非对称加密 密码传输_密码学:对称与非对称加密

非对称加密 密码传输

Before the modern age of cryptography, where the focus has expanded from the confidentiality of messages to encompass identity authentication, integrity checking, and more, the field mainly revolved around lexicographical and linguistic patterns.

在密码学的现代时代之前,其重点已从消息的机密性扩展到涵盖身份认证,完整性检查等,该领域主要围绕着词典学和语言学模式。

With the addition of digital computers and the beginnings of the extensive use of mathematic theory and computer science practices in cryptography, the ability to “crack” complex encryption algorithms increased, but along with it, the speed at which increasingly complicated, computationally secure (albeit, theoretically breakable) encrypting mechanisms could be created.

随着数字计算机的增加以及在密码术中广泛使用数学理论和计算机科学实践的开始,“破解”复杂加密算法的能力有所提高,但随之而来的是速度越来越复杂,计算安全(尽管,理论上可以打破的)加密机制可以被创建。

Here, we’ll take a look at the two kinds of cryptosystems: symmetric and asymmetric.

在这里,我们将研究两种密码系统:对称和非对称。

一些基本的密码学术语 (SOME BASIC CRYPTOGRAPHY TERMINOLOGY)

Key — A “variable value” that is applied to some unencrypted message, using an algorithm (cipher), in order to encrypt it. Or applied to an encrypted message, in order to decrypt it.

密钥 —一种“变量值”,它使用一种算法(密码)应用于一些未加密的消息,以便对其进行加密。 或应用于加密的消息,以便对其解密。

The key is meant to be kept secret and should only be known by the sender and recipient of the message. This way if the message were to be captured by any outsider participant, it would read as nonsense and should provide no useful information.

密钥应保密,并且仅应由消息的发送者和接收者知道。 这样,如果该消息将被任何外部参与者捕获,它将被视为无稽之谈,并且不应提供有用的信息。

Plaintext — Unencrypted information. Usually, but not always, awaiting input into an encryption algorithm.

纯文本—未加密的信息。 通常但并非总是如此,等待输入加密算法。

Cyphertext — The result of the encryption of plaintext. Unreadable by a human or computer alike, without the proper decryption algorithm.

密文-加密明文的结果。 没有适当的解密算法,人或计算机都无法读取。

Cipher — An algorithm. It is used to perform encryption on plaintext, decryption on cyphertext, or can be used to do both. Ciphers can be categorized as “procedures” of sorts, series of detail defined steps that can be followed. The way in which the cipher operates will depend on the key selected, which acts as the auxiliary information. So, a key must be chosen before a cipher can be used to encrypt a message.

密码-一种算法。 它用于对明文执行加密,对密文进行解密,或者可以同时使用两者。 密码可以归类为“程序”,可以遵循一系列详细定义的步骤。 密码的操作方式取决于所选的密钥,该密钥用作辅助信息。 因此,必须先选择密钥,然后才能使用密码来加密消息。

Cryptanalysis — In short, the study of decrypting messages (“cracking the code” of the encryption algorithms) without access to the key that was designed to do so.

密码分析 —简而言之,是在不访问旨在为此目的设计的密钥的情况下,对消息进行解密(“解密加密算法的代码”)的研究。

— — — — — — — — — — — — — — — — — — — — — — — — — —

— — — — — — — — — — — — — — — — — — — — — — — — — — — —

铸造电话 (CASTING CALL)

For the sake of the rest of the article I will introduce you now to three commonly used players in the game of cryptography:

为了本文的其余部分,我现在将向您介绍密码学游戏中的三个常用玩家:

《非对称加密 密码传输_密码学:对称与非对称加密》

  • Alice (‘A’), who we cast the part of our sender. She wishes to relay some message or data to another party.

    爱丽丝(‘A’) ,我们强制发送者。 她希望将某些消息或数据转发给另一方。

  • Bob (‘B’) the intended recipient of the sent information. He plays the part of Alice’s confidant.

    Bob(‘B’)发送信息的预期收件人。 他扮演爱丽丝的知己。

  • Eve (‘E’), our deceptively nicknamed, “passive” attacker. Short for Eavesdropper, this antagonist can listen in on the exchanges between Alice and Bob but cannot modify their messages as they are being sent back and forth. Their goal would simply be to successfully decrypt an overheard message. (This is different from a Mallory (‘M’), an “active” attacker, who can intercept and directly alter or substitute out a sent message before the second party ever receives it. Mallory participants in the game present more challenging obstacles to creating a safely secured system than Eves do.)

    夏娃(‘E’) ,我们被戏称为“被动”的攻击者。 该对抗者是窃听者的简称,可以侦听爱丽丝和鲍勃之间的往来,但不能在来回发送消息时修改其消息。 他们的目标只是简单地成功解密被窃听的消息。 (这不同于“主动”攻击者Mallory(‘M’),后者可以在第二方收到消息之前拦截并直接更改或替换已发送的消息。游戏中的Mallory参与者在创建游戏时遇到了更具挑战性的障碍比伊夫斯更安全的系统。)

These are short explanations of only a few characters. Four, of the dozens of conventional archetypes, used to aid in comprehension in discussions of cryptology, as well as other science and engineering texts, and (for “Alice” and “Bob” at least) even in game theory and physics thought experiments.

这些是仅几个字符的简短说明。 在数十种常规原型中,有四种用于帮助理解密码学以及其他科学和工程学文本,甚至在博弈论和物理思维实验中(至少对于“爱丽丝”和“鲍勃”而言)。

With the basic definitions provided, and the roles handed out, let’s set the stage to illustrate our two types of cryptosystems.

通过提供的基本定义和角色,让我们为演示两种类型的密码系统奠定基础。

对称加密 (SYMMETRICAL ENCRYPTION)

The only type of encryption publically recognized until the late 70s, symmetric key ciphers will either be of the block or stream variety.

对称密钥密码直到70年代末才是公开公认的唯一加密类型,它将是块或流形式的。

  • Stream Ciphers — encrypt the letters or digits (usually bytes) of a message one at a time.

    流密码-一次加密一条消息的字母或数字(通常是字节)。

  • Block Ciphers — gather some number of bits and then encrypt them as one single unit. Then pad the plaintext, making it a multiple of the block size (64-bit blocks were regularly used).

    块密码-收集一定数量的位,然后将它们加密为一个单元。 然后填充明文,使其成为块大小的倍数(定期使用64位块)。

Symmetrical encryption involves one singular key, for both encrypting and decrypting the message. This means the sender and recipient must have the same key available to them.

对称加密涉及一个唯一密钥,用于对消息进行加密和解密。 这意味着发件人和收件人必须具有可用的相同密钥。

《非对称加密 密码传输_密码学:对称与非对称加密》

它是如何工作的? (How Does It Work?)

It’s really as simple as:

真的很简单:

  • Alice uses her private key to encrypt the message she intends to send.

    爱丽丝使用她的私钥来加密她打算发送的消息。

  • She then passes that encrypted message along to Bob.

    然后,她将该加密消息传递给Bob。

  • When Bob receives the encrypted messaged he proceeds to decrypt it, with the same private key that Alice used.

    当鲍勃收到加密的消息时,他将使用爱丽丝使用的相同私钥对它进行解密。

Easy as that, one key — two (or possibly more) people.

如此简单,一键-两个(或可能更多)人。

Well…hold on. Addressing the question “How can Bob have the same private key as Alice?” leads us to the central, and major, flaw in the Symmetrical scheme. In order for Alice and Bob to have the same private key, it has to be handed off at some point between them, which opens the door for an Eve, or even a Mallory, to intercept the key and effectively render it useless in securing their communication of information.

好吧…等等。 解决“ Bob如何拥有与Alice相同的私钥?”这一问题。 导致我们发现对称方案的主要缺陷。 为了使Alice和Bob拥有相同的私钥,必须在它们之间的某个点将其移交,这为Eve甚至Mallory开门,以截取该密钥并有效地使其失去保护其安全性的作用。信息交流。

不对称加密 (ASYMMETRICAL ENCRYPTION)

Also known as public-key cryptography, this is the much newer adaptation to the age-old symmetrical type above. The process here requires not the use of two identical keys, but for each party (sender and recipient) to have their own set of individual keys. (This makes the initial sharing of private keys unnecessary and eliminates the added risk associated with symmetrical.)

也称为公钥密码术 ,这是对上面古老的对称类型的更新得多。 这里的过程不需要使用两个相同的密钥,而是使每一方(发送方和接收方)都有自己的一组独立密钥。 (这使得不需要私钥的初始共享,并且消除了对称带来的额外风险。)

The first key is still referred to as the “private key”, but in this case is unique to the holder and must now be kept completely secret (even from the other party, sender or recipient). The second is called the “public key” and can be distributed freely, as it is not responsible for decryption (only encryption). These two keys are different, while still related mathematically, which means it is not meant to ever be possible for one key to be calculated based on knowledge of the other.

