Check the information, I noticed a lot of people have doubts, in the end which is a public and private key used to encrypt, which is used to decrypt and whether the public key encryption private key to decrypt, but also can encrypt a private key public key to decrypt it? To solve this problem, they say under their own understanding.
We must first clear two questions: (1) either public key encryption to decrypt the private key can be decrypted private key encryption public key; (2) encryption and decryption and signature verification are two different concepts.
(A) First is encryption and decryption: the need to use both public and private key encryption algorithm asymmetric encryption, the most common is RSA.
Examples of asymmetric encryption: all by yourself if A wants to send a secret message B, only need to create a public key B (box) and private key (key), the box can be freely distributed, but only B key, when when a wants to send a message to B, just need information (paper) by the public key encryption B (locked into the box), and then decrypted by B using the private key (key) (open box), can a get information sent. At this point if you wish to capture information C, but because there is no private key of B, C even got the information can not be decrypted (box not only key), thus ensuring the security of the data.
Then B whether information private key encryption, and then use the public key to decrypt A message? In principle, yes. Asymmetric keys can be used for two-way encryption and decryption. But why do not we use it so, well understood, because the so-called public key, is public, a person has more than A, so while A can correctly read information, but others can decrypt the piece of information, which can not guarantee information security. But the signature verification is different.
(B) signature verification: is signed with the private key, be verified using the public key, private key in order to ensure that the information source is the owner.
Illustrate: A B want to make a confirmation message is sent by themselves, send their public key to B first, and then use their private key to sign the information and send B (such as a string X with A generating a private key to encrypt Y, X and Y, and information sent to B), with a's public key to verify the signature B received information, to obtain decrypted with the public key Z a, Y, if X = Z, then verification succeeds, the information was released by the a's.
(C) the last example Baidu Encyclopedia borrowed to illustrate encryption and signature combination of applications:
Now if Alice, in order to ensure confidentiality, authenticity, integrity and non-repudiation of information transfer, the need for information is transmitted digitally encrypted and signed to Bob transmit digital information, its transmission process is:
1.Alice ready to send digital information (plaintext);
2.Alice digital information is hashed to obtain a message digest;
3.Alice digitally using its own private signature obtained by encrypting the message digest Alice, and attach it to the digital information ;
4.Alice a randomly generated encryption key, and use this password to encrypt information to be transmitted to form the ciphertext;
5.Alice just encrypting the encryption key randomly generated by Bob's public key, the encrypted DES ; key transmitted together along with the ciphertext to Bob
encrypted 6.Bob received ciphertext transmitted Alice and the encrypted DES key with its private key to decrypt the encrypted DES key, randomly generated to obtain Alice key;
7.Bob then with random key to decrypt the received ciphertext, to obtain the plaintext digital information and then discard the random key;
8.Bob with Alice's public key Alice's digital signature is decrypted to obtain a summary of information;
9.Bob plaintext once again received hashed using the same hash algorithm, a new message digest;
summary of information received and will 10.Bob summary of new information generated by comparison, if the same, indicating that the information received has not been modified.
Asymmetric encryption algorithm is applied when the (four) Apple Developer Certificate Configuration
us when IOS developed during the configuration process of the certificate is actually using asymmetric encryption algorithms:
Before we configure the certificate, you need to generate the CSR on the keychain MAC (Certificate signing Requese) file that contains information about the identity of the developer and the developer public computer, while the private key is always stored in the MAC, the machine used for the signature of APP released
next upload the CSR file to APPLE DEVELOPER website, Apple will be signed (authorization) with Apple's private key to generate the certificate
we APP during packaging, developers will use the private key to sign the application
at the same time Apple is signing certificate (after Apple's private key signature and a developer containing the public key) will be included in the description file (Provisioning file), a copy application and is mounted to the IOS device
public key contained in the apple IOS device can verify the certificate to prove that the application has been Apple authorized
next IOS devices will be verified by APP's signature public key certificate developers
But I think Apple APP for signing and verifying more than that, because our previous APP exists a computer packed IPA use the same certificate posted after the IPA can not be used on another computer. If the signature verification is performed in the local IOS device, even if the certificate on the APPLE DEVELOPER changed, nor should it affect the use of APP. So I think Apple will also use local signature site's public key to verify the certificate when you open the APP, if it fails it will flash back.