- Symmetric encryption (also called private key encryption) refers to an encryption algorithm that uses the same key for encryption and decryption. It requires the sender and receiver to agree on a key before communicating securely. The security of the symmetric algorithm depends on the key. Leaking the key means that anyone can decrypt the messages they send or receive, so the secrecy of the key is very important to the security of communication.
- An asymmetric encryption algorithm requires two keys: a public key (publickey: public key for short) and a private key (privatekey: private key for short). The public key and the private key are a pair. If the data is encrypted with the public key, it can only be decrypted with the corresponding private key. Because encryption and decryption use two different keys, this algorithm is called an asymmetric encryption algorithm.
AES: Advanced Encryption Standard (Advanced Encryption Standard) is the most common symmetric encryption algorithm (WeChat applet encryption transmission is using this encryption algorithm).
The RSA encryption algorithm is the most common type of asymmetric encryption algorithm .
Usage Scenario 1: Only use RSA encryption
When we log in to the system, we need to enter a password. The password cannot be transmitted in plain text, so the password must be encrypted on the client side and decrypted on the server side. Then we can save the public key and private key on the server side, and tell the private key to the client. The client uses the public key to encrypt, and the server uses the private key to decrypt.
Scenario 2: Simultaneous use of RSA and AES
In addition to encrypting the information sent by the client, the data returned by the server is also encrypted. For example, the returned data contains sensitive information such as ID card and phone number, and there is a risk of leakage if it is transmitted in plain text. The client must use the private key to decrypt. If only RSA encryption and decryption are used, the private key must be stored on the client, which is easy to leak. So use RSA and AES at the same time.
client:
The client generates a 16byte key;
Use this key to encrypt user passwords with AES
Use RSA to encrypt the key
Send the RSA encrypted key and AES encrypted password information to the server
Note: Even if the encrypted key is intercepted, it is useless, because there is no RSA private key, and it cannot be decrypted
Server:
Decrypt the key with the RSA private key
ASE uses this key to decrypt the password
Encrypt the data with AES through the key and return it to the client
client:
The client decrypts with AES through the key to obtain the data
reference:
1. RSA is used in the project – Heart.Think.Do
2. Let’s talk about the common encryption algorithms at the front end-51CTO.COM