Encryption technology is divided into symmetric encryption and asymmetric encryption, the difference is whether encryption and decryption use the same key. Symmetric encryption uses the same key, while asymmetric encryption keys are divided into public and private keys. Content encrypted with the public key (private key) can only be decrypted using the corresponding private key (public key). Symmetric encryption is faster, but the encryption strength is not high, and the key distribution process often brings security risks, because encryption and decryption use a key, and the key needs to be transmitted to the decryptor.
Compared with symmetric encryption, the encryption strength of asymmetric encryption is higher, but the amount of calculation is large, which is not suitable for encrypting large files. Therefore, the combination of these two encryption methods is usually adopted, that is, the information subject uses symmetric encryption, and its key is transmitted to the decryptor using asymmetric encryption.
The information digest is generated by a hash function. The commonly used algorithms are MD5 and SHA, which generate a fixed-length hash value, and even if the information changes slightly, the obtained hash value will be very different.
Digital signature technology is used to verify the authenticity of the sender and is non-repudiation. The sender uses a hash function to generate a message digest from the message text, and then encrypts this digest with its own private key, which is sent to the receiver as a digital signature along with the message. The receiver first uses the same hash function to obtain the digest of the message, and then decrypts the digital signature with the sender's public key. If the decryption result is the same as the message digest, it can be determined that the message really comes from the sender.
Based on the encryption method, message digest and digital signature technology described above, the mail encryption system can be designed. If the email is required to be transmitted in encrypted mode, the maximum attachment content of the email can reach 500M, and the sender cannot deny it. If the email is intercepted by a third party, the third party cannot tamper with it.
The body of the email is large and needs to use symmetric encryption; the key K used for symmetric encryption is encrypted with asymmetric encryption and then transmitted, and the key used for encryption is the recipient's public key. In order to make the sender non-repudiation and the email not to be tampered with, digital signature technology should be used to encrypt the email digest with the sender's private key. In this way, the recipient can obtain the decryption key of the email body using its own private key; the digital signature can be verified using the sender's public key.