RSA data encryption and digital signature

Enterprise 2023-08-02 06:42:14 views: null

RSA algorithm

RSA is an asymmetric public key encryption algorithm that uses a public key to encrypt data and uses a private key to decrypt data. Usually, the public key is public, and the private key is kept by itself and cannot be made public. Therefore, when the RSA encryption algorithm is used for communication, the information sender and the information receiver transmit the public key and data to each other.
You should know that both data encryption and digital signature are for security reasons. The difference between the two is that data encryption is to encrypt data to prevent data leakage, while digital signature is to generate a signature from data to prevent forgery of data. Tampering with data.

data encryption

During the data encryption process, the public key is used to encrypt the data and the private key is used to decrypt it.
Scenario 1:
A communicates with B, and A sends a message to B. The process is as follows:

  • B publishes its public key to A
  • A uses B's public key to encrypt the data to be sent
  • B receives the encrypted data sent by A and uses its own private key to decrypt it

In the process of A->B sending a message, even if A's message and B's public key are intercepted, the real content of A still cannot be obtained.
insert image description here
In this scenario, the security of the message is guaranteed, but there is a premise that what B wants to receive is A’s message. At this time, a hacker C uses the public key published by B to forge a fake message to B, or intercepts A. The message, and then tamper with the message, B is unidentifiable, therefore, a digital signature is necessary.

digital signature

A digital signature uses a private key for signing and a public key for verification .
Scenario 2:
A sends a message to B, hacker C also sends a fake message to B, because B only wants A's message, so the process is as follows:

  • A publishes its own public key, B obtains A's public key
  • A signs the message with its own private key (at the same time, the content of the message can also be encrypted with data), and then sends the signature and the message to B at the same time
  • B uses A's public key to de-sign the signature, and the parsed content is the same as the actual message content, which can prove that the message was indeed sent by A

During this process, if C sends a forged message to B, and B uses A's public key to verify the signature of the forged message, it must fail.
insert image description here
To sum up, data encryption and digital signature have their own responsibilities. One ensures data security and the other ensures data correctness . Therefore, in the process of message transmission, in order to ensure security, you can consider using both.

RSA key

key file format

There are only two formats of keys (including private key and public key), der and pem
der: a special binary format
pem: plain text format encoded by base64 ASCII

PEM file

Since the PEM file is a plain text file, it is obvious that it can be opened directly with text software, but what you see is the encoded information . If you want to see the real content, you need to use the openssl tool to open it.

openssl x509 -in baidu.crt -text -noout

DER file

The der file is a binary file. If you open it with a general text editor such as vim, it will be garbled. You need to use the openssl command to view the specific information

openssl rsa -inform der baidu.key -text -noout
text software openssl
PEM file insert image description here insert image description here
DER file insert image description here insert image description here

key file suffix

common file extensions

  • .cer, .cert : Common certificate files under the window platform, the format can be der or pem, and only contains the public key
  • .crt : The certificate file under the Linux platform, the format is the same as above, and only contains the public key
  • .key : Private key file, the same format as above, only contains the private key

other file extensions

  • .csr : certificate generation request file, generally used to submit the generated certificate file to the CA organization
  • .pfx, .p12 : der format files commonly used on windows platform, including public key and private key
  • .jks : java keystore, including public and private keys
  • .pem, .der : It is the file format, and it can also be the file suffix . What suffix means the file format. Generally, the public key uses this suffix

How to use the key

In general, the rsa key needs to be used with **private key/certificate (not public key)**, which requires three steps:

  1. Generate private key file private.key locally
  2. If it is a self-signed certificate (that is, it has not been certified by a CA organization), you only need to generate a certificate based on the private key , and you can use it
  3. If it is a production environment, a CA certificate is generally required, you need to generate a certificate.csr file based on the private key , and then submit the csr file to the CA to generate a certificate, and you can use it

PS: If you need to use the public key file, you can generate the public key based on the private key

Difference between public key and certificate

Since digital signatures and encryption/decryption of information are based on public/private keys , why do we need certificates?
The certificate obviously contains the public key, and also contains the CA's institution information, etc., indicating that the public key is a qualified certificate certified by an authority.
The certificate is usually that the CA certification authority digitally signs the user's public key with its own private key. key.

Common openssl commands

operate openssl command
generate private key openssl genrsa -out privkey.pem 2048
Generate a self-signed certificate openssl req -new -x509 -key privkey.key -out cacert.pem -days 3650
Generate CSR file openssl req -new -key privkey.key -out cert.csr
generate public key openssl rsa -in privkey.key -pubout -out pubkey.pem
View the key file openssl rsa -in private.key -text -noout
view public key openssl rsa -pubin -in public.pem -text -noout
View the certificate file in der format openssl x509 -inform der -in certificate.cer -text -noout Add -inform der command to indicate der file
View the certificate file in pem format openssl x509 -in certificate.cer -text -noout omit the -inform option
pem to der openssl x509 -in myserver.pem -outform der -out myserver.crt
der convert pem openssl x509 -inform der -in myserver.der -out myserver.crt

Guess you like

Origin blog.csdn.net/qq_15098623/article/details/127761020
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com