Information encryption technology:
1. One-way hash encryption
The fixed-length output information is obtained by hashing the information of different input lengths.
One-way, that is, the input information cannot be obtained by continuing to calculate the output information.
Features: Any small change in the input will result in a completely different output.
Algorithm: MD5, SHA
scenes to be used:
User password encryption, salt+MD5.
Generate information summaries
2. Symmetric encryption
Encrypt and decrypt using the same key
Symmetric, mutually extrapolable
Advantages: simple algorithm, high efficiency, low overhead, suitable for mass data encryption
Cons: How to securely exchange keys
Algorithms: DES, RC
scenes to be used:
Cookie encryption
Communication encryption
Remarks: traditional, most commonly used, most occasions
3. Asymmetric encryption
Encrypted with the public key, the private key is required to decrypt it.
Encrypted with private key requires public key to decrypt.
Algorithm: RSA
Use occasions:
Information security transmission (public key encryption, private key decryption)
Digital signature (private key encryption, public key decryption)
The digital certificate used by the browser in HTTPS transmission is essentially a public key of asymmetric encryption certified by an authority.
4. Practical application
Steps for mixed use of symmetric encryption and asymmetric encryption:
1. Secure transmission of "symmetric keys" using asymmetric encryption technology (sometimes twice asymmetric encryption)
2. Use countermeasure encryption technology to encrypt and decrypt "information".
Key Security Management:
Not recommended: There are source files and configuration files in the key storage location.
recommend:
1. The key and algorithm are placed on an independent server, maintained by special personnel, and external encryption and decryption services are provided (high cost and high system performance overhead)
2. The algorithm is placed in the application system, and the key is placed in an independent server, which is stored in shards. The application provides encryption and decryption interfaces externally by obtaining keys from the key server and caching them locally.
3. The algorithm is placed in the application system, the key is placed in the database, and unused keys are used in the development, testing, and production environments. (individual application practice)