Section 2, Project Payment Function Practice - Detailed explanation of information security, payment security, and interface security

Information security concept

When we mention information security, we usually think of security knowledge such as data transmission security, interface transmission security, login authentication, and authorization. We also think of encryption, decryption, authentication, signing, verification, security certificates, etc. Cumbersome and complex concepts. When talking about these concepts, everyone may have such an impression, but the concepts will be relatively vague. If you have not seriously studied or passed the senior system architect exam, or have no experience in related projects, then you must I will not be clear about this concept and can actually use it. In order to clarify the concepts inside, this article uses the actual combat process of the project to explain in detail the specific meaning of each concept, the detailed usage scenarios of each concept, and all knowledge points of the entire information security.

Information security includes 5 basic elements

(1) Confidentiality: Ensure that information is not exposed to unauthorized entities or processes.
(2) Integrity: Only people with permission can modify the data and can tell whether the data has been modified.
(3) Availability: Authorized entities can access data when needed, that is, attackers cannot occupy all resources and hinder the work of the authorizer.
(4) Controllability: The information flow and behavior within the authorized scope can be controlled.
(5) Auditability: Provide the basis and means for investigating information security issues that arise.
The scope of information security includes: equipment security, data security, content security and behavioral security.

Based on the above five elements, we know that our ultimate goal is to protect the security of data from tampering and illegal access. To sum up, there are the following points:

(1) Access control. Make sure the other party to the conversation (human or computer) has the authority to do what it claims to do.
(2) Certification. Make sure the resource (human or computer) on the other side of the conversation is what it claims to be.
(3) Completeness. Make sure the information received matches what was sent.
(4)Audit. Ensuring that any transaction that occurs can be verified afterwards, and that both the sender and the recipient believe that the exchange occurred is the so-called non-repudiation.
(5) Confidentiality. Ensure sensitive information is protected from eavesdropping.

Information security technical system

In order to achieve the purpose of security measures, a complete technical system is provided in the system architect security chapter, as follows: From the perspective of implementation technology, the information security system involves basic security equipment, computer network security, operating system security, database security, Terminal equipment security and other multi-faceted technologies.
(1) Basic security equipment includes password chips, encryption cards, identity cards, etc., in addition to physical environment protection technology applied to physical security. Building, computer room conditions and hardware equipment conditions meet the mechanical protection security of the information system. Through the Selective measures for the anti-electromagnetic interference and electromagnetic leakage performance of power supply equipment and information system components achieve corresponding safety purposes.
(2) Computer network security refers to the security precautions of information during network transmission, which is used to prevent and monitor unauthorized destruction, modification and data theft. It usually involves physical isolation, firewall and access control, encrypted transmission, authentication, digital signature, digest, tunnel and VPN technology, virus prevention and Internet behavior management, security audit and other implementation technologies.
(3) Operating system security refers to the operating system having no error configuration, no loopholes, no backdoors, no Trojan horses, etc., which can prevent illegal users from illegally accessing computer resources, and is generally used to express the security requirements for the operating system. The security mechanism of the operating system includes identification and authentication mechanism, access control mechanism, least privilege management, trusted path mechanism, operation assurance mechanism, storage protection mechanism, file protection mechanism, security audit mechanism, etc.
(4) Database security can be roughly divided into two parts: database management system security and database application system security, which mainly involve the integrity of the physical database, the integrity of the logical database, element security, auditability, access control, identity authentication, Availability, inference control, multi-level protection, and covert channel elimination and other related technologies.
(5) Terminal security equipment is divided into telephone cipher machines, fax cipher machines, asynchronous data cipher machines, etc. from the perspective of telecommunications network terminal equipment.

In the above system, we pay more attention to points (2) and (4) in terms of pure code.

Encryption and decryption and digital certificates

Encryption technology has a long history. Since the transmission and storage of information in ancient times, encryption technology has been used. Since then, for a long time, encryption and decryption technology have been widely used in special fields such as military, politics, diplomacy, and finance. After a long period of research and development, a relatively complete discipline-cryptography has been formed.

Cryptography is the science that studies encryption methods, principles of secret communication, and decryption methods, methods of breaking codes.
The process of encryption and decryption goes roughly like this: First, the sender of the message prepares the original form of the message to send, called plaintext. Then the plaintext undergoes a series of transformations to form another form of information that cannot directly reflect the meaning of the plaintext, called ciphertext. The process of converting plaintext into ciphertext is called encryption. A set of rules or methods used in encryption is called an encryption algorithm. After receiving the ciphertext, the receiver converts the ciphertext into plaintext to obtain the specific content of the information. This process is called decryption. When decrypting, a series of methods or rules corresponding to the encryption algorithm must also be used. This method or rule is called a decryption algorithm. During the encryption and decryption process, the parameter information mastered by both communicating parties controls the specific encryption and decryption process. This parameter is called a key. The key is divided into encryption key and decryption key, which are used in the encryption process and decryption process respectively.

In the process of encryption and decryption, if the encryption key used is the same as the decryption key, or it is easy to calculate one from the other, this method is called a symmetric key cryptosystem, also called a single-key cryptosystem. On the contrary, if the keys for encryption and decryption are not the same, or it is difficult to calculate one from the other, it is called an asymmetric key cryptosystem or a public key cryptosystem, also called a dual-key cryptosystem.

Symmetric encryption

In symmetric key cryptography, the same key is used in the encryption and decryption processes, or even if the encryption key and decryption key are different, one can be easily calculated from the other. Obviously, in this cryptographic system, the key becomes the core of the entire secret communication, and the security of the entire encryption system is completely based on the confidentiality of the key. If the key is exposed, the entire cryptographic system will completely lose its confidentiality effect. Therefore, the confidentiality of the key is the key to the security and confidentiality of the symmetric key encryption system. It must be properly preserved and transmitted through reliable channels.

Commonly used symmetric encryption algorithms are: DES and IDEA

asymmetric encryption algorithm

The symmetric key encryption method uses the same key for encryption and decryption, which is saved by the sender and receiver at the same time, and the same key is used for encryption and decryption. The main problem with this method is that the key generation, import, storage, management, distribution and other processes are relatively complex. Especially as the number of users increases, the demand for keys increases exponentially. In larger-scale information systems, the distribution and management of a large number of keys is a difficult problem to solve.

