wedge
Now the security of the network has become more and more important. During the development process, programmers will encounter some related terms such as public key, private key, encryption, and signature. These concepts are messy and easy to confuse. Let's sort out the contents of this part.
Symmetric encryption
In the transmission of important information, people always hope that the information will not be peeped, tampered with, or forged. People have been working hard to meet this requirement.
The codebook used for telegram encryption is the encryption method used by the first generation of network security. The usage is: translate the content into ciphertext when sending a message. The party receiving the telegram can use the same codebook to decrypt the correct information, otherwise I saw a bunch of garbled characters.
This traditional encryption method is called symmetric encryption.
The algorithms used for symmetric encryption include: DES, 3DES, AES, DESX, Blowfish, RC4, RC5, RC6. These algorithms can be regarded as keys or understood as the above codebook. These algorithms can also be called: "symmetric encryption algorithm" or "traditional encryption algorithm", one party uses the algorithm to encrypt, and then the other party uses the same algorithm to decrypt.
Let ’s take the villain who appeared in the case of The Dancing Villain in the Sherlock Holmes Detective as an example
We see that each villain represents an English character, and the flag in the hands of the villain is used to separate words, that is, to represent the boundary of a word. When transferring information, replace the information with a villain, and then when the other party sees the villain, then parse the villain that appears into the message. By the way, the heroine in the play is the daughter of the gang leader, and the prisoners used these villains to send messages to the heroine, threatening her to go back.
The correspondence between these villains and English characters is equivalent to a key, which is equivalent to a symmetric encryption. Because both the sender and the recipient use the same key, that is, the meaning of the villain is the same.
However, the security of the symmetric algorithm is very dependent on the key, and leaking the key means that anyone can decrypt the messages they send or receive, so the confidentiality of the key is crucial to communication security. So after analyzing the meaning of these villains, Holmes used these villains to send messages to lure the prisoners out. Therefore, for this kind of symmetric encryption, the security of the key is extremely important.
So what are the advantages and disadvantages of symmetric encryption?
Advantages: small amount of calculation, fast encryption speed, high encryption efficiency
Disadvantages: 1. The key needs to be passed, it is difficult to ensure the security of the key. 2. Lack of signature function, that is, the identity of the sender cannot be checked
Asymmetric encryption
In symmetric encryption, the confidentiality of the key (that is, the encryption algorithm used, such as the correspondence between the codebook, the villain, and the English characters in the above), is crucial. During the war, the telegraph codebook needs to be transmitted through manual channels, so that both parties can use it with confidence.
But in today's network communication, it is obviously impossible to use manual channels to pass keys, and only pass through the network to be efficient and fast. In this way, there is a contradiction: the key is used to ensure network transmission security, and this key, which is essential for network security, needs the network to pass it to the other party.
The safest way to save the key is to not tell anyone and not to pass it, but in symmetric encryption, the decrypting party must obtain the corresponding key, which requires the key to be passed, but once the key is passed, it will be lost risks of. This "chicken lays eggs, eggs lay chickens" problem has always puzzled people. Until an algorithm appeared: The key generated by this algorithm is divided into two parts: public key and private key.
This split key pair has the following characteristics:
公钥和私钥是一个算法中两个不同、但内在又相关联的参数集合,同时生成,但可以独立使用。公钥加密的数据只有对应的私钥才可以解密(公钥加密后公钥也不能解密)私钥加密的数据也只有对应的公钥才可以解密。
Common asymmetric encryption algorithms: RSA, DSA, ECC, Diffie-Hellman, El Gamal, etc.
RSA algorithm overview
The symmetric encryption mode is well understood by us, but the above characteristics of the asymmetric encryption algorithm make us feel amazing. Let us first briefly look at how these characteristics are implemented mathematically. RSA is the most widely used among asymmetric encryption algorithms. Let us introduce RSA.
The origin of the RSA name
The RSA algorithm was proposed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman, who work together at MIT . RSA is composed of the three letters of the three family names.
RSA encryption takes advantage of the "one-way function" forward solution is very simple, the reverse solution is very complex. The idea is as follows:
对两个质数相乘容易,而将其合数分解很难的这个特点进行的加密算法。 n=p1*p2,已知 p1、p2 求 n 简单,已知 n 求 p1、p2 困难。(m^e)%n=c,已知 m、e、n 求 c 简单,已知 e、n、c 求 m 很难。
The security of the RSA algorithm is based on the difficulty of the RSA problem, that is, the difficulty of factorization based on large integers. This algorithm is very reliable, the longer the key, the harder it is to crack. According to the published literature, the longest RSA key currently cracked is 768 binary bits. In other words, keys longer than 768 bits cannot be cracked (at least no one announced it publicly). Therefore, it can be considered that the 1024-bit RSA key is basically safe, and the 2048-bit key is extremely safe
The algorithm of asymmetric encryption is more complicated and time-consuming than symmetric encryption. The more digits, the more time-consuming. Therefore, in actual use, the asymmetric encryption process is generally used to pass the symmetric encryption key first, and then the symmetric encryption is used to ensure subsequent communication, so that the security and speed can reach a balance, which is what HTTPS uses. This method will be described in detail later.
Communication using asymmetric encryption
With asymmetrically encrypted public and private key pairs , only the public key needs to be passed in communication , and even the public key can be opened to everyone. The person who needs to send a message to me uses my public key to encrypt it and then sends it to me. Only I can use the private key to decrypt. It is impossible for others to learn the content of the information.
This is only one-way encryption, what about two-way encryption? The other party can also create a public and private key pair.
A 根据非对称加密算法生成自己的公私钥对(PUBLIC_A,PRIVATE_A);B 也根据非对称加密算法生成自己的公私钥对(PUBLIC_B,PRIVATE_B);A 和 B 可以公开的交换自己的公钥(私钥不需要发送,各自保存好即可);A 使用 B 的公钥 PUBLIC_B 加密信息,发送给 B;B 接收到消息后,使用自己保存的私钥 PRIVATE_B 解密就可以看到消息内容(这条消息即使被他人获得后也是不能解密的);同样,B 要发消息给 A 时,使用 A 的公钥 PUBLIC_A 加密发出;A 收到消息后使用自己的私钥 PRIVATE_A 解密,这样就实现了双方加密的通信。
signature
We saw above that with the public-private key pair, it seems to solve the problem of encrypted communication. But there is a problem in actual use, that is, how does A confirm that the sender is B and not a third party after receiving the message? In fact, it is also very simple, as long as the process of encrypting information with your own private key is performed once more before sending a message, this time the step of encrypting information with your own private key is called signature .
The private key is held only by yourself, and there is a one-to-one correspondence between the public key and the private key, that is , the public key can only decrypt the information encrypted by the corresponding private key , so the encryption process of the private key can be used as a means of verifying identity. In fact, the method and principle of encrypting data by public key and private key are the same, but they are named according to their purposes .
The public key is generally used for encryption, and the private key is used for signature.
Also use the above example to look at the communication process after using encryption and signature:
A 先使用自己的私钥 PRIVATE_A 对消息进行一遍加密(习惯性称作签名),再使用 B 的公钥 PUBLIC_B 加密信息,然后将加密结果发送给 B。B 接收到消息后,使用自己保存的私钥 PRIVATE_B 解密,然后使用 A 的公钥 PUBLIC_A 再解密一遍,如果能解密成功,就可以确保这条消息不是伪造的。同样,B 要发消息给 A 时先使用自己的私钥 PRIVATE_B 对消息进行一遍加密(习惯性称作签名),再使用 A 的公钥 PUBLIC_A 加密后发出。A 收到消息后使用自己的私钥 PRIVATE_A 解密,然后使用 B 的公钥 PUBLIC_B 再解密一遍,这样就实现了双方互相确认身份的加密通信。
由于非对称加密是复杂且耗时的,而且需要加密的内容越长就越耗时。在实际使用中一般经过摘要算法得到一串哈希值,然后使用私钥对哈希值进行加密。习惯性将这样对摘要使用私钥加密生成的文件叫做签名文件。
