Key:
The key is a parameter, which is input in the process of using the cipher algorithm. The same plaintext will generate different ciphertexts under the same cipher algorithm and different key calculations . Therefore, even if the algorithm is public, but the key parameters are different, the results are different. The plaintext and ciphertext are described below with a picture:
The key is divided into two types: symmetric and asymmetric. Let's take a look at it in detail:
Key: Symmetric
Also known as shared key encryption, the symmetric key uses the same key in the process of encryption and decryption. Common symmetric encryption algorithms include DES, 3DES, AES, RC5, and RC6.
The advantage is that the calculation speed is fast;
The disadvantage is that the key needs to be shared at both ends of the communication, which is insecure, because one key corresponds to both ends.
Key: Asymmetric
Also known as public key encryption. The server will generate a pair of keys. One private key is stored on the server, only known to you, and the other is the public key. The public key can be freely released for anyone to use. The ciphertext encrypted by the public key of the client needs to be decrypted by the private key generated by the server.
Compared with symmetric key encryption, asymmetric encryption does not need to share the key between the client and the server. As long as the private key is not sent to any user, even if the public key is intercepted on the Internet, it cannot be decrypted, only stolen. 's public key is useless.
Key: RSA encryption simple process
- The server generates paired public and private keys.
- The private key is stored on the server, and the public key is sent to the client.
- The client encrypts the plaintext with the public key and transmits it to the server.
- The server uses the private key to decrypt the ciphertext to obtain the plaintext.
digital signature:
Think about such a problem: when data is transmitted between the browser and the server, it is possible that the content may be replaced by impersonated thieves during the transmission process, so how to ensure that the data is sent by the real server and not packaged? At the same time, how to ensure that the transmitted data has not been tampered with? The digital signature was born.
Digital signature is used to verify whether the transmitted content is the data sent by the real server, and whether the sent data has been tampered with, it does these two things, which is an application scenario of asymmetric encryption. But it is encrypted with the private key in turn, and decrypted with the public key paired with it [this is the opposite of the asymmetric key].
Let's take a look at the entire digital signature process:
Step 1: The server processes the message through Hash and generates digest information Digest. The digest information is encrypted with the private key and then a signature is generated. The server sends the signature together with the message to the client:
Step 2: After the client receives the data, it extracts the signature and decrypts it with the public key public-key. If Digest2 can be decrypted normally, then it can be confirmed that it was sent by the other party.
Step 3: The client extracts the text of the message and performs the same Hash processing. The obtained digest information Digest1 is compared with the previously decrypted Digest2. If the two are equal, it means that the content has not been tampered with, otherwise it has been tampered with. tampered with,
CA (Certificate Authority) digital certificate:
So how do you ensure that the public key you are using now is the one sent to you by the real server? The digital certificate has appeared again, it is a kind of recognition certificate issued by an authority to a website, and this certificate is recognized by everyone (browser).