For example, if there are n users in the system, and cryptographic communication needs to be established between every two users, then each user in the system must master (n-1)/2 keys, and the total number of keys required in the system is n*(n-1)/2. For 10 users, each user must have 9 keys, for a total of 45 keys in the system. For 100 users, each user must have 99 keys, for a total of 4950 keys in the system. This only considers the situation where only one session key is used for communication between users. If different sessions need to change different keys, the total number of keys will be even more. The generation, management, and distribution of such a large number of keys is an intractable problem.

Different from the symmetric key encryption method, the asymmetric key encryption technology requires the use of two different keys when encrypting and decrypting information, so it is also called the dual-key encryption method. During its operation, it first generates a pair of keys, one of which is a secret key, which is kept by the user and cannot be leaked to the outside world, referred to as a private key; the other is a public key, which can be disclosed to the outside world and can even be stored in a public directory. Listed in, referred to as the public key, so it is also called the public key encryption method.

Data encrypted with the public key can only be decrypted using the private key, while data encrypted with the private key can only be decrypted with the public key. During the communication process, if the sender wants to send confidential information to the receiver, the information needs to be encrypted with the receiver's public key and then sent to the receiver. The receiver can successfully decrypt it with its private key. Even if others receive the encrypted ciphertext, they cannot correctly interpret it, thereby achieving the purpose of confidential communication.

In the public key encryption method, in order to achieve good encryption effect, the algorithm must be: it is very easy to generate the key computationally; it is computationally easy to encrypt the plaintext when the public key is known; the private key is known Decrypting the ciphertext is computationally easy to implement if the public key is known; although the two keys used for encryption and decryption are mathematically related, when the public key is known, it is difficult to obtain the private key in It is computationally infeasible; when the public key and ciphertext are known, it is computationally infeasible to obtain the plaintext. Only by doing the above points can we effectively prevent attackers from deciphering the algorithm.

There are many asymmetric key encryption algorithms, such as RSA, backpack cipher, McEliece, Diffe Hellman, Rabin, Ong Fiat Shamir, zero-knowledge proof algorithm, elliptic curve, EIGamal, etc. The most commonly used asymmetric encryption algorithm is RSA.

The encryption key and decryption key used in asymmetric encryption algorithms are different and are called no-shared key algorithms or asymmetric key algorithms. In 1976, Dime and Hellman of Stanford University proposed a public key encryption algorithm that uses different keys for encryption and decryption. Let P be the plaintext, C be the ciphertext, E be the encryption algorithm controlled by the public, and D be the decryption algorithm controlled by the private key. These parameters satisfy the following three conditions:
(1) D (E §) =P.
(2) D cannot be derived from E.
(3) Chosen plaintext attack (selecting any plaintext-ciphertext pair to determine the unknown secret) cannot crack E. Calculate C=E§ when encrypting, and P=D© when decrypting. Encryption and decryption are reciprocal. Using public encryption and private key decryption can achieve confidential communication; using private key encryption and public key decryption can achieve digital signatures.

Key management

In the past, people always relied on keeping encryption algorithms and keys secret to increase the strength and effectiveness of confidentiality. With the development of modern cryptography, most encryption algorithms have been made public. Some typical algorithms (such as DES, IDEA, RSA, etc.) have become international standards and are widely accepted. People can obtain the details of the algorithms from a variety of ways, and there are already many software and hardware devices that use these algorithms.

Therefore, in modern cryptosystems, the confidentiality of the algorithm itself is no longer important. The confidentiality of data depends to a large extent or even completely on the confidentiality of the key. As long as the key can be kept secret, even if the encryption algorithm is disclosed or even the encryption equipment is lost, it will not have much impact on the robustness and normal use of the encryption system. On the contrary, if the key is lost, illegal users can steal confidential data, while legitimate users are faced with ciphertext and cannot extract valid information. Rather than doing this, it is better not to encrypt it! Therefore, in cryptographic systems, how to efficiently distribute keys and securely manage keys is crucial to ensuring data security.

Distribution and management of symmetric keys

Key distribution generally needs to solve two problems: one is to introduce an automatic key distribution mechanism to improve the efficiency of the system; the other is to reduce the amount of keys resident in the system as much as possible. These two problems can also be solved simultaneously. So how to distribute keys reasonably? Two users A and B can obtain the shared key in four ways:
(1) The key selected by A is sent to the other party B through physical means.
(2) The third party selects the secret and sends it to A and B respectively through physical means.
(3) A and B already have a secret key in advance. After one party chooses a new key, it encrypts the new key with the existing key and sends it to
the other party.
(4) The three parties A, B, and C each have a secret channel. After C selects the secret, it sends it through the respective secret channels of A and B. The first two methods are called manual transmission. If N users in the network all require support for encryption services, any pair of users who want to communicate each needs a shared key, which results in the number of keys as high as N (N-1) 2. In the third method, once the attacker obtains one key, he can obtain all subsequent keys, which brings hidden dangers to security. The common weakness of these three methods is that when N is large, the cost of key distribution also becomes very large. However, this centerless key control technology is very useful within the local scope of the entire network. As shown in Figure 4-3, N represents a random number.

The fourth method is more commonly used. The third party C is the KDC that allocates keys to users. Each user and KDC have a shared key, that is, the master key. The master key is then assigned to each pair of user session keys for confidential communication between users. The session key is destroyed immediately after the communication ends. Although the number of session keys in this method is N(N-1)/2, the number of master keys is only N(N-1)/2, which can be sent by physical means. As shown in Figure 4-4, N represents a random number and Ks represents the session key.

So, what is KDC? Its full name is (Key Distribution Center, Key Distribution Center), which is a very effective automatic key distribution scheme. In the KDC scheme, each user only saves his own private key SK and KDC's public key PKKDC, and during communication, he obtains other users' public keys PK or symmetric keys that can only be used in a certain communication through KDC. The temporary key K of the encryption algorithm. Assume that there are two users A and B, both registered users of KDC. They have private keys SKA and SKB respectively, and the corresponding public keys are PKA and PKB respectively. Now A wants to have a conversation with B. If a symmetric key encryption algorithm is used to encrypt this conversation, the key distribution process is shown in Figure 16-2.

First, user A sends a request SKA(A, B) encrypted with his own private key SKA to KDC, indicating that he wants to have a conversation with B.

After KDC receives this request, it generates a symmetric cryptographic algorithm key K based on a certain algorithm that can be used for secret conversations between A and B, and then returns a response PK(K, PKB(A, K)) to A. This response message is encrypted with A's public key PKA. Of course, only user A can correctly interpret it and extract the key K of the session with B.

