclose their public keys to each other. In the process of message transmission, A encrypts data through B's public key, and B decrypts the message through B's private key, otherwise B is encrypted through A's public key, and A decrypts it through A's private key after receiving the message.
? Of course, there may be hidden dangers of data transmission being simulated in this way, and we can further improve the security through technologies such as digital signature. Because there are many asymmetric encryption and decryption, the efficiency problem brought by this method is more serious. You can read these two articles in detail: RSA algorithm principle (1) and (2)
In the principle of SSH security protocol, it is the combination of asymmetric encryption and symmetric encryption algorithm, first look at the following figure:
Here's an explanation:
(1) First, the server generates a public key and a private key through asymmetric encryption.
(2) When the client initiates a request, the server discloses the public key to the client, which can be disclosed at will;
(3) After obtaining the public key, the client will first generate a session key consisting of 256 random numbers, which is called password here.
(4) the client encrypts the password through the public key and sends it to the server;
(5) the server decrypts the private key to obtain the communication password;
? After that, the information transmission between the client and the server is symmetrically encrypted with this password.
? This design improves the efficiency of encryption and decryption to some extent. However, compared with the encryption and decryption methods in which the client and the server each construct a set of key pairs, the security may be reduced. In the encryption process mentioned above, data can also be eavesdropped, but because the key is 256 random numbers and there are 256 combinations of 10, it is also very difficult to crack. Relatively safe. Both the server and the client know the key in advance. In this SSH way, the server obtains the key through decryption.
Now that we know that there is asymmetric encryption, what about digital signature?
? The function of digital signature is that I mark a certain data, indicating that I approve the data (sign my name), and then I send it to others to let others know that the data has been authenticated by me and has not been tampered with.
? Using the above asymmetric encryption algorithm, this requirement can be achieved: