Symmetric encryption:
Unencrypted information + secret key --> encrypted black box --> encrypted information
Encrypted information + secret key --> decrypted black box --> unencrypted information
Asymmetric encryption:
Unencrypted information + public key --> encrypted black box --> encrypted information
Encrypted information + private key --> decrypted black box --> unencrypted information
Both public key encryption and private key decryption
You can also encrypt with private key and decrypt with public key
digital signature:
A: I want to send you a message
B: What if this news is changed by someone?
A: I will sign my name
B: How to sign?
A: I will hash the message first, and then encrypt the hashed message with my private key
B: The encrypted thing is your signature?
A: Yes, I will send you this signature and the message together. You can decrypt the signature with the public key I gave you before, and then hash the message like me. If it can be decrypted normally, prove the message I sent it. If the decrypted result is consistent with the result of your hash, it proves that the message has not been tampered with by others.
B: Soga
to sum up:
1. The digital signature can prove the identity of the message sender and the integrity and correctness of the message.
2. Digital signature is required for plain text information.
Digital certificate:
B: Brother, your public key has been changed a bit frequently recently. Once you change it, I will have to change it. If you change it in time, you will not receive any news.
A: Well, when I send you messages in the future, I will also send you the public key.
B: Then if the hacker directly puts his own public key in his message and sends it to me, I will receive the error message again.
A: In this way, I heard that there is a CA agency in the village. I will apply for a certificate. I will...
B: Wait, brother, what is CA?
A: CA is an organization that everyone trusts. It will issue certificates that can prove identities to formal servers.
B: don't understand
A: For example, if you want my public key, for the sake of correctness, I will first go to the CA with my public key. It uses its private key to encrypt my public key and some other information to make a digital certificate. When I send you a message in the future, you can decrypt the digital certificate with the CA's public key, and then you can get my public key.
B: Soga
to sum up:
1. A digital certificate is a certificate issued by a trusted CA that can prove identity
2. There is no doubt about the security of CA institutions. I know that there is an article on the security of CA institutions. You can go and worship << How CA institutions protect their private keys >>
How does HTTPS protect data
B: Brother, why is your message so slow?
A: Time is mainly wasted on asymmetric encryption, this thing is very time consuming
B: Is there a way to increase the speed
A: In this way, every time we exchange information, let's follow these steps
1. I will send you a digital certificate
2. You get my public key from the digital certificate, then use the public key to encrypt a random number and send it to me
3. I get your random number after decrypting with the private key
4. Both of us use this random number as the secret key when sending messages to symmetrically encrypt the information
B: In this way, time-consuming asymmetric encryption is only used to verify identity, and message exchange uses time-consuming symmetric encryption to ensure security
A: Right drop
B: Soga
to sum up:
1. Asymmetric encryption takes a long time, so it is only used to verify identity
2. Symmetric encryption takes a short time, so it is used for information transmission