Asymmetric encryption related infrastructure

Others 2019-06-24 21:08:19 views: null

A recent project to use digital certificates for encryption, so some of this to learn about. Binary bit string of public and private keys are of fixed length (e.g., currently used RSA public and private key length of 1024 bits), in terms of their nature, they can encryption, but depending on how people use them were distinction, some called the private key, and some called the public key.

Further, depending on the use of public and private key, in which management data encryption and signatures are not the same.

(1) a digital signature
a user has a digital certificate (signed certificate), which includes a pair of keys (public and private), a private key for signing public key is used to verify the signature. If the attacker knows the private key, you can use your private key forge your signature, so the higher the private key security requirements, does not allow backup (including CA center), while the private key is lost, only to re-generate the secret key pair, the public key can be used to back up the old signature is verified. In addition, users can generate their own key pair, can be submitted to the CA center at the time of registration certificates.

(2) encryption and decryption
a user has a digital certificate (encrypted certificate), which also includes a pair of keys (public and private), the private key is used to decrypt the information, the public key used to encrypt information. When the user A to user B transmission data, other than the user A band manner (e.g., from the CA center) obtains the public key of user B, and use it to encrypt data transmitted encrypted to the user B, user B after receiving the private key decryption. To back up the private key encryption and decryption. Otherwise, when the private key is lost, previously encrypted data can not be decrypted. In addition, the key can only be generated by the CA center at the time of registration, this is the cause of national security policy, all countries must be able to decrypt the encrypted information for each user.

Note: The encryption certificate and signature certificate although the same in nature (the same way to generate the key pair and results, that is the same from the point of view of mathematical algorithms), but because of its different uses leads to different security policies, so you can not mix .

Reproduced in: https: //www.cnblogs.com/baoposhou/archive/2007/08/31/877813.html

Guess you like

Origin blog.csdn.net/weixin_33953384/article/details/93320736
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com