At the same time, there is also a part of the information PKB (A, K), indicating that user A wants to have a conversation with B, and the key is K, which is encrypted with B's public key PKB. User A sends this part of the information to B, and B decrypts the session key after receiving it.

At this point, the automatic key distribution process is completed. After that, both parties A and B can use the key K to carry out encrypted communication.

Key management of public key encryption system

Key management methods include the following four forms:

1. Public release
Public release means that the user sends his public key to every other user or broadcasts it to a certain group. For example: PGP (PrettyGood Privacy) uses the RSA algorithm. Many users can attach their public keys to messages and send them to the public area. Although this method is simple, it has a very big disadvantage: anyone can forge the password. The key is released to the public. If a user pretends to be user A and sends or broadcasts his public key to another user in the name of A, before A discovers the impostor, the impostor can decipher all encrypted messages sent to A, and even Obtain authentication with a forged key.

2. Public directory table
Public directory table refers to a public public key dynamic directory table, and a trusted entity or organization (the administrator of the public directory) is responsible for the establishment and maintenance of the public directory table and the distribution of public keys. The administrator creates a directory for each user in the directory table, which includes two data items: the user name and the user's public key, and publishes and updates the directory table regularly. Each user registers his or her public key with the administrator either personally or through some secure authenticated communication, can access the directory electronically, and can replace the key with a new one at any time. However, once the administrator secret key of this public directory is obtained by an attacker, it also faces the risk of being counterfeited.

3. Public key management organization
is similar to the public directory table, but uses a public key management organization to establish and maintain a dynamic public key directory for each user. This more stringent control over public key distribution can enhance its security. It is important to note that each user reliably knows the public key of the management organization, but only the management organization itself knows the corresponding secret key. For example: when user A sends a request to a public management agency, the agency responds to the request, encrypts it with its own secret key SKar and sends it to A, who then uses the agency's public decryption.
Its disadvantage is that every user must turn to the management agency if they want to contact others, so it is easy for the management agency to become the bottleneck of the system, and the public key directory maintained by the management agency is also easily disturbed by adversaries.

4. Public key certificate
Public key certificate can solve some of the shortcomings of the above strategies to a certain extent. The public key certificate is established for the user by the certificate authority CA (Certifcate Authority). The data items include the public key that matches the user's secret, the user's identity and timestamp, etc. All data items are approved by the CA using its own After signing with the secret key, a certificate is formed, that is, the certificate is in the form of CA-ESKcA[T, IDA, PKA]. T is the current timestamp, IDA is user A's identity, PKA is A's public key, SKca is the CA's secret key, and CA is the certificate generated by user A. The user sends his public key to another user through a public key certificate, and the recipient can use the CA's public PKa to verify the certificate. In this way, public keys between users are exchanged through certificates without the need to contact the public key management agency, thereby avoiding the inconvenience and security risks caused by unified agency management.

From the above four forms, the fourth way is the best. So what is a digital certificate?

What is a digital certificate?

Digital certificates provide a mechanism to establish a relationship between a public key and the entity that owns the corresponding private key. Currently, the most commonly used digital certificate format is defined by the international standard ITU-T X.509 v3.
The public key system is used in digital certificates, that is, a pair of matching keys is used for encryption and decryption. Each user saves his own private key and uses it for decryption and signature; he also sets a public key, which is made public by himself and shared by a group of users for encryption and signature verification.

Digital certificates serve as evidence of a user's identity in the system. In all aspects of communication, the parties involved in the communication verify the authenticity and validity of the other party's identity by verifying the other party's digital certificate, thereby solving the mutual trust problem.

The content of a digital certificate generally includes: the name that uniquely identifies the owner of the certificate, the name that uniquely identifies the issuer of the certificate, the public key of the certificate owner, the digital signature of the issuer of the certificate, the validity period of the certificate, and the serial number of the certificate, etc.

public key infrastructure

PKI is public key infrastructure. Its role in information systems is equivalent to its role as a public facility in social life. Its goal is to provide public key management services to a wide range of information system users and applications. PKI refers to a system composed of digital certificates, Certificate Authority (CA), and other registration agencies that check and verify the legality of all parties involved in electronic transactions, communications, etc. In order to enable users to obtain real and reliable public keys in unreliable network environments, PKI introduces recognized and trusted third parties;

There are three types of entities in PKI: management entities, end entities, and certificate stores . The management entity is the core of PKI and the provider of PKI services; the end entity is the user of PKI and the user of PKI services; the certificate library is a distributed database used for the storage and retrieval of certificates and CRLs.

CA and Registration Authority (RA) are two types of management entities. The CA is the only entity in the PKI framework that can issue and revoke certificates, and maintains the life cycle of the certificate; the RA is responsible for processing user requests, and after verifying the validity of the request, submits it to the CA on behalf of the user. RA can be implemented separately or combined in CA. As management entities, CA and RA provide public key distribution services to end entities in the form of certificates.

Holders and verifiers are two types of end entities. The holder is the owner of the certificate and the de facto subject declared by the certificate. The holder applies for and obtains a certificate from the management entity and can also request to revoke or renew the certificate when necessary. The holder uses the certificate to declare his or her identity and thereby obtains the corresponding rights. The verifier confirms the validity of the certificate provided by the holder and whether the other party is the true owner of the certificate. Only after successful authentication can further interaction with the other party be carried out.

The certificate store can be implemented using the Web, file server storage (FTP, FSTDFS, miniIO, etc.) or directory. Since the objects accessed in the certificate store are certificates and CRLs, their integrity is guaranteed by digital signatures, so operations on the certificate store can be transmitted over channels without special security protection.

The PKI framework can be divided into three levels. The lowest layer is the transport layer , which provides reliable transmission of PKI messages upwards. It can be a transport layer protocol or an application layer protocol. The middle layer is the cryptography service layer , which provides basic cryptography services such as encryption, decryption, digital signatures, and message digests. It can be implemented by methods such as RSA and MD5. The highest layer is the certificate service layer , which uses the encryption and transmission services provided by the previous two layers to provide users with services such as certificate request, issuance, release, revocation and update.

