1. The history of RSA algorithm
Before 1976, all encryption methods were in the same mode:
　　(1) Party A chose a certain encryption rule to encrypt information;
　　(2) Party B used the same rule to decrypt information.
Since encryption and decryption use the same rules (referred to as "keys"), this is called "Symmetric-key algorithm".
This encryption mode has one of the biggest weaknesses: Party A must tell Party B the encryption rules, otherwise it cannot be decrypted. Saving and transferring keys has become the most troublesome problem. In 1976, two American computer scientists, Whitfield Diffie and Martin Hellman, proposed a new idea that can complete decryption without directly passing the key. This is called "Diffie-Hellman Key Exchange Algorithm". This algorithm has inspired other scientists. It is recognized that encryption and decryption can use different rules, as long as there is a certain correspondence between the two rules, so as to avoid the direct transmission of the key. This new encryption mode is called "asymmetric encryption algorithm".
　　(1) Party B generates two keys (public key and private key). The public key is public and anyone can obtain it, while the private key is kept secret.
　　(2) Party A obtains Party B's public key, and then uses it to encrypt the information.
　　(3) Party B obtains the encrypted information and decrypts it with the private key.
If the information encrypted by the public key can only be decrypted by the private key, the communication is safe as long as the private key is not leaked. In 1977, three mathematicians Rivest, Shamir and Adleman designed an algorithm that can realize asymmetric encryption. This algorithm is named after the three of them and is called the RSA algorithm. From then until now, the RSA algorithm has been the most widely used "asymmetric encryption algorithm". It is no exaggeration to say that as long as there is a computer network, there is an RSA algorithm. This algorithm is very reliable, the longer the key, the harder it is to crack. According to published documents, the longest RSA key that has been cracked is 768 binary bits. In other words, a key longer than 768 bits cannot be cracked (at least no one has publicly announced it). Therefore, it can be considered that the 1024-bit RSA key is basically safe, and the 2048-bit key is extremely safe.
Next, I will enter the topic and explain the principle of the RSA algorithm. The four main mathematical concepts used. As you can see, the RSA algorithm is not difficult, it only requires a little knowledge of number theory to understand it.
2.
Coprime relationship If two positive integers have no other common factors except 1, we call these two numbers a coprime relationship. For example, 15 and 32 have no common factors, so they are relatively prime. This shows that not a prime number can also form a coprime relationship .
Regarding the coprime relationship, it is not difficult to get the following conclusions:
　　1. Any two prime numbers form a coprime relationship, such as 13 and 61.
　　2. One number is a prime number, as long as the other number is not a multiple of the former, the two constitute a mutually prime relationship, such as 3 and 10.
　　3. If the larger of the two numbers is prime, then the two constitute a mutually prime relationship, such as 97 and 57.
　　4. 1 and any natural number are mutually prime relations, such as 1 and 99.
　　5. p is an integer greater than 1, then p and p-1 form a prime relationship, such as 57 and 56.
　　6. p is an odd number greater than 1, then p and p-2 form a prime relationship, such as 17 and 15.
3. Euler's function
Please consider the following questions:
　　Given any positive integer n, how many positive integers are less than or equal to n, and how many form a coprime relationship with n? (For example, among 1 to 8, how many numbers constitute a coprime relationship with 8?)
The method of calculating this value is called Euler's function , which is represented by φ(n). Among 1 to 8, the ones that form a relative prime relationship with 8 are 1, 3, 5, and 7, so φ(n) = 4.
The calculation method of φ(n) is not complicated, but in order to get the last formula, it needs to be discussed step by step.
In the first case,
if n=1, then φ(1)=1. Because 1 and any number (including itself) constitute a coprime relationship.
In the second case,
if n is a prime number, then φ(n)=n-1. Because a prime number and every number less than it constitute a coprime relationship. For example, 5 and 1, 2, 3, and 4 all constitute a relatively prime relationship.
The third case
If n is a certain power of a prime number, that is, n = p^k (p is a prime number and k is an integer greater than or equal to 1), then for
example φ(8) = φ(2^3) = 2^ 3-2^2 = 8 -4 = 4.
This is because only when a number does not contain a prime number p, can it be relatively prime to n. And there are a total of p^(k-1) numbers containing prime numbers p, namely 1×p, 2×p, 3×p,..., p^(k-1)×p, remove them, and leave them The next is a number that is relatively prime to n.
The above formula can also be written in the following form: It
can be seen that the second case above is a special case when k=1.
The fourth case
If n can be decomposed into the product of two relatively prime integers,
　　n = p1 × p2,
then
　　φ(n) = φ(p1p2) = φ(p1)φ(p2)
That is, the Euler function of the product is equal to the product of the Euler functions of each factor. For example, φ(56)=φ(8×7)=φ(8)×φ(7)=4×6=24.
The proof of this article requires the use of the "Chinese Remainder Theorem", which will not be expanded here, just briefly talk about the idea: if a and p1 are relatively prime (a<p1), b and p2 are relatively prime (b<p2), c and p1p2 is relatively prime (c<p1p2), then there is a one-to-one correspondence between c and the number pair (a, b). Since the value of a has φ(p1) kinds of possibilities, the value of b has φ(p2) kinds of possibilities, the number pair (a, b) has φ(p1)φ(p2) kinds of possibilities, and the value of c has φ( p1p2) are possible, so φ(p1p2) is equal to φ(p1)φ(p2).
The fifth case is
because any positive integer greater than 1 can be written as the product of a series of prime numbers.
According to the conclusion of Article 4,
and then according to the conclusion of Article 3,
it is equal to
that this is the general calculation formula of Euler's function. For example, the Euler function of 1323, the calculation process is as follows:

