Basic cognitive

Cryptography has strict specifications and the implementation principles of its algorithms are open to the public. Cryptography algorithms are relatively secure and mainly solve four problems:

  • Confidentiality (privacy) : Data transmitted over the network, if confidential, can only be interpreted by those who possess the key, which is the key to the encryption algorithm.
  • Integrity: The ability of the receiver to ensure that the data received is the original data sent by the sender. In cryptography, message captcha (MAC) algorithm guarantees integrity.
  • Authentication: Communication parties must ensure that the other end is the object to be communicated. In cryptography, digital signature technology is commonly used to confirm identity.
  • Non-repudiation: In cryptography, digital signature technology can avoid repudiation.

OpenSSL: Is the most common open source implementation of SSL and TLS, including the underlying cryptographic library and command-line tools. The goal is to develop a robust, full-featured commercial-grade toolset to implement SSL and TLS protocols and a full-featured general-purpose cryptographic library.

The random number

The type of a random number

How random numbers work

The random number generator will maintain an internal state. For the random number generator (TRNG), the value of the internal state comes from the external device, called entropy (ENTRory), such as dynamic time, changing temperature, sound change, mouse position. For the pseudo-random number generator (PRNG), the value of the internal state comes from the simulated value, which is called the seed. When the random number generator generates random numbers each time, the value of the internal state will change, so as to generate different random numbers. If the entropy and seed are the same each time, the generated random numbers will also be the same.

The Hash algorithm

Hash algorithms have many Functions, such as Message DigestAlgorithms and Cryptographic one-way Hash Functions. Output values are also called by many names, such as digest values, hashes, and fingerprints. Cryptography Hash algorithm is a very important algorithm, which is a core part of modern cryptography. Its main features are as follows:

  • The same message will always get the same digest value, given the Hash algorithm, regardless of the length of the message, the final digest valueThe length is the same.
  • No matter how long the message, the Hash is very fast.
  • It’s hard to reverse compute the original message from the digest value, and Hash algorithms dounipolarityAbstract values are irreversible. In order to reverse compute the original message, the only way is to use brute force attack, dictionary attack, rainbow table to iterate over different message combinations. If the result of the operation matches the summary value of the message, it indicates that the Hash algorithm should not be used in cryptography.
  • Once the original message is modified, even slightly, the final digest value will change.
  • It is difficult to identify two different messages that have the same digest value.

There are many Hash algorithms in cryptography, such as MD5 algorithm and SHA clan algorithm. MD5 has long been proved to be an insecure Hash algorithm. Currently, SHA clan algorithm is the most widely used Hash algorithm.

Symmetric encryption algorithm

Plaintext is processed by an algorithm and a secret key. The resulting irregular characters are ciphertext. There are two types of symmetric encryption algorithms, namely block ciphers and Stream ciphers. AES, DES, and 3DES are common symmetric encryption algorithms.

Symmetric encryption algorithms can be expressed simply by the following formula:

Ciphertext =E (plaintext, algorithm, key)

Plaintext =D (ciphertext, algorithm, key)

E and D represent encryption and decryption respectively. Several key points can be learned from the formula:

  • The key is a string of numbers. Encryption and decryption use the same key. Without the key, plaintext cannot be obtained based on ciphertext.
  • Encryption and decryption operation (algorithm) is a reciprocal process, behind the algorithm is complex mathematical knowledge.

Message verification code

The Hash algorithm can verify the integrity of one of the goals of cryptography, but it cannot avoid message tampering. To avoid message tampering, a message verification code (MAC) is required. Message captchas are very important and are usually used in conjunction with encryption algorithms. The message verification code algorithm has the following characteristics:

  • Proving that the message has not been tampered with is similar to a Hash algorithm.
  • The message was sent by the correct sender, which means the message is authenticated.

The communication parties can maintain the same key, and only the communication parties with the key can generate and verify the message verification code. The message verification code algorithm needs a key, which is the same as the symmetric encryption algorithm, and the communication parties need to obtain the same key before the message transmission. The process diagram is as follows:

Message authentication actually generates a redundant information -MAC (message authentication code) for the message itself. The message authentication code is generated by using the key to generate a new data block for the message to be authenticated and encrypting the data block. It is unique and one-to-one to the information to be protected. Therefore, the integrity of the message can be effectively protected and the sender message can not be forged.

Public Key algorithm (asymmetric encryption)

The public key algorithm consists of a public key and a private key. Generally, the private key is held by the generator of the key pair (such as the server) to avoid disclosure, while the public key can be held by anyone without being afraid of disclosure. The public key algorithm has many functions, including encryption and decryption, key negotiation, and digital signature. The most important and extensive public key algorithm is RSA algorithm. Compared with symmetric encryption algorithms, public key algorithms, especially RSA algorithms, operate very slowly. The encryption and decryption process is as follows:

Key negotiation algorithm

In network communication applications, key management and distribution is a difficult problem, especially the generation of a dynamic key is more difficult, and key negotiation algorithm can solve the key distribution, storage, transmission and other problems.

RSA key negotiation algorithm

Here is an example of how the RSA key negotiation algorithm works:

  • The client initializes the connection to the server, and the server sendsRSA Public key of the key pairTo the client.
  • The client generates oneRandom value, this value must be random and cannot be guessed by an attackerThe session key.
  • The client uses the serverRSA Public key of the key pairEncrypts the session key and sends it to the server. The attacker cannot decrypt the session key because he does not have the private key of the server.
  • The server side uses itThe private keyDecrypt the session key.
  • At this point, the two sides complete the connection, then the server and client can useSymmetric encryption algorithmandThe session keyEncrypt and decrypt data.

DH key negotiation algorithm

DH algorithm precisely, implementation is a key exchange or key agreement, DH algorithm for key agreement, communication both sides any one party cannot calculate alone a session key, both sides retain part of key information, communication will be another part of the information to tell each other, the two sides have all the information to calculate the same common session key. DH algorithm processing process:

A digital signature

RSA signature algorithm and DSA signature algorithm can realize digital signature. Digital signature technology can verify identity, prevent denial, tamper, and forgery. The digital signature process is as follows:

The essence of digital signature technology is not encryption, so the message transmitted with the signature value is not encrypted. Of course, the message can be encrypted and then the signature value can be calculated. The signature verification process is as follows:

Considering that the public key algorithm is relatively slow, the digital signature algorithm suggests to sign the message digest value, because the length of the digest value is fixed, and the operation speed is relatively fast.

reference

  • HTTPS: From Principle to Actual Combat (Yu Weidong)