哈希值算法
生成摘要的哈希算法有如下特点:
可以将任意长度的信息与一串固定长度的字符串建立对应关系,即哈希值定长哈希值算法将任意长度映射为有限长度,难免有碰撞(即,两个不同信息算出的摘要相同)。好的哈希值算法就是能够尽量减少碰撞的几率原始信息的任何一点修改都会导致计算出的哈希值的变化,从而可以用哈希值来确保消息体的完整性。哈希值算法是单向的,即只能从原信息计算出哈希值,不能由哈希值回算得到原信息。
但是有的人可能见过网上有破解哈希加密的,其实它并不是反向推理,而是使用"撞库"的方式。意思就是事先对大量不同的字符串进行哈希加密,然后再将原来的字符串和生成的哈希值保存起来。然后根据用户输入的哈希值来进行检索,这就是"撞库"。不过这一般都是比较简单的哈希加密(md5),而且没有加盐。
常见算法有 MD5、SHA1、SHA256、SHA512 等。
大部分网站对用户密码保护也是利用哈希值单向性这个特点。数据库只保存用户密码的哈希值,进行登录操作时,将此次输入的密码再次计算哈希值与数据库保存的哈希值对比,对比通过则认为密码正确。这样即使数据库泄露,黑客也无法获知用户的密码。
这样就演化出了目前实际使用的签名、加密过程:
A 先使用哈希算法将要发送的消息计算出摘要,再自己的私钥 PRIVATE_A 对摘要进行签名得到签名文件,然后将原始消息和签名文件打包到一起,使用 B 的公钥 PUBLIC_B 加密信息,发送给 B。B 接收到消息后,使用自己保存的私钥 PRIVATE_B 解密,得到原始消息和一个签名文件。使用哈希算法对原始消息计算得到一个哈希值,再使用 A 的公钥 PUBLIC_A 对签名文件进行解密,得到消息的哈希值,将这两个哈希值进行对比,如果一致就可以认为这条消息是 A 发送的且未经过篡改。
公钥与证书
从上边的流程来看,似乎一切都完美了,但黑客也是绞尽脑汁的,他们还是从中找到了破绽。那就是我们对 A 的身份识别是建立在相信 PUBLIC_A 的公钥确实是 A 的,然而黑客可以轻易的发布自己的公钥宣称这是 A 的公钥来欺骗我们,那我们又怎么样区分呢?这就需要一个结构来保证了,这个机构把 A 提供的公钥和 A 的相关信息放在一起组合成一份证书,这样你从这个机构获取证书,就可以得到有权威机构背书的公钥与 A 的对应关系。
这个机构叫做 CA,发布的证书叫做 CA 证书。
证书授权中心 CA
CA 证书授权(CertificateAuthority)中心是数字证书发行的唯一机构。
CA 中心又称 CA 机构,即证书授权中心(Certificate Authority),或称证书授权机构,作为电子商务交易中受信任的第三方,承担公钥体系中公钥的合法性检验的责任。CA 中心为每个使用公开密钥的用户发放一个数字证书,数字证书的作用是证明证书中列出的用户合法拥有证书中列出的公开密钥。CA 机构的数字签名使得攻击者不能伪造和篡改证书。在 SET 交易中,CA 不仅对持卡人、商户发放证书,还要对获款的银行、网关发放证书。它负责产生、分配并管理所有参与网上交易的个体所需的数字证书,因此是安全电子交易的核心环节。
CA 证书是逐级保证安全的,最终的根证书内置在操作系统中。由操作系统来保证,这部分下文中会进行介绍。
CA证书链如下图:
HTTPS 的安全传输过程
HTTPS 中的 S,就是 Secure(安全)的意思,这就是比 HTTP 多出的一份安全保证,浏览器验证了网站的证书后会在地址栏的左边显示绿色的锁的标志,标志该网站是安全可信任的官网。
对称加密与非对称加密的联合使用
由于非对称加密是耗时的,如果在每一次 HTTPS 的数据传输中都使用非对称加密是不合适的。实际上的做法是在第一次建立 HTTPS 连接时使用一次非对称加密传递对称加密的密钥,然后就使用对称加密来保证接下来的通信过程。
HTTPS 的通信过程如下:
浏览器发出 HTTPS 请求。服务器返回本网站的证书。浏览器基于内置在操作系统中的CA证书链对网站证书的有效性进行校验。校验通过后使用证书中的公钥加密一份对称加密的密钥信息,发送给服务端。服务端收到信息后使用自己的私钥解密信息,得到浏览器提供的用于对称加密的密钥信息。之后的通信过程就使用这个对称加密的密钥来保护。
Android 的安全启动过程(SecureBoot)
上一小节可以看到 HTTPS 的证书有效性还是要基于内置在操作系统中的 CA 根证书的。
那操作系统又是如何保证系统自身以及系统内包含的 CA 根证书不被篡改的呢?我们以 Android 来举例,因为相较于 PC 而言,手机厂商的安全性目前做的更好。
手机厂商建立了手机内部处理器与手机操作系统的绑定关系(也就是说开启 SecureBoot 功能的手机是不能刷非官方系统的),一旦刷入第三方系统后,手机则会不开机。这也是利用上文提到的公钥、私钥实现的,来具体看一下:
手机的处理器内部存在一块只能写一次数据的 OTP 区域,出厂时会将厂商的公钥写入。物理上就保证了这部分不可更改。手机操作系统固件会使用厂商的私钥进行加密。手机处理器的第一部分启动程序(这部分程序也是固化在处理器内部的不可更改)会使用 OTP 中的公钥对操作系统进行解密,解密成功才可以启动,否则立马变"砖"。
这个过程就叫做安全启动,即 SecureBoot 。实际过程中为了加快校验速度也使用了哈希值算法,但此处仅用于说明加密启动的过程,忽略了部分细节。
电脑端 Intel 处理器中其实也存在类似的机制,但一般情况下 PC 都希望能够灵活的安装系统,因此默认没有开启 Intel 芯片中的 SecureBoot 功能。