Network security algorithm

1. Shared key encryption

• Both encryption and decryption use the same key
• Also known as symmetric encryption

Data transfer process ：

1. A Prepare to B send data
2. To prevent eavesdropping ,A Use the key to encrypt the data before sending it to B
3. B After receiving the encrypted data, decrypt the data with the same key

The problem is ：

• If A and B No direct communication , You need to transfer the key through the future , If the key is X hacking ,X You can crack the ciphertext

2. Public key encryption

• Encryption and decryption use different keys
• The encryption is called public key
• The decryption is called private key

Data transfer process ：

1. A Prepare to B send data
2. Receiving party B Generate public and private keys , And send the public key to A
3. A Use B The sent public key encrypts the data
4. A Send encrypted data to B,B Then decrypt the ciphertext with the private key
5. Even if there is something like “ Symmetric encryption ” Problems caused by process sending , That is, the key sent through the network is eavesdropped , But the public key is sent here , Even if it is eavesdropped, the data cannot be cracked

The problem is ：

• Public key encryption has the problem of public key reliability

1. A Prepare to B send data
2. Receiving party B Generate public and private keys , And send the public key to A
3. In the key from B->A In the process of ,X The public key of the transmission process is replaced by its own public key , take X The public key of is sent to A
4. A Use X To encrypt data and send it to B
5. X Eavesdropping A Data sent , Because the data is generated by X Public key encryption , therefore X You can use your own private key to decrypt , So it's cracked , meanwhile X Use B After encrypting the data with the public key of, send it to B, such B Will not be aware that the data has been eavesdropping
6. Solving this problem requires digital certificates

1. There is a problem with the shared key that the key cannot be transferred securely
2. Public key encryption has the problem of slow encryption and decryption

3. Mixed encryption

• Encrypt the data with a symmetric key
• Use public key encryption for the key

4. Message authentication code

• The message authentication code can detect whether the message has been tampered
• Using shared key encryption
• A When sending a message ,A Use ciphertext and key to generate a value , Send values and ciphertext together
• B When receiving a message , The ciphertext and key are also used to generate a numerical value , Judge the value and A Whether the values sent are the same , If not, the data is tampered with

The problem is ：
A、B Both sides can encrypt the message and calculate the verification code , It is impossible to prove that the original message is A What is generated is still B Generated

5. digital signature

• In public key encryption , Encryption uses a public key P, Decryption uses a private key S, Anyone can use a public key to encrypt data , Only the person holding the private key can decrypt
• The method of digital signature is the opposite of that of domain public key

1. sender A Ready to send messages , Public and private keys （ Public key encryption is the recipient B Prepare the public and private keys ）
2. A Send the public key to B
3. A Use the private key to encrypt a summary of the data （ The abstract can be used as hash Function generation ）, The encrypted digest is the digital signature
4. A Send the encrypted data together with the digital signature to B
5. B After receiving the data and digital signature , Decrypt the digital signature with the public key to get the abstract 1, Decrypt the message with the public key to get the plaintext , use hash The function processes the plaintext to get the digest 2, Comparison summary 1 And summary 2 You can judge whether the message has been tampered with 、 By A send out 、 Prevention of hindsight denial

The problem is ：

After using data signature B Will believe that the sender of the message is A, But it could actually be X Pretending to be A
The reason is that public key encryption cannot confirm who the key is made by

6. digital certificate

• Neither public key encryption nor digital signature can guarantee that the public key actually comes from the sender of the information , therefore , Even if the public key is maliciously replaced by a third party , Nor will the recipient notice

1. A Now send the public and private keys to B
2. A You need to go to the certification center first CA Apply for a certificate , Proof public key P It's your own.
3. authentication center CA Kept in A The public and private keys of
4. CA authentication A Information （ mailbox 、 Id card ）, Confirmation is A My information , authentication center CA Use your own private key , according to A Data and public key to generate digital signature , meanwhile CA Also saved A Information and digital signature
5. B Received A After sending the message and digital signature , use CA Public key decryption A Digital signature of , obtain A Information and public key
6. If in the process X counterfeit A Send public key and digital signature ,B Use CA The decrypted information of the public key does not conform to A Information about