Mathematical principles of RSA

Discrete logarithm

The euler function

Co-prime relationship

If two positive integers have no common factors other than 1, they are said to be mutually prime

7 and 8 are mutually exclusive, 6 and 8 are not mutually exclusive

Euler function characteristics

  • When n is prime, phi n = n-1
  • If n can be decomposed into the product of two mutual prime numbers, as shown below,φ n = φ P1 × φ P2 = (P1-1) × (P2-1)

Euler’s theorem

If two positive integers m and n are mutually prime, then m to the phi n minus 1 is divisible by n

Fermat’s Little theorem

If two positive integers m and n are mutually prime, and n is prime, then the result of φ n is n-1

Formula translation

Diffie Hermann key exchange

After above a pile of mathematical algorithm can see RSA encryption efficiency is not high, to go through a pile of mathematical algorithm to calculate, big res RSA to encrypt data, such as symmetric encryption, need to use the KEY, but directly transfer the KEY and the data is easy to crack, but if use RSA encryption KEY, then use the KEY to to symmetric encryption of data, Then the KEY and data to the client, if the middle is obtained, to decrypt, you must first decrypt the KEY, to decrypt the data

RSA Terminal Commands

The Mac terminal is OpenSSL(open source encryption library), you can use the terminal to debug RSA

Pem 1024 Generates the private key openssl rsa -in private.pem -pibout -out public.pem Generates the public key openssl rsa-in Pem -text -out private.text To convert the private key to plaintext View openssl rsautl -encrypt -in message.text -inkey public.pem -pubin-out Text Decrypts with the public key OpenSSL rsautl-decrypt -in enc.text -inkey private.pem -out dec. Text Decrypts with the private keyCopy the code

RSA code Demo

Pem -out rsacert. CSR Requests the CSR file from the ca using the private key openssl x509 -req -days 3650 in rescert. CSR CRT Uses the CSR file to sign the certificate authority openssl x509 -outform der -in rsacert. CRT -out rsacert.der Run the following command to convert the CRT certificate to an iOS der certificate openssl pkcs12 -export-out p.p12 -inkey private.pem -in rsacert. CRT to generate a P12 fileCopy the code

Because the encrypted files are all binary, can not be verified, so the binary transcoding, Base64 encoding

Base64 encoding

Is composed of A Z, A Z, /, =, and so on. Base64 is only suitable for expressing encrypted binary files, which are one third larger after base64 encoding

Base64 message.text -o abc.text Encoding base64 abc.text -o 123.text -d DecodingCopy the code
- (NSString *)base64EndCode:(NSString *)str { NSData *data = [str dataUsingEncoding:NSUTF8StringEncoding]; return [data base64EncodedStringWithOptions:0]; } code - (nsstrings *) base64DecCode: (nsstrings *) STR data = {NSData * [[NSData alloc] initWithBase64EncodedString: STR options:0]; return [[NSString alloc]initWithData:data encoding:NSUTF8StringEncoding]; } decodingCopy the code

RSA encryption

Encrypted and decrypted using RSA and then printed using Base64 encoding

Hash

The characteristics of

  • The algorithm is public, and the result is the same
  • Operations on different data, such as MD5, result in 128 bits by default
  • You can’t reverse it
  • It’s for summary, it’s for fingerprint, it’s for data identification

The data is infinite but the result of the Hash is finite 16 ^ 32. When two or more different data have the same Hash, this is called a Hash collision

use

Password encryption
Add salt &HMAC encryption

Symmetric encryption

  • DES Data encryption standard
  • 3DES encrypts the same data three times with three keys.
  • AES Advanced password standard

Symmetric encryption is encryption and decryption with the same key, asymmetric encryption, private key encryption and public key decryption

There are two modes of symmetric encryption

  • ECB electronic cipher this mode each piece of data, independently encrypted

The most basic encryption mode, that is, commonly understood encryption, the same plaintext will always be encrypted into the same ciphertext, no initial vector, vulnerable to passbook replay attacks, rarely used in general

openssl enc -des-ecb -K 7068 -nosalt -in ph.text -out msg.bin
Copy the code
  • CBC password block link mode. Data is encrypted using a key and an initialization vector [IV]

The plaintext is encrypted after xOR operation with the previous ciphertext. Therefore, the same ciphertext will be encrypted after different initial vectors are selected. This is the most widely used ciphertext mode. CBC encrypted cryptograph is context-dependent, but definitely mistakes won’t be passed to the subsequent group, but if a packet loss, at the back of the packet will be invalid (synchronous error) CBC can effectively guarantee the integrity of the ciphertext, if a data block in pass is lost or change, at the back of the data will not be able to decrypt the normal