Encryption and signature
For example, when A sends signed and encrypted information to B:
1. The function of A's signature on the information is to confirm that the information is sent by A and not by others;
2. Encryption protects the confidentiality of the content. The main purpose is to ensure that the information content will not be obtained by other people, only B can obtain it.
That is to ensure the only end-to-end certainty of the entire process. This information is sent by A (not someone else) and is sent to B. Only B can obtain the specific content (even if others intercept the information, they cannot obtain the specific content).
This is just a general description of its function, specifically, it involves key-related things. Keys are divided into public keys and private keys.
Then there are two sets of four keys: A's public key (PUB_A), A's private key (PRI_A); B's public key (PUB_B), B's private key (PRI_B).
The public key is generally used for encryption, and the private key is used for signing.
Usually the public key is made public, but the private key can only be kept privately.
Public keys and private keys uniquely correspond. Content signed with a certain public key can only be decrypted and verified with the corresponding private key; similarly, content encrypted with a certain private key can only be decrypted with the corresponding public key.
At this time, the entire signature and encryption process for A to send information to B is as follows:
1. A first signs the information (usually a summary of the information) with its own private key (PRI_A).
2. A then uses B’s public key (PUB_B) to encrypt the information content and signature information.
In this way, when B receives A's information, the steps to obtain the information content are as follows:
1. Use its own private key (PRI_B) to decrypt the content encrypted by A with B's public key (PUB_B);
2. Obtain the decrypted plaintext and use A's public key (PUB_A) decrypts A's signature using A's own private key (PRI_A).
Thus, the entire process ensures the unique end-to-end confirmation mentioned at the beginning. A's signature can only be decrypted by A's public key, so that B can confirm that the information is from A; A's encryption can only be decrypted by B's private key, so that A can confirm that the information can only be read by B .
Additional supplement:
add mac and verify mac to ensure whether mac is consistent and whether the message has been modified.
Hope it helps you