The idea of public key cryptosystem proposed by 1976 is different from the traditional symmetric key cryptosystem, which requires that keys appear in pairs, one is encryption key (e) and the other is decryption key (d), and it is impossible to deduce the other from one of them. Since 1976, a variety of public key cryptography algorithms have been proposed, many of which are unsafe, some are considered safe, and many are not practical. They are either too big keys or the ciphertext expansion is very serious. The security foundation of most cryptographic algorithms is based on some mathematical problems, which experts believe cannot be solved in a short time. Because some problems (such as factorization) have a history of thousands of years.
Public key encryption algorithm, also known as asymmetric key algorithm, uses two pairs of keys: a public key and a private key. Users should ensure the security of private keys; The public key can be released. Public key is closely related to private key, and information encrypted with public key can only be decrypted with private key, and vice versa. Because the public key algorithm does not need an online key server and the key distribution protocol is simple, the key management is greatly simplified. In addition to the encryption function, the public key system can also provide digital signatures.
RSA is the most widely used public key encryption algorithm. RSA uses two keys, a public key and a private key. If one is used for encryption, the other can be used for decryption. The length of the key varies from 40 to 2048 bits. When encrypting, the plaintext is also divided into blocks, and the size of the blocks can be changed, but it cannot exceed the length of the key. RSA algorithm converts each plaintext into ciphertext blocks with the same key length. The longer the key, the better the encryption effect, but the overhead of encryption and decryption is also large, so to compromise between security and performance, generally 64 bits is more appropriate. A well-known application of RSA is SSL, which uses 128-bit RSA algorithm in the United States and Canada. Due to export restrictions, other regions (including China) usually use the 40-bit version.
The initial idea and goal of RSA algorithm development is to make the Internet safe and reliable, aiming at solving the problem of DES algorithm key transmission and distribution through open channels. The actual results not only solve this problem well; RSA can also be used to complete the digital signature of messages to resist the denial and negation of messages. At the same time, using digital signature can easily find the attacker's illegal tampering with the message, thus protecting the integrity of data information. The advantage of public key is that you may not know an entity, but as long as your server thinks the CA of this entity is reliable, you can communicate securely, which is exactly what Web commerce requires. Such as credit card shopping. The service provider can authorize its own resources according to the reliability of the issuer of the customer CA. At present, there is no CA that can be widely trusted at home and abroad. The products of American Natescape Company support public keys, but Natescape Company is the CA. It is unthinkable for foreign companies to act as CA in China.
The processing speed of public key scheme is slower than that of secret key scheme, so public key and secret key technology are usually combined to achieve the best performance. That is, the private key is transmitted between the two parties by using public key technology, and the actual transmitted data is encrypted and decrypted by using the private key. In addition, public key encryption is also used to encrypt private keys.
Among these safe and practical algorithms, some are suitable for key distribution, some can be used as encryption algorithms, and some are only used for digital signature. Most algorithms need a lot of operations, so the implementation speed is very slow and cannot be used for fast data encryption. The following will introduce a typical public key cryptography algorithm-RSA.
RSA algorithm completes the digital signature of the message well, and resists the denial and denial of data. Using digital signature, it is easy to find the attacker's illegal tampering with the message, thus protecting the integrity of data information. So far, many encryption technologies have adopted RSA algorithm, such as PGP(PrettyGoodPrivacy) encryption system, which is a tool software that can be used to encrypt and decrypt files or digitally sign files after being registered in a certification center. PGP adopts RSA algorithm. It can be seen that RSA has a good application.