Article source: Official Account-Intelligent IT System.
I. Introduction
Symmetric encryption can solve some of the security problems, and the speed of encryption and decryption is very fast. However, there are certain hidden dangers in security, and the hidden dangers exist in the distribution of keys.
For example, the receiver generates a key and sends the key to the sender of the message by email. Once the email is leaked, it is very likely to cause security risks. There are many such situations in corporate cooperation, so how to solve it?
There are many ways, such as sharing the key in advance, or through the key distribution center. Here are the common measures through technical means, public key encryption and symmetric encryption.
2. Public key encryption
1. Principle introduction
What is public key encryption? Unlike symmetric encryption, the key here is not one, but is divided into a public key and a private key. The sender encrypts the message with the public key, and the receiver decrypts the message with the private key. Features are as follows:
The sender only needs the encrypted key
The receiver only needs the decrypted key
The decryption key cannot be stolen
It doesn't matter if the encrypted key is stolen, the eavesdropper can't decrypt it, because the encrypted key and the decrypted key are different
2. Communication process
The communication process of public key encryption is as follows:
3. RSA principle
RSA is a typical public key encryption algorithm, and its working principle is as follows:
RSA encryption: ciphertext = plaintext E mod N
RSA decryption: plaintext = ciphertext D mod N
Here, the combination of E and N is the public key of RSA; the combination of D and N is the private key of RSA.
So the question is, how are these numbers generated?
The steps to generate a key pair with RSA are as follows:
1. Find N
First, prepare two very large prime numbers, p and q, where N is the product of p and q. is written as follows:
N =p * q
2. Find L
L can be understood as only the number that needs to be used in the process of generating the key pair
L就是p-1 和 q-1的最小公倍数,写为如下:
L =lcm(p-1,q-1)
3. 求E
E是一个比1大,比L小的数,并且,E和L的最大公约数必须为1。所以E可以有多个值,满足如下:
1<E<L
gcd(E,L)= 1
4. 求D
D是由数E计算得到的,需要满足:
1<D<L
E*D mod L = 1
只要要D能满足上述条件,通过E和N进行加密的密文,就可以通过D和N进行解密。
4.RSA案例
举例说明:
首先我们准备两个质数,15,17,作为p和q。
N = 17 * 19
= 323
L = lcm(p-1,q-1)
= lcm(14,18)
= 144
E的满足条件及有很多,只需要gcd(E,L) = 1。这里发现如下数都可以:5,7,11,13,17,19,但是我们只需要质数,所以暂用5作为E。
D通过同样的方式,满足E * D mod L = 1的,29可以满足。
所以在这个案例中:
我们的公钥是: E=5,N=323
我们的私钥是: D=29,N=323
三. 混合加密
公钥加密的方式,将安全性进行了提升,但是公钥加密有一个问题:性能较差。特别是对于加密数据较大的情况,尤为明显。
混合加密就是解决性能问题的方法。其将对称密码和公钥密码的优势进行了结合。
1. 组成机制
其组成机制如下:
1.用对称密码加密消息
2.通过伪随机数生成器生成对称密码加密中使用的会话密钥
3.用公钥密码加密会话密钥
4.从混合密码系统外部富裕公钥密码加密时使用的密钥。
2. 加密流程
加密流程如下图:
直接从上图,应该就一目了然,混合加密的运作流程。下面我们看一下混合解密的流程,其实就是加密的反向流程。
3. 解密流程
至此,本文防止信息泄露的算法已经给介绍完,但是安全的防范绝对不是仅此而已。
———————————————————
公众号-智能化IT系统。每周都有技术文章推送,包括原创技术干货,以及技术工作的心得分享。扫描下方关注。