X.509 digital certificate: The X.509 standard formulated by ISO/ITU, ANSI, IETF and other organizations specifically defines the format of digital certificates. This standard is developed to ensure interoperability between systems that use digital certificates. . In theory, an X.509 certificate created for one application can be used in any other application that conforms to the X.509 standard. The data items it contains are:
① Version number. Used to distinguish different version numbers of X.509.
②Serial number. Each certificate is assigned a unique digital number by the CA, and the serial number of each certificate issued by the same CA is unique.
③Signature algorithm identifier. Used to specify the public key algorithm and HASH algorithm used by the CA when issuing certificates, and must be registered with the International Standards Organization.
④The name of the issuer. The name of the CA that created and signed the certificate.
⑤Validity period. The validity time of the certificate includes two dates: the date when the certificate becomes effective, and the date and time when the certificate expires. Valid between the two times specified.
⑥Subject name. The name of the certificate holder, service location and other information.
⑦Public key information of the subject. Includes the subject's public key, the identifier of the algorithm using this public key, and the corresponding parameters.
⑧Issuer’s unique identifier. This data item is optional and is used to uniquely identify the issuer when the CA name is reused for another entity.
⑨Subject unique identifier. This data item is also optional and is used to uniquely identify the subject when its name is reused for another entity.
⑩Expand the domain. Includes one or more expanded data items.
⑪Signature. The CA uses its own private key to digitally sign the hash value of each of the above data items.

Public key cryptography distributes keys for single-key cryptography

After the public key is distributed, users can use the public key encryption system to communicate confidentially. However, the encryption speed of this encryption system is relatively slow, so it is more suitable for key distribution of single-key encryption system, as shown in Figure 4-5.

Assuming that users A and B have completed public exchange, the public key encryption system can be used to establish a shared session key according to the following steps.
(1) A will use the identity IDA obtained by the public addition of B and a unique identifier for this business. A one-time random number N is sent to B.
(2) If A determines that the other party is B, then B uses A's public encryption N and another newly generated random number N, because only B can decipher the encryption in D.
(3) A uses B’s public PKB to encrypt N and returns it to B, so that B can believe that the other party is indeed A.
(4) A sends M=EpxB[ESKA[K]] to B, where K is the session secret. B’s public encryption is used to ensure that only B can interpret the encryption result. A’s secret encryption is used to ensure that only B can interpret the encryption result. A can be sent.
(5) B restores the session key with DpxA[DsKR[M].
The confidentiality and authentication of this distribution process are very strong, which can prevent both passive attacks and active attacks.

If you explain this passage in plain language, what does public key encryption mean by distributing the key of a single-key cryptosystem? Let’s give a case to illustrate.

Public key encryption distributes the keys of a single-key cryptosystem, which is a method that uses public key encryption technology to achieve secure transmission of symmetric encryption keys. Simply put, public key encryption is used to protect the symmetric encryption key, so that key distribution problems can be avoided and encryption efficiency can be improved. Let me explain it with a communication case:

Suppose Xiao Ming and Xiao Hong want to use symmetric encryption to keep their communication secret, but they have no shared symmetric key and no secure key distribution center. They can take the following steps:

1. Xiao Ming and Xiao Hong each generate a pair of public and private keys, such as using the RSA algorithm. The public key is public and can be given to anyone, while the private key is confidential and can only be used by yourself.
2. Xiao Ming sends his public key to Xiao Hong, and Xiao Hong sends her public key to Xiao Ming. This way they can encrypt each other's messages using each other's public keys.
3. Xiao Ming randomly generates a symmetric key, such as using the AES algorithm. This symmetric key is the session key for their communication and is used to encrypt and decrypt their messages.
4. Xiao Ming uses Xiao Hong's public key to encrypt the symmetric key, and then sends the encrypted result to Xiao Hong. In this way, only Xiaohong can use her own private key to decrypt and obtain the symmetric key.
5. Xiaohong uses her private key to decrypt the message sent by Xiaoming and obtains the symmetric key. She then uses this symmetric key to encrypt her message, such as "Received, don't be late", and then sends it to Xiao Ming.
6. Xiao Ming uses the symmetric key to decrypt the message sent by Xiao Hong and obtains the plain text. Then he also uses the symmetric key to encrypt his reply, such as "Okay, I will be there on time", and then sends it to Xiaohong.
7. Xiaohong uses the symmetric key to decrypt the reply sent by Xiaoming and obtains the plaintext. They can then proceed to encrypt and decrypt their communications using the symmetric key.

This case is an example of public key cryptography distributing keys for single-key cryptography. Its advantage is that it can ensure the secure transmission of symmetric keys and can also improve the efficiency of communication, because symmetric encryption is much faster than public key encryption. Its disadvantage is that both parties need to generate and manage public and private keys independently, and they also need to pay attention to the authenticity and validity of the public key to prevent man-in-the-middle attacks or public key tampering.

digital signature

For important files, data, information, etc. that are transmitted and stored in computer systems, there is generally a need to have some way to confirm their authenticity, that is, the recipient can confirm that the information they receive is indeed sent by the purported sender of the information. Rather than being forged or counterfeited by illegal intruders, it is also necessary to ensure that the information has not been maliciously tampered with during transmission and storage, so that the information can truly reflect the sender's intention. In addition, for the sender, if a message is sent, certain measures must be taken to prevent it from denying that it sent the message, that is, non-repudiation.

Only by achieving the above points can an information transmission and storage system be safe and reliable, and the information transmitted and stored on it be true and trustworthy.

For example, buyers and sellers who trade with each other conduct trade through a computer system. The seller sends an electronic quotation to the buyer through the computer system. After the buyer receives it, he changes the unit price received without authorization and claims that it was issued by the seller. and placing an order based on this is tampering with information. Obviously a secure system should be able to prevent this behavior. To achieve the above-mentioned secure system, digital signature technology is indispensable.

Digital signatures mainly consist of two algorithms: signature algorithm and verification algorithm. By signing a message using a signature algorithm, the resulting signature can be passed through a verification algorithm to verify the authenticity and validity of the signature.

So the general process of digital signature technology is: the sender of the information signs the information with his own private key, and then the sender sends the signature and the information to the recipient. After receiving the information, the recipient uses the sender's public key to verify the digital signature and confirm its legitimacy.

There are already a large number of digital signature algorithms, such as RSA digital signature algorithm, EI Gamal, Fiat-Shamir, Guillon-Oucsquerrter, DSS (Digital Signature Standard, digital signature standard), DSA (Digital Signature Algorithm, digital signature algorithm), Ellipse Curves etc.

