Study notes
Notes on learning the encryption model: Recently, some interface tasks for docking with third parties suddenly came. Makes myself dizzy. The main reason is that the learning and foundation are limited, and the understanding of encryption is not in place. So I mainly learned the encryption model of .net.
enter the theme:
| Cryptographic primitives | use |
|---|---|
| Private key encryption (symmetric encryption is read by a third party. This type of encryption uses a public/private key pair to encrypt and decrypt data. | |
| Cryptographic signature | By creating a digital signature specific to the party, it helps to verify that the data comes from this specific party. This process also uses a hash function. |
| Cryptographic hash | Map arbitrary-length data to a fixed-length byte sequence. The hash value is statistically unique; different double-byte sequences will not be hashed to the same value. |
Learn in the order given by this question
1. The type of key encryption required; that is, symmetric encryption, encryption and decryption, use a Key
Symmetric encryption is performed on the stream, so it is suitable for encrypting large amounts of data
* Aes: * HMACSHA256, HMACSHA384 and HMACSHA512. (These are technically secret key algorithms because they represent message authentication codes, which are calculated by using a cryptographic hash function in combination with a key. Please refer to the hash value later in this article)
1.1 Aes
His key information, what we need to record is the Key IV Mode, and the Mode should be as safe as possible using CBC.
1.2 Aes key generation method
public (byte[], byte[] , CipherMode) GetAESKeysAndIV()
{
SymmetricAlgorithm aes = Aes.Create();
aes.GenerateIV();
aes.GenerateKey();
return (aes.Key, aes.IV,aes.Mode);
}
2 Public key encryption class
Asymmetric encryption is performed on a small number of bytes, so it is only suitable for encrypting a small amount of data
. The use of public key algorithms is more restricted than private key algorithms. Asymmetric private keys should never be stored on the local computer in literal or plain text. If you need to store private keys, use a key container. More information about the key container
* RSA allows encryption and signature * ECDsa signature algorithm class * ECDiffieHellman can only be used for key generation * DSA can only be used for signatures Not as secure as RSA
2.1 RSA
When using the parameterless Create() method to create a new instance, this class will create a public/private key pair
2.2 RSA public key/key generation method
public RSAParameters GetRSAKeyAndPublicKeyParameters()
{
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
return rsa.ExportParameters(true);
}
}
2.3 RSA encryption
The explanation here is: add you need the public key modulus, and the prime number exponent, you can manually instantiate RSAParamter and you can encrypt after setting
RSAParameters rsaKeyInfo = new RSAParameters(); //Set rsaKeyInfo to the public key values. rsaKeyInfo.Modulus = modulus; rsaKeyInfo.Exponent = exponent;
The second parameter of the encryption method Encrypt is the description
| Types of | Description |
|---|---|
| Mode | Get the padding mode represented by this RSAEncryptionPadding instance. |
| OaepHashAlgorithm | Get the hash algorithm used in conjunction with the Oaep padding mode. |
| OaepSHA1 | Get an object that represents the optimal asymmetric encryption padding (OAEP) encryption standard (including the SHA1 hash algorithm). |
| OaepSHA256 | Obtain an object representing the optimal asymmetric encryption padding (OAEP) encryption standard using the SHA256 hash algorithm. |
| OaepSHA384 | Obtain an object representing the optimal asymmetric encryption padding (OAEP) encryption standard using the SHA-384 hash algorithm. |
| OaepSHA512 | Obtain an object that represents the optimal asymmetric encryption padding (OAEP) encryption standard using the SHA512 hash algorithm. |
| Pkcs1 | Get an object representing the PKCS #1 encryption standard. |
3 Cryptographic hash is also one-way encryption
Encrypted digital signatures use public key algorithms to provide data integrity. If you use a digital signature to sign data, the other person can verify the signature and prove that these data really is your issue, and has not been changed after your signature
digital signature hash value is usually used to indicate a larger data.
* SHA256. * SHA384. * SHA512. * .NET also provides MD5 and SHA1. However, the MD5 and SHA-1 algorithms have been found to be insecure
4 Next Generation Encryption Technology (CNG) category
The Next Generation Encryption Technology (CNG) class provides managed packaging around native CNG functions. (CNG is a replacement for CryptoAPI.) The names of these classes include "Cng". The "center to CNG" packaging class is the CngKey key container class, which will extract the storage and usage of the CNG key. This class allows key pairs or public keys to be stored securely and referenced using simple string names. The elliptic curve-based ECDsaCng signature class and ECDiffieHellmanCng encryption class can use the CngKey object. The CngKey class is used for various other operations, including opening, creating, deleting, and exporting keys. When calling native functions directly, it also provides access to the basic key handle to be used. .NET also includes various supported CNG classes, as follows:
* CngProvider maintains the key storage provider. * CngAlgorithm maintains CNG algorithm. * CngProperty maintains frequently used key properties.
This is a DSA for signing
class Alice
{
public static void Main(string[] args)
{
Bob bob = new Bob();
using (ECDsaCng dsa = new ECDsaCng())
{
dsa.HashAlgorithm = CngAlgorithm.Sha256;
bob.key = dsa.Key.Export(CngKeyBlobFormat.EccPublicBlob);
byte[] data = new byte[] { 21, 5, 8, 12, 207 };
byte[] signature = dsa.SignData(data);
bob.Receive(data, signature);
}
}
}
public class Bob
{
public byte[] key;
public void Receive(byte[] data, byte[] signature)
{
using (ECDsaCng ecsdKey = new ECDsaCng(CngKey.Import(key, CngKeyBlobFormat.EccPublicBlob)))
{
if (ecsdKey.VerifyData(data, signature))
Console.WriteLine("Data is good");
else
Console.WriteLine("Data is bad");
}
}
}
to sum up
- If Hash uses SHA-i i=256, 512, etc.,
- The verse is guaranteed to be decrypted with AES symmetric key encryption or RSA public key encryption key
- To verify the data signature, use the RSA private key to join the public key verification. Or use other such as DSA
- The encrypted information in the next band seems to be processed by *Cng with CngKey configuration *Cng(CngKey)
- Next, you need to learn about each encryption algorithm in order to be flexibly used, otherwise it is useless, but the tools are already perfect