4. Euler's theorem
The usefulness of Euler's function lies in Euler's theorem. "Euler's theorem" refers to:
If two positive integers a and n are mutually prime, then the Euler function φ(n) of n can make the following equation true:

In other words, the remainder of a divided by n to the power of φ(n) is 1. In other words, the φ(n) power of a minus 1 can be divisible by n. For example, 3 and 7 are relatively prime, and the Euler function φ(7) of 7 is equal to 6, so 3 to the 6th power (729) minus 1 can be divisible by 7 (728/7=104).
The proof of Euler's theorem is more complicated, so it is omitted here. We just need to remember its conclusion.
Euler's theorem can greatly simplify certain operations. For example, 7 and 10 are relatively prime, according to Euler's theorem,

It is known that φ(10) is equal to 4, so the single digit of 7 to the power of 4 must be 1.
Therefore, the single digit of any power of 7 (for example, the 222 power of 7) can be calculated by mental arithmetic.
There is a special case of Euler's theorem.
Assuming that the positive integer a and the prime number p are relatively prime, because the φ(p) of the prime number p is equal to p-1, Euler's theorem can be written as

This is the famous Fermat's little theorem. It is a special case of Euler's theorem.

Euler's theorem is the core of the RSA algorithm. If you understand this theorem, you can understand RSA.

5. Modular inverse element There
is one last concept left:
if two positive integers a and n are relatively prime, then the integer b must be found so that ab-1 is divisible by n, or the remainder of ab divided by n is 1.
At this time, b is called the "modular inverse element" of a.
For example, if 3 and 11 are relatively prime, then the modular inverse element of 3 is 4, because (3 × 4)-1 is divisible by 11. Obviously, there is more than one modular inverse element, 4 plus or minus 11 integer multiples are 3 modular inverse elements {...,-18,-7,4,15,26,...}, that is, if b is a Modular inverse element, then b+kn are all modular inverse elements of a.
Euler's theorem can be used to prove that modular inverse elements must exist.
It can be seen that a raised to the power of φ(n)-1 is the modular inverse element of a.
=========================================

principle

The reliability basis of the RSA algorithm: It is very difficult to factor extremely large integers .

RSA is an asymmetric algorithm, and different keys are used for encryption and decryption.

Both keys can be used for encryption , and another key is required for decryption. However, the public key is usually used to encrypt the private key for decryption, because the public key is almost completely public, and there are too many people who can decrypt the data encrypted by the private key. In theory, A and B should use RSA to achieve confidential communication. A and B need to generate a set of keys and keep their own private keys. Use the other party's public key to encrypt the message to be sent, and use their own private key to decrypt Message sent by the other party.

