The most complete summary of the key is here

Others 2020-04-17 08:49:14 views: null

table of Contents

In the previous article, we talked about cryptographic techniques such as symmetric cryptography, public key cryptography, message authentication codes, and digital signatures. These technologies all use something called keys.

So what exactly is a key? The key is a key, through which the final plaintext can be obtained. So the key is actually equivalent to the plain text.

For example, there are one hundred thousand dollars in the safe. The safe is locked and has a key. Then the person with the key is equivalent to having one hundred thousand dollars.

Summary of various keys

In the previous article, we talked about four cryptographic techniques: symmetric cryptography, public key cryptography, message authentication code, and digital signature. Here we review again.

  • Symmetric cipher

Symmetric passwords use the same key to encrypt and decrypt plaintext.

  • Public key password

Public key passwords use different keys to encrypt and decrypt messages.

  • Message authentication code

The message authentication code uses the same key to authenticate the message.

  • digital signature

Digital signatures use different keys to sign and verify messages.

Among them, the symmetric password and the public key password directly encrypt the plain text, so as to ensure the confidentiality of the message.

The message authentication code and digital signature are used to authenticate the message, which is not used to encrypt the plain text, mainly to verify the legitimacy of the message.

Other key classification

The above four types are divided according to the encryption method and use purpose. In fact, the number of times the installation key is used can be divided into session key and master key.

The session key is a key that is used only in one session and is discarded after use. The master key is a fixed key that has been used repeatedly.

Friends who are familiar with the SSL / TLS protocol must be familiar with this. In this protocol, a separate key is created for each session to encrypt the session message.

In addition, whether the encrypted object is the content or the key, we can divide it into the key of encrypted message (CEK) and the key of encrypted key (KEK). The key to encrypt messages is easy to understand. The previous symmetric key and public key are CEK. The encryption key is mainly used to reduce the number of keys.

Key management

We mainly explain the key management from the following aspects:

  1. Generate key

There are two ways to generate keys, using random numbers and using passwords.

Random numbers must have characteristics that cannot be inferred. Generally speaking, we need to use a pseudo-random generator to generate.

We usually use the Random class in the Java code, but this class cannot be used to generate keys. We can use java.security.SecureRandom to generate random numbers for password security.

Here are two common usages of SecureRandom:

        SecureRandom random = new SecureRandom();
        byte bytes[] = new byte[20];
        random.nextBytes(bytes);

 byte seed[] = random.generateSeed(20);

In addition to random numbers, another way is a password.

The password is a password that humans can remember. In order to ensure that the key generated by the password will not be brute-forced, the password needs to be salted.

Simply put, it is to add a random number to the password, and then hash the number after the addition, and the calculated result can be used as a key.

  1. Delivery key

In order to distribute the key, we can use the shared key in advance, use the key distribution center, use the public key password and other methods. Of course, other methods can also be used for delivery.

  1. Update key

Sometimes, in order to ensure the security of the key, we need to update the key from time to time. The general approach is to use the current key as a reference value and calculate a new key through a specific algorithm.

  1. Save the key

Those who have learned the blockchain should know that there is a paper key, in fact, it is to write the key on paper to save it.

When there are too many keys, saving the key offline becomes a very difficult task. At this time, the key KEK of the key can be used. Encrypt these keys and save.

We do not need to consider the security of the encrypted key in this way, because even if it is stolen, the previous key cannot be restored. We only need to save the keys that encrypt these keys.

  1. Void key

Revocation of the key is a very complicated matter, because the key is the key, even if you delete it, other people may also hold a copy of it. Therefore, the design of the key must be fully considered in the design.

In the previous certificate, we can use the CRL list to save obsolete keys.

For more information, please visit http://www.flydean.com/key/

Guess you like

Origin www.cnblogs.com/flydean/p/key.html
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com