overview
password introduction
Security Question
- Confidentiality: Get the sent message
- Integrity: tampering with sent messages
- Identity forgery: tampering with the identity of the sending subject, the message sent by a is tampered with the one sent by b
- Behavior repudiation: denial of sent messages, loss of traceability of behavior
Cryptography
- confidentiality
- integrity
- authenticity
- non-repudiation
History of Cryptography
- Origin of passwords: Wolf Smoke, Tiger Talisman, based on "secret language"
- Classical ciphers: Caesar cipher, early 20th century cipher machines, algorithm-based secrecy
- Modern Cryptography: Cipher Machines, Asymmetric Cryptography, Key-Based Secrecy
- Quantum cryptography: key-based secrecy is theoretically absolutely safe
Cryptographic Industry Classification
- Commercial encryption (not involving state secrets): applicable to banking, securities, taxation, insurance, electricity, transportation, e-commerce, e-government extranet, enterprise groups, etc.
- Puti (party and government organs/military industry involving state secrets)
- Nuclear Security (National Leadership)
name explanation
password
- Refers generally to "cryptography"
- From a functional point of view: cryptographic technology mainly includes encryption protection technology and security authentication technology.
- From the content point of view: cryptographic technology mainly includes cryptographic algorithms, key management and cryptographic protocols.
- Cryptographic algorithms: symmetric algorithms, asymmetric algorithms, digest algorithms, random number generation algorithms.
clear text
Algorithms that require secure transmission
ciphertext
The garbled information of the plaintext after password transformation
encryption
The process from plaintext to ciphertext
decrypt
The process of recovering plaintext from ciphertext
Encryption Algorithm
A set of rules to use when encrypting plaintext
decryption algorithm
A set of rules to use when decrypting ciphertext
key
A set of secret information used when encrypting and decrypting
Introduction to encryption and decryption process
encryption
decrypt
cryptographic algorithm
Classification of Cryptographic Algorithms
National Secret Algorithm
- Symmetric encryption algorithm: SM1, SM4, SM6
- Asymmetric cryptographic algorithm: SM2
- Password hash algorithm: SM3
international algorithm
- Symmetric encryption algorithm: DES, 3DES, AES
- Asymmetric cryptographic algorithm: RSA
- Password hash algorithm: SHA1
Symmetric algorithm
concept
An algorithm that uses the same key for encryption and decryption
process
features
- Performance: Fast.
- Key management: Shared keys, the same key used for encryption and decryption.
- Usage scenario: fast encryption and decryption.
weakness
- Keys are not easy to manage.
- Each pair of communicators requires a pair of different keys, which is not suitable for applications with a large number of users.
- It is impossible to correspond with someone you have never met.
asymmetric algorithm
concept
- Algorithms that use different keys for encryption and decryption.
- Exist in pairs, public key and private key, the private key can deduce the public key, and the public key cannot deduce the private key.
process
features
- Performance: slower.
- Key management: Encryption and decryption use different keys, and the public key can be made public.
- Key usage: public key encryption, private key decryption; private key encryption, public key decryption.
- Usage scenarios: small data volume encryption, digital signature, key exchange.
weakness
- The speed is slow and the resource consumption is obvious.
- It is not suitable for large data volume data encryption processing.
digest algorithm
concept
Map a data value of arbitrary length to a smaller data value of fixed length, which is called a hash value (summary value)
features
- Map variable-length information to fixed-length information.
- irreversibility.
- Faster.
- Usage scenario: Integrity verification. Such as MD5 file verification code (Checksum)
The difference between hashing and encryption
- Encryption requires a key, and the original text can be obtained through decryption. (encryption reversible)
- Hash does not require a key, and the original input cannot be reversed. (hash irreversible)
combination cipher
- The Best Solution: Combined Cryptography
- A symmetric algorithm is used for data encryption of a large amount of data, and a new random key is generated each time.
- Use an asymmetric algorithm for signature verification to confirm the authenticity of the identities of both parties.
- Hash values are computed using a digest algorithm.
Digital Signatures and Certificates
digital signature
concept
杂凑值
The result obtained by the signer using the private key to perform cryptographic operations on the data to be signed 公钥
can only be verified with the signer's to confirm the integrity of the data to be signed, the authenticity of the signer's identity and the non-repudiation of the signature behavior . - "Cryptographic Terminology" (GM/Z 0001-2013)
Overview of Digital Certificates
concept
- Digital certificates are also called "digital ID cards" and "network ID cards".
- An electronic file issued by the CA organization and certified by it, containing the owner's identity information and public key related information.
- It can be used to prove the true identity of the digital certificate holder. It is the identity certificate for various entities (individuals, merchants, enterprises, units, etc.) to carry out information exchange and business activities on the Internet, and to solve the problem of mutual trust.
- A digital certificate is a piece of data containing
用户身份信息
,用户公钥信息
and身份验证机构数字签名
, the digital signature of the authentication authority can ensure the authenticity of the certificate information.
storage
- Storage information: user's certificate, user's private key, and CA root certificate.
- Storage device: hard disk, smart IC card, TF card/SD card, smart password key (USB Key)
CA and RA
CA
concept
Certificate Authority (CA): It is an authoritative organization responsible for issuing and managing digital certificates. It mainly implements: certificate issuance, certificate renewal, certificate revocation and certificate verification.
effect
- Publish the local CA policy.
- Authenticate and identify subordinate institutions.
- Generate and manage affiliate certificates.
- Receive and authenticate RA certificate requests.
- Issue and manage certificates.
- Publish the certificate CRL.
- cross-certification.
RA
concept
Certificate Registration and Approval Authority (RA): Responsible for information entry, approval and certificate issuance of certificate applicants.
effect
- Review user identity information to ensure its authenticity.
- Management and maintenance of user identity information in this area.
- Download of digital certificates.
- Issuance and management of digital certificates.
- Register blacklist.
CA and RA relationship
CA and RA are similar to the relationship between the public security department and the police station.
Password Basic Functions
- encryption function
- Trusted Authentication Function
commercial encryption products
Classification of commercial encryption products
software
- Refers to cryptographic products that appear in the form of pure software.
- Such as: information security software, cryptographic algorithm software, digital certificate authentication system software.
chip
- Refers to cryptographic products in the form of chips.
- Such as: algorithm chip, cryptographic SOC chip, etc.
Among them, SOC: the abbreviation of System on Chip, the translation is system-level chip, also known as system on chip.
board
- A product that appears in the form of a board and has complete password functions.
- Such as: IC card, USBKEY, PCI-E password card, TF card, MINI, PCI-E card, etc.
complete machine
- A product that appears in the form of a complete machine and has complete password functions.
- Such as: signature server, server cipher machine, VPN security gateway, etc.
system
- A product that appears in the form of a system and is supported by password functions.
- Such as: electronic signature system, key management system, secure document transmission system, etc.
Application cases of commercial encryption products
Ensuring the confidentiality of information
- Encryption and decryption of stored information
- Transmission data encryption and decryption