Digital signature conditions

Just like people's handwritten signatures, the digital signature system provides services to both communicating parties, allowing A to send a signed message P to B, in order to achieve the following points:
(1) B can verify that the message P indeed comes from A.
(2) A cannot deny sending P in the future.
(3)B cannot fabricate or change message P.

A usable digital signature should ensure the following conditions:

(1) 签名是可信的. A signature convinces the recipient of the document that the signer carefully signed the document
(2) 签名不可伪造. A signature proves that the signer and not someone else carefully signed the document.
(3) 签名不可重用. The signature is part of the document, and it is impossible for criminals to move the signature to a different document
(4) 签名的文件是不可改变的. After a document is signed, the document cannot be changed. (5) The signature is non-repudiation. Signatures and documents are physical things. The signer cannot later claim that he did not sign. In real life, none of these properties about signatures are entirely true. Signatures can be forged, signatures can be stolen from an article and moved to another article, and documents can be altered after they are signed. Doing this kind of thing on a computer also has some problems. First, computer files are easy to copy. Even if someone's signature is difficult to forge (for example, a graphic representation of a handwritten signature), it's easy to cut and paste a valid signature from one document to another. This kind of signature is meaningless: secondly, the file is easy to modify after signing, and will not leave any traces of modification. To solve these problems, digital signature technology came into being.

Symmetric key signature

The signature based on the symmetric key is shown in Figure 4-6. Suppose BB is the arbitrator that A and B mutually trust. KA and KB are the keys between A and B and BB respectively, and KBB is the secret that only BB has. P is the message sent by A to B, and t is the timestamp. BB interprets A's message {A,K. (B, RA, t, P)} later generates a signed message Ke (A, t, P) and assembles it into a message K sent to B. (A, R, t, P, Ke (A, t, P)). B can decrypt the message, read the message P, and retain the evidence Kee (A, t, P). Since the communication between A and B is through the middleman BB, there is no need to doubt the identity of the other party. And due to the existence of the evidence KB (A, t, P), A cannot deny sending the message P, and B cannot change the received message P, because BB may decrypt Kbb (A, t, P) on the spot during arbitration and obtain the sent message. Person, sending time and original message P.

Symmetric key signature is a method that uses symmetric key encryption technology to achieve message authentication and non-repudiation. Simply put, a key shared by both parties is used to encrypt and verify the content and source of the message. The disadvantage of symmetric key signatures is that a trusted third party is required to assist in the distribution and management of keys, and the security of the keys relies on the reliability of the third party. Let me explain with a case:

Suppose Xiao Ming and Xiao Hong want to use symmetric key signatures to ensure the authenticity and integrity of their communications, but they do not have a shared key and no secure key distribution center. They can take the following steps:

1. Xiao Ming and Xiao Hong each establish a symmetric key encryption channel with a trusted third party Xiao Bai, such as using the AES algorithm. Xiao Ming and Xiao Bai share a key Ka, Xiao Hong and Xiao Bai share a key Kha, and Xiao Bai also has his own key Kee. These keys are assigned in advance in a secure manner.
2. Xiao Ming wants to send a message P to Xiao Hong, such as "I love you". He first encrypts it with Xiaobai's public key and gets a ciphertext C. He also generates a random number Ra, and a timestamp t, indicating the time of sending. He packaged all this information into a message, encrypted it with his and Xiaobai's shared key, and then sent it to Xiaobai.
3. After Xiaobai receives Xiaoming's message, he decrypts ka using his and Xiaoming's shared key, and obtains Xiaoming's identity, Xiaohong's identity, random number Ra, timestamp t, and ciphertext C. Xiaobai uses his private key to decrypt the ciphertext C and obtains the message P. Xiaobai uses his own key Kbb to encrypt Xiaoming's identity, timestamp, and message to obtain a signature S. Xiaobai then uses the child's public key to encrypt P into ciphertext C. Xiaobai packages Xiaoming's identity, random number, timestamp, plaintext, and signature into a message, and encrypts it with the symmetric key shared with Xiaohong. , and then send it to Xiaohong.
4. After Xiaohong receives Xiaobai's message, she decrypts it with her and Xiaobai's shared key, and obtains Xiaoming's identity, random number, timestamp, ciphertext, and signature. Xiaohong uses her private key to decrypt the ciphertext and obtains message P. Xiaohong uses Xiaobai's public key to decrypt the signature and obtains Xiaoming's identity, timestamp, and message. Xiaohong compares whether the decrypted message is consistent with the message in the signature. If they are consistent, it means that the message has not been tampered with and was sent by Xiaoming. Xiaohong can also check the timestamp to see if the message is the latest to prevent replay attacks.

This case is an example of symmetric key signature. Its advantage is that it can guarantee the authenticity and integrity of the message and also prevent denial by the sender and receiver. Its disadvantage is that it requires a trusted third party to assist in the distribution and management of keys, and the security of the keys relies on the reliability of the third party.

So how many keys are there in the above case? Let’s analyze it again: A total of six keys are mentioned above, and they are classified according to the characteristics of the functions.

Encryption and decryption

• Ka, the symmetric key of Xiao Ming and Xiao Bai, is used to encrypt and decrypt the communication between them, and only the two of them know it.
• Kb, the symmetric key of Xiaohong and Xiaobai, is used to encrypt and decrypt the communication between them, and only the two of them know it.
• Xiaohong's private key, used to encrypt and decrypt Xiaobai's messages, is known only to him.
• Xiaohong’s public key is used to encrypt and decrypt Xiaohong’s messages, and anyone can know it.

Signature use

• Kbb, Xiaobai's private key, is used to encrypt and decrypt his own signature, and only he knows it.
• Xiaobai's public key is used to encrypt and decrypt Xiaobai's signature, and anyone can know it.

As can be seen from the above, public keys and private keys appear in pairs. These keys are used to ensure the confidentiality, integrity, authenticity, and non-repudiation of messages. Symmetric key refers to encryption technology that uses the same key for encryption and decryption, such as Ka and Kb. Asymmetric key refers to encryption technology that uses different keys for encryption and decryption, such as Xiaobai's public key and private key. The public key refers to the key that can be disclosed to anyone, and the private key refers to the key that can only be kept by yourself.

How does the symmetric key signature method achieve secure transmission of data?