第一个密钥仍称为“ 私钥 ”,但在这种情况下,对所有者而言是唯一的,并且现在必须完全保密(即使是来自另一方,发送者或接收者)。 第二个称为“ 公钥 ”,由于它不负责解密(仅加密),因此可以自由分发。 这两个密钥是不同的,尽管在数学上仍然相关,这意味着永远不可能基于另一个的知识来计算一个密钥。

《非对称加密 密码传输_密码学:对称与非对称加密》

它是如何工作的? (How Does It Work?)

A slightly more complicated process:

稍微复杂一点的过程:

  • Alice and Bob both generate a public and private key for themselves (they use the RSA algorithm)

    爱丽丝(Alice)和鲍勃(Bob)都为自己生成一个公钥和私钥(它们使用RSA算法)

  • Alice sends Bob her public key and Bob in turn sends Alice his public key. (Neither reveals their private key to anyone else.)

    爱丽丝向鲍勃发送她的公钥,而鲍勃又向艾丽斯发送他的公钥。 (都不会向其他任何人透露其私钥。)

  • Alice writes a message again, but this time encrypts it with Bob’s public key. She then sends the message along to Bob.

    爱丽丝再次写一条消息,但是这次用鲍勃的公钥加密了。 然后,她将消息发送给Bob。

  • When Bob receives the encrypted message, he uses his private key to decrypt it and reads the message Alice wrote.

    当鲍勃收到加密的消息时,他使用他的私钥对其解密并读取爱丽丝写的消息。

两者之间 (Between The Two)

  • Data manipulation in symmetrical encryption is much faster than in asymmetrical because it utilizes only one key and because the lengths of the keys used are usually shorter.

    对称加密中的数据处理比非对称加密中的数据处理要快得多,因为它仅使用一个密钥,并且因为所用密钥的长度通常较短。

  • Asymmetrical encryption is hardly ever used to directly encrypt large amounts of data, unlike symmetric; it increases the size of the cryptogram and can leave the data to take up more space in storage or more time to move. For decryption especially, the performance to security ratio with the asymmetric scheme is typically less impressive than in the symmetric scheme. As security increases, the efficiency of decryption decreases.

    与对称加密不同,几乎不使用非对称加密来直接加密大量数据。 它增加了密码的大小,并可能使数据占用更多的存储空间或更多的移动时间。 特别是对于解密而言,非对称方案的性能与安全比通常不如对称方案令人印象深刻。 随着安全性的提高,解密效率降低。

  • Most public-key algorithms involve more computationally expensive operations (exponentiation, for example).

    大多数公钥算法都涉及计算量更大的操作(例如,取幂)。

Given what we know about both, the obvious pros and cons of each scheme, it seems like symmetrical appears “better” in most categories, with the exception of its glaring “sharing the key” flaw.

鉴于我们对每种方案都有明显的优缺点的了解,在大多数类别中,对称看起来似乎“更好”,但其明显的“共享关键”缺陷除外。

………………………………………………………

…………………………………………………………

进入混合密码系统 ,在左级。 (Enter, stage left, the hybrid cryptosystem.)

A combination of any data encapsulation scheme (a symmetric-key cryptosystem), which supplies the efficiency, and any key encapsulation scheme (an asymmetric-key cryptosystem), which provides the convenience.

提供效率的任何数据封装方案(对称密钥密码系统)和提供便利的任何密钥封装方案(非对称密钥密码系统)的组合。

A simple example of a hybrid implementation:

混合实现的一个简单示例:

  • A symmetric-key encryption algorithm of high quality is applied to the message.

    高质量的对称密钥加密算法应用于该消息。

  • The symmetric key itself is then encrypted using a public-key algorithm.

    然后使用公钥算法对对称密钥本身进行加密。

  • The encrypted symmetric key is sent along with the message.

    加密的对称密钥与消息一起发送。

KEY POINT: Essentially all practical asymmetric schemes in effect today employ some version of a hybrid system optimization.

要点:基本上,目前有效的所有实用非对称方案都采用某种形式的混合系统优化。

感谢您的阅读! (Thank you for reading!)

翻译自: https://levelup.gitconnected.com/cryptography-symmetric-vs-asymmetric-encryption-db36277c8329

非对称加密 密码传输

    原文作者:weixin_26722031
    原文地址: https://blog.csdn.net/weixin_26722031/article/details/108136045
    本文转自网络文章,转载此文章仅为分享知识,如有侵权,请联系博主进行删除。
点赞