This is the second day of my participation in the August More text Challenge. For details, see: August More Text Challenge
One, data encryption
1. Symmetric encryption
- The encryption algorithm using a single key is called symmetric encryption.
- The whole system consists of the following parts: plaintext to be encrypted, encryption algorithm, and key.
- In encryption and decryption, only one key is used.
- Common single-key encryption algorithms include DES, AES, and RC4.
2. Asymmetric encryption
- The encryption algorithm using double key is called asymmetric encryption.
- The whole system consists of the following parts: plaintext to be encrypted, encryption algorithm, private key and public key.
- In this system, both private and public keys can be used for encryption or decryption, but the plaintext encrypted with the private key must be decrypted with the corresponding public key, and the plaintext encrypted with the public key must be decrypted with the corresponding private key.
- Common double-key encryption algorithms include RSA.
3. Differences and connections
- In symmetric encryption, the key cannot be exposed, otherwise the data is equivalent to plaintext if the algorithm is exposed,
- In asymmetric encryption, the public key is public and the private key is secret. In this way, anyone can encrypt their own information through the public key and algorithm, and then send it to the publicist of the public key. Only the publicist can unlock the ciphertext.
We see that in symmetric encryption and asymmetric encryption, they have a common feature, that the data can be encrypted, can also decrypt. In fact, we also have an encryption requirement, which only requires encryption to form a ciphertext, without decryption, or even, to the extreme, non-decryption. In this case, you can use a hash algorithm or something like that.
4. Hash algorithm
A hash algorithm is a way to create a fixed length summary of information from any data. In general, we require that the summary information generated be unique for different data.
- Common hash algorithms include MD5 and SHA-1.
Two, digital signature
A digital signature is a string used to identify the owner, creator, or distributor of a digital file.
Digital signature has the function of marking the identity of document and non-repudiation of distribution.
At present, the commonly used digital signature adopts asymmetric encryption. For example, Company A releases an executable file called aproduct. exe. Company A adds company A’s digital signature to aproduct. exe. The digital signature of Company A is the hash value of file aproduct. exe encrypted with company A’s private key. After we get the digital signature aproduct. exe, we can view the digital signature.
This process actually uses company A’s public key to decrypt the file hash, which can verify two questions: whether aproduct.exe is published by Company A, and whether aproduct.exe is tampered with.
Iii. Digital certificate
Suppose we log in to the website of a bank. At this time, the website will prompt us to download the digital certificate. Otherwise, we will not be able to use the functions such as online banking.
When we first use the U shield, the initialization process is to download the digital certificate to the U shield. So what does a digital certificate contain?
The digital certificate contains the public key of the bank. With the public key, the e-bank can use the public key to encrypt the information we provide to the bank. In this way, only the bank can obtain our information with the corresponding private key to ensure security.
Iv. PKI system
Public Key Infrastructure (PKI) is a system that uses asymmetric encryption theory to provide services such as digital signature, encryption, and digital certificate.
Generally, it includes CA, digital certificate library, key backup and recovery system, certificate invalidation system, and application interface (API), etc.
Around the PKI system, a number of authoritative, public welfare organizations are established. They provide digital certificate library, key backup and recovery system, certificate invalidation system, application interface and other specific services. For example, an enterprise needs to apply for a digital certificate from a certification authority to ensure its security.
Five, state secret algorithm
1. Password classification
The three most widely used algorithms in cryptography:
- Symmetric algorithm [Block cipher algorithm]Stands for block cipher algorithm (DES and SM4);
- Asymmetric algorithm [Public key cryptography algorithm]Represents the public key cryptographic algorithm (RSA and SM2);
- Hash algorithmRepresentative Summary algorithm (Has-256 series and SM3);
2. State secret algorithm
- State secret algorithm is issued by the National Cryptography Bureau, is the most common commercial algorithm today
- Contains the SM1, SM2, SM3, SM4, and SSF33 algorithms. Algorithm difference and comparison see the reference link!
Reference address:
- Brief introduction of DES, RAS, SHA-256 and SM1, SM2, SM3, SM4 differences
- Differences between P1 and P7 signatures