This is a double encryption method that increases message security. Let’s analyze it step by step

Xiao Ming

(1) First use Xiaobai’s public key 加密 (original message P) to obtain the ciphertext C
(2) Then use his own and Xiaobai’s shared key Ka (symmetric key) 加密M (Xiaohong’s identity information, ciphertext C, Random number N, timestamp t) to obtain the ciphertext M1
(3) Send (Xiao Ming’s own identity, M) to Xiao Bai

noob

(1) Xiaobai receives the ciphertext M1 and uses Ka 解密 to obtain M (Xiaohong’s identity information, ciphertext C, random number N, timestamp t)
(2) Use Xiaobai’s private key kbb 解密C to obtain the original plaintext P
(3 ) Use Xiaobai’s private key kbb 加密（加签） (Xiao Ming’s identity, timestamp, P) to obtain the signature information S
(4) Use Xiaohong’s public key加密 plaintext P to obtain the ciphertext C
(4) Use Kb 加密(Xiao Ming’s identity, timestamp, random number, signature, ciphertext) and send it to Xiaohong in a package.

Xiaohong

(1) After receiving it, Xiaohong uses Kb 解密 to obtain (Xiaoming’s identity, timestamp, random number, signature, ciphertext)
(2) Based on the obtained information, use Xiaobai’s public key to 验证签名obtain the validity

First, let’s analyze the interaction between Xiao Ming and Xiao Bai. We can see that using double-layer encryption mode, Xiao Ming first encrypts the message with Xiao Bai’s public key to ensure that only Xiao Bai can decrypt it and prevent others from intercepting or tampering with the message. Then use the shared key Ka between yourself and Xiaobai to encrypt it to ensure that Xiaobai can recognize that the message is from Xiaoming and prevent others from forging or impersonating the message. In this way, Xiao Ming can send the double-encrypted ciphertext C to Xiao Bai, and ask Xiao Bai to forward it to Xiao Hong. After Xiaobai receives the ciphertext C, he can first decrypt it with his and Xiaoming's shared key Ka to get the message encrypted by Xiaobai's public key, and then decrypt it with his own private key to get the original message P. In this way, Xiaobai can verify that the message is from Xiaoming and has not been modified.

Then Xiaobai can sign the message with his own key Kbb, encrypt it with Xiaohong's public key, and then encrypt it with his and Xiaohong's shared key Kb to get a new ciphertext D and send it to Xiaobai. red. After Xiaohong receives the ciphertext D, she can first decrypt it with her and Xiaobai's shared key Kb to get the message and signature encrypted by Xiaohong's public key, and then decrypt it with her own private key to get the message P and signature S. Then, Xiao Hong can use Xiao Bai’s public key to decrypt the signature S and obtain Xiao Ming’s identity, timestamp, and message. In this way, Xiaohong can confirm that the message is from Xiaoming, has not been tampered with, and is the latest.

How did Xiaohong verify Xiaoming's identity after receiving the message, and how did she verify the signature?

Let me explain to you how Xiao Hong verified Xiao Ming’s identity and signature after receiving the message:

• Verify Xiao Ming's identity: In the message Xiao Hong received, there was a random number Ra. This random number was generated by Xiao Ming and only Xiao Ming and Xiao Bai knew it. Xiaohong can use Xiaobai's public key to decrypt the signature S and obtain Xiaoming's identity, timestamp, and message. Xiaohong can compare whether the decrypted message is consistent with the message in the signature. If they are consistent, it means that the message has not been tampered with and was sent by Xiaoming. Xiaohong can also check the timestamp to see if the message is the latest to prevent replay attacks. Xiaohong can also encrypt Ra with Xiaobai's public key, and then send it to Xiaobai, who can decrypt it with his own private key and get Ra. Xiaobai can use Ra to compare with the Ra sent by Xiaoming before. If they are consistent, it means that Xiaohong has indeed received Xiaoming's message, and it is the latest. In this way, Xiaobai can serve as a trusted third party to prove Xiaoming's identity and the authenticity of the message.
• Verify signature: There is a signature S in the message received by Xiaohong. This signature was obtained by Xiaobai using his own key Kee to encrypt Xiaoming's identity, timestamp, and message. Xiaohong can use Xiaobai's public key to decrypt the signature S and obtain Xiaoming's identity, timestamp, and message. Xiaohong can compare whether the decrypted message is consistent with the message in the signature. If they are consistent, it means that the signature is valid and was generated by Xiaobai. Xiaohong can also check the timestamp to see if the message is the latest to prevent replay attacks. In this way, Xiaohong can verify the correctness and completeness of the signature, and prevent Xiaoming or Xiaobai from denying it.

How are these keys distributed?

These keys are distributed by a Key Distribution Center (KDC) or a Certificate Authority (CA). The key distribution center is a trusted third party that can generate and distribute symmetric keys for communicating parties, and can also provide tickets and signatures for communicating parties to verify the identity of the other party. A certificate authority is an organization specifically responsible for issuing and managing public key certificates. It can provide public keys and certificates to communicating parties, and can also provide signatures and verifications for public keys and certificates.

• Ka, the symmetric key of Xiao Ming and Xiao Bai, is distributed by the Key Distribution Center (KDC). KDC is a trusted third party that can generate and distribute symmetric keys for communicating parties, and can also provide tickets and signatures for communicating parties to verify the identity of the other party.
• Kb, the symmetric key of Xiaohong and Xiaobai, is also distributed by KDC, same as above.
• Kbb, Xiaobai’s private key, was generated by Xiaobai himself. Xiaobai's private key is used to encrypt and decrypt his own signature. Only he knows it and cannot be leaked to anyone.
• Xiaobai's public key is generated by Xiaobai himself and matches Xiaobai's private key. Xiaobai's public key is used to encrypt and decrypt Xiaobai's signature. Anyone can know it and can publish it publicly or register it with a certificate authority (CA).
• Xiaobai's private key is generated by Xiaobai himself and matches Xiaobai's public key. Xiaobai's private key is used to encrypt and decrypt Xiaobai's messages. Only he knows it and cannot be leaked to anyone.
• Xiaohong’s public key is generated by Xiaohong herself and matches Xiaohong’s private key. Xiaohong's public key is used to encrypt and decrypt Xiaohong's messages. Anyone can know it and can publish it publicly or register it with the CA.

How do random numbers and timestamps work? For example, how does it verify Xiao Ming’s identity and the authenticity of the message? Or how to prevent replay attacks or timeliness?

