(1) Symmetric encryption Encryption and decryption use the same key , so the speed is fast , but because the key needs to be transmitted over the network, the security is not high .
(2) Asymmetric encryption uses a pair of keys, public key and private key , so the security is high, but the speed of encryption and decryption is slow .
(3) The solution is to encrypt the symmetric encryption key with the asymmetric encryption public key, and then send it out. The receiver uses the private key to decrypt to obtain the symmetric encryption key, and then the two parties can use symmetric encryption to communicate. .
Symmetric key algorithms are ideal for encrypting data quickly and securely. The downside, however, is that the sender and recipient must exchange the encryption key before exchanging data. Combining symmetric key algorithms that encrypt data with public key algorithms that exchange secret keys results in a solution that is both fast and flexible.
The steps of public key-based key exchange are as follows:
The sender gets the recipient's public key.
The sender creates a random secret key (the single key used in symmetric key encryption).
The sender uses a secret key and a symmetric key algorithm to convert plaintext data into ciphertext data.
The sender uses the recipient's public key to convert the secret key into a ciphertext secret key.
The sender sends the ciphertext data together with the ciphertext secret key to the recipient.
The recipient uses his private key to convert the ciphertext secret key to plaintext.
The recipient uses the plaintext secret key to convert the ciphertext data to plaintext data.
Again, these steps are performed by PKI-enabled applications such as Microsoft Outlook and are transparent to the user.
In https, the key is exchanged through the server's certificate. Is this process plaintext or encrypted? After this process is intercepted, are you afraid that someone will get the key and crack the entire https?
The certificate will be pre-installed in the system, and the public key will be checked before HTTPS communication is tampered with during transmission. Communication can be secure only if some unreliable certificates are not trusted.
https:
Server uses RSA to generate public and private keys
Put the public key in the certificate and send it to the client , and save the private key by yourself
The client first checks the validity of the certificate with an authoritative server. If the certificate is valid, the client generates a random number, which is used as the key for communication. We call it a symmetric key . Use the public key to encrypt this random number. The number is sent to the server, the server decrypts the key to obtain the symmetric key , and then the two parties encrypt and decrypt the communication using the symmetric key.