In the signing scenario, the private key is used to sign and the public key is used to verify the signature.

RSA is much slower than symmetric algorithms such as DES. Generally, in actual data transmission, RSA is used to encrypt a relatively short symmetric password. After the two parties exchange the password, DES and other symmetric algorithms are used to transmit data.

Coprime relationship

If two positive integers have no other common factors except 1, then the two numbers are said to have a coprime relationship. For example, 3 and 5, 13 and 31, etc.

Euler function

Euler function: Find the number of positive integers less than N {\displaystyle N}N that are relatively prime to N {\displaystyle N}N.

For example, corresponding to 8, the numbers that are relatively prime to 8 are 1, 3, 5, and 7, so φ (N) )= 4.

The RSA algorithm uses a special case of Euler's function: If N can be decomposed into the product of two relatively prime integers:
N = pq,
then
φ (N) = φ(p)φ(q)=(p−1)(q −1) For
example, φ (35947) = φ (103) φ (349) = (102) (348) = φ(103)φ(349)=(102)(348)=35496.

Modular inverse element

For example

Generate public and private keys

Encrypted message

Decrypt the message

Signed message

RSA can also be used to sign a message.

The hash value of the message string (Message digest, a short and fixed string obtained by MD5, SHA256, etc.) uses the RSA private key to calculate the signature (in fact, it is still an encrypted message), and a signature is obtained String, append it to the appropriate position of the message string and send it together. The receiver can use the corresponding public key to decrypt the original hash value from the signature string, and calculate the hash value again for the original message. Comparing the two, if the two match, it is considered that the sender holds the correct private key, and the message has not been tampered with on the propagation path.

Key length

The user should use a 1024-bit key, and the certificate authority should use 2048-bit or above.

Features

RSA is called an asymmetric algorithm because the keys for encryption and decryption are different. Any key can be used for encryption.

Public key and private key

Encryption and decryption

When encrypting with the public key, the private key can be decrypted. And vice versa, the information encrypted by the private key can be decrypted with the public key.

Signature and verification

operating

If it is a standard interface provided by other platforms, if this interface uses RSA encryption, the platform needs to provide the corresponding public key.

Generate RSA public and private keys through OpenSSL under Linux

OpenSSL needs to be installed on Linux in advance, and it is generated in the current user's home directory by default:

[root@VM_120_242_centos ~]# openssl 
OpenSSL> genrsa -out app_private_key.pem   1024  # 生成私钥
Generating RSA private key, 1024 bit long modulus
.++++++
........++++++
e is 65537 (0x10001)

OpenSSL> rsa -in app_private_key.pem -pubout -out app_public_key.pem  # 生成公钥
writing RSA key
OpenSSL> exit

For PHP, you can directly use the original private key generated above. However, Java needs to convert the private key into PKCS8 format, and then remove the header and tail, line breaks, and spaces of the generated PKCS8 format private key, and fill it in the code as a private key string:

OpenSSL> pkcs8 -topk8 -inform PEM -in app_private_key.pem -outform PEM -nocrypt -out app_private_key_pkcs8.pem # 私钥转成 PKCS8 格式

View the generated file:

[root@VM_120_242_centos ~]# ll
总用量 1064
-rw-r--r-- 1 root root    887 6月  14 11:25 app_private_key.pem
-rw-r--r-- 1 root root    272 6月  14 11:25 app_public_key.pem

View the public key:

The public key string converted into PKCS8 format is:

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3//sR2tXw0wrC2DySx8vNGlqt3Y7ldU9+LBLI6e1KS5lfc5jlTGF7KBTSkCHBM3ouEHWqp1ZJ85iJe59aF5gIB2klBd6h4wrbbHA2XE1sq21ykja/Gqx7/IRia3zQfxGv/qEkyGOx+XALVoOlZqDwh76o2n1vP1D+tD3amHsK7QIDAQAB

View the private key:

RSA interpretation