• Verify Xiao Ming's identity: When Xiao Ming sends a message to Xiao Bai, a random number Ra will be generated. This random number is generated by Xiao Ming himself and only Xiao Ming and Xiao Bai know it. After Xiaobai receives Xiaoming's message, he will encrypt Ra with Xiaobai's public key, and then send it to Xiaohong, who will forward it to Xiaoming. After Xiao Ming receives Xiao Bai's reply, he will decrypt it with Xiao Bai's private key and get Ra. Xiao Ming can use Ra to compare with the Ra he generated before. If they are consistent, it means that Xiao Bai has indeed received Xiao Ming's message, and it is the latest. In this way, Xiao Ming can verify Xiao Bai's identity and the authenticity of the message.
• Verify the authenticity of the message: When Xiao Ming sends a message to Xiao Bai, a timestamp t will be generated, indicating the time of sending. After Xiaobai receives Xiaoming's message, he will use his own key Kee to encrypt Xiaoming's identity, timestamp, and message to obtain a signature S. Xiaobai sends the signature S to Xiaohong, and asks Xiaohong to forward it to Xiaoming. After Xiaoming receives Xiaobai's reply, he will use Xiaobai's public key to decrypt the signature S and obtain Xiaoming's identity, timestamp, and message. Xiao Ming can compare whether the decrypted message is consistent with the message he sent before. If they are consistent, it means that the message has not been tampered with and was signed by Xiao Ming. Xiao Ming can also check the timestamp to see if the message is the latest to prevent replay attacks. In this way, Xiao Ming can verify the authenticity and integrity of the message.
• Prevent replay attacks: Replay attacks refer to other people using previously intercepted or recorded messages to impersonate Xiao Ming or Xiao Bai. If there are no random numbers and timestamps, then others can use previous messages to deceive Xiao Ming or Xiao Bai into thinking it is the latest news. But if you have a random number and timestamp, then others cannot replay the message, because the random number and timestamp are one-time, and the message sent is different every time and has an expiration date. If the random number or timestamp does not match or expires, then Xiao Ming or Xiao Bai can identify the replay attack and refuse to accept the message.

public key signature

In a symmetric cryptosystem, the encryption key and decryption key can be derived from each other. Exposed keys make the system insecure. The public key cryptography system can easily solve the key exchange problem. In public-key cryptography, the decryption key and the encryption key are different, and it is difficult to derive one from the other.
The digital signature system using public key encryption algorithm is shown in Figure 4-7. If party A denies, B can take out D. §, and use A’s public key E to decrypt to obtain P, thus proving that P was sent by A. If B tampered with message P, when A asks B to show the original D. §, B cannot take it out.

In fact, the above process is very simple:

1. If A wants to send a message to B, AB first needs to exchange public keys. If A's public key and private key pair are Pa and Ka, B's public key and private key pair are Pb and Kb.
2. A signs the message with Ka to form Da§
3. A encrypts Da§ with B's public key Pb to form Pb (Data (P))
4. After receiving it, B first uses his own private key Kb to decrypt Da. §
5. B uses A’s public key Pa to decrypt the ciphertext and obtain the plaintext P.

However, such a signature mechanism will have a performance problem. In practice, it is too inefficient to use public key cryptography algorithms for long file signatures. In order to save time, digital signature protocols are often used together with the one-way Hash function, that is, the entire file is not signed, but only the Hash value of the file is signed. Based on message digest, the calculation speed of digital signature is greatly improved. In addition, the protocol has other advantages: First, signatures and documents can be saved separately. Secondly, the recipient's storage requirements for files and signatures are greatly reduced. File systems can use this type of protocol to verify the existence of files without saving their contents. The user passes the hash value of the file to the database, and the database timestamps and saves it. If there is a dispute about the existence of a file, the database can resolve the dispute by finding the hash value of the file.

RSA combined with MD5 digital signature

As mentioned earlier, RSA public key encryption technology itself can be used to implement digital signatures. However, only using the public key encryption algorithm to perform digital signatures requires a large amount of calculations, especially when the amount of information to be transmitted is relatively large, the speed will be even slower. Obviously, directly using this method for digital signature is not a good choice.

The hashing algorithm (for example, MD5 algorithm) has very good properties. It can generate different, unique, and short message digests for each message of different lengths. This message digest can be viewed as a unique "fingerprint" of the message, making it ideal for use as a digital signature.

By hashing the original data with a hashing algorithm, and then performing public key encryption on the hash code, digital signatures can be well realized. Its characteristics are: it represents the characteristics of the file and is unique. As long as even one bit of data in the file changes, or there is any difference between the signers, the value of the digital signature will also change accordingly; different files and signers will get different digital signatures.

The main process of combining RSA with MD5 digital signature is: the sender of the information generates a message digest by hashing the information, and then the sender encrypts the message digest with its own private key to form the sender's digital signature. This digital signature is then sent as an attachment to the message to the recipient of the message. After receiving the information, the receiver first performs the same hash operation on the received information as the sender to obtain a message digest, and then uses the sender's public key to decrypt the digital signature attached to the information to obtain the sender's calculated hash code. If the two hash codes are the same, the receiver can confirm that the message and digital signature were sent by the sender. Through digital signatures, the integrity of the original information can be identified and the non-repudiation of the information sent by the sender can be achieved.

Let's take an example to take a look at the specific steps of combining RSA with MD5 digital signature:
(1) The information sender A wants to send a message to B. A first hashes the message according to the hash algorithm agreed by both parties, and gets A message digest H unique to the message. From the above, we can know that as long as any bit in the message is changed, the recalculated message digest value will not match the original value. This ensures the immutability of the information.
(2) Then encrypt the message digest with A's own private key to obtain A's digital signature S for the message.
(3) Then A sends the original message and the digital signature S to B.
(4) When B receives it, he first uses A's public key to decrypt the digital signature S to obtain A's message digest H.
(5) Then use the same hash algorithm to hash the received information to obtain the message digest H'.
(6) Compare H and H'. If they are equal, it means that the information does come from its purported sender A.
During the transmission process, if an attacker tampered with the file, he does not know the private key of the sender. Therefore, the digital signature H decrypted by the receiver must be different from the calculated digital signature H'. This provides a secure way to confirm the identity of the sender.

Of course, in the above example, the transmitted information appears in clear text and has no confidentiality significance. In practical applications, it is also necessary to apply appropriate confidentiality measures to the information itself.

So we also need to add the encryption and decryption process. The complete process is as follows:
Suppose a user A wants to send an encrypted email to another user B. Then the encryption principle is shown in the figure below:

This flow chart refers to the principle of PGP encryption. The process is described below:

(1) First, user A uses the MD5 hash algorithm to calculate the email P to be sent, and generates a 128-bit message digest. With this message digest, it can be verified whether the email information is complete and has not been tampered with.
(2) Then use the RSA algorithm to encrypt the message digest using A's private key SKA to generate the ciphertext H of the message digest. The email P and the encrypted email message digest H together form a new message P1, and then ZIP compression is performed on P1 to become a compressed
message P1.Z.
(3) Then use the IDEA algorithm to encrypt P1.Z. This time the encryption uses a one-time key K, and K must be encrypted by the RSA algorithm using the public key PKB of the other party B in the communication, and the encrypted message Together with P2, it is encoded by BASE64 to obtain a series of ASCII codes, which are sent to the network as email content.

After user B receives the encrypted email from A, he performs the decryption process: contrary to the encryption process, he first decodes the email content with BASE64, and then uses his own secret key SKB to solve the IDEA key K through the RSA algorithm. Then use this key to restore P1.Z, decompress P1.Z and restore P1. Then separate the plain text P and the ciphertext H of the email message digest, and use A's public key PKA to decrypt H to obtain the real email message digest. Then B himself also uses the MD5 algorithm to operate on the email plaintext P to generate a 128-bit message digest. Compare whether the two digests are consistent. If they are consistent, it means that P is an email sent by A. As can be seen from the above communication process, PGP can not only ensure that the email is not stolen by a third party, but also prevent the sender from denying it and the letter from being tampered with on the way.

To summarize this process, the sender generates a digest through MD5 -> uses the private key to generate a signature from the digest -> encrypts the signature. This is also the encryption scheme used by users and merchants during the WeChat payment process.

PGP explanation

What needs to be noted here is that PGP (Pretty Good Privacy) is an email encryption scheme proposed by American Phil Zimmermann in 1995. It can be used to encrypt emails to prevent unauthorized persons from reading them, and can also add digital signatures to emails so that the recipient can confirm that the email was actually sent by the sender. PGP is not a new encryption algorithm or protocol. It uses a variety of encryption algorithms. For example, the IDEA algorithm is used to encrypt email content, the RSA public key encryption algorithm is used to encrypt information, and the message digest algorithm is used for digital signatures. , a set of software that performs email encryption by performing compression processing and other technical means before encryption. By combining these encryption methods, the good encryption effect of the RSA public key encryption system and the high speed of the symmetric key encryption system are combined, and through the ingenious design of the digital signature and key authentication management mechanism, PGP becomes an excellent of powerful data encryption procedures.

Key management system

We can refer to the key management system of PGP to explain. What is the key management system of PGP?
In the process of PGP encrypted communication, the key undoubtedly plays the most critical role. A mature encryption system must have a mature key management mechanism to match it. PGP also proposes a set of distribution, use, and management solutions for key management.

The public key encryption system itself was proposed to solve the problem of difficulty in keeping secret the key distribution in the symmetric key encryption system. For example, one of the common methods used by attackers is "eavesdropping". If the key is transmitted through the network, it can be easily intercepted. PGP uses public keys for encryption, and the public keys are inherently public, so there is no problem of being eavesdropped. However, there are still security risks during the release process of public keys. For example, if the public key is illegally tampered with, this is a major security risk in the public key cryptography system, because it is difficult for ordinary users to detect it.

For example, if user A wants to send an encrypted email to user B, then A must have B's public key. So A finds B's public key from the public directory, uses it to encrypt the email and sends it to B. This is a normal process.

However, an attack may occur in this process: neither A nor B knows that another user C replaced B's public key with the public key in the key generated by himself pretending to be B's name!

Then the public key used by A to send letters is not B's but C's public key. However, everything seems normal, because the user name of the public key obtained by A is B. So C can use the private key in his hand to decrypt the email sent by A to B. He can even use B's real public key to forward the letter sent by A to B. In this way, neither A nor B will find anything abnormal, and All their communications were leaked. Even if C wants to change the email sent by A to B, there will be no problem.

Moreover, C can also forge B's signature to send information to A or others. Because the public key in the hands of A and others is forged by C, A and others can decrypt the forged signature normally and think it really comes from B. information.

To prevent this, you must prevent anyone from forging anyone else's public key. For example, if the communicating parties meet directly and exchange keys, they can avoid obtaining forged public keys. However, when the two parties are far apart or it is inconvenient to meet directly, it is difficult to directly exchange keys. In this case, PGP solves this problem through a public key introduction mechanism.

Continuing the above example: If A and B have a common friend D, and D knows that B's public key in his hand is correct (assuming that D has authenticated B's public key). In this way, D can use his own private key to sign B's public key, indicating that he guarantees that this public key is B's real public key and sends it to A. Then A uses D's public key to verify B's public key sent to A by D. Similarly, D can also guarantee A's public key to B. In this way, D becomes the public key introducer between A and B.

In this way, B or D can safely list B's public key signed by D into the public directory for A to read. No one can forge B's public key without being discovered by A. This is PGP's secure means of delivering public keys over the unsecured Internet.

However, how to confirm the security and reliability of D's public key? In this case, PGP recommends that a generally
trusted person or authority act as the certification authority. Every public key signed by an authoritative certification authority is considered authentic, so everyone only needs to have a copy of the certification authority's public key. Since certification agencies widely provide public key services, their public keys are widely circulated and it is difficult to counterfeit their public keys, so it is also very convenient to certify their public keys.

When using keys in PGP, please note that before using any public key, you must first authenticate it. Under no circumstances should you directly trust a public key obtained from a public source. Instead, use a public key introduced by a trusted person, or authenticate yourself and the other party in person.

So to sum it up: a certificate authority is required to issue certificates, such as a CA certificate authority.

Summarize

At this point, the entire information security technology, key management, signature, authentication and other concepts have been explained very clearly. If you understand this article, then the security certification process of the entire information system will be easier to understand, including the serial number, private key, merchant platform certificate and other concepts in the WeChat payment module to be mentioned later. After understanding this, let's take a look at how the WeChat payment platform achieves security authentication, and how the code implements the PGP process we just mentioned during the payment and refund process.