非对称加密 密码传输_密码学:对称与非对称加密

非对称加密 密码传输

Before the modern age of cryptography, where the focus has expanded from the confidentiality of messages to encompass identity authentication, integrity checking, and more, the field mainly revolved around lexicographical and linguistic patterns.


With the addition of digital computers and the beginnings of the extensive use of mathematic theory and computer science practices in cryptography, the ability to “crack” complex encryption algorithms increased, but along with it, the speed at which increasingly complicated, computationally secure (albeit, theoretically breakable) encrypting mechanisms could be created.


Here, we’ll take a look at the two kinds of cryptosystems: symmetric and asymmetric.



Key — A “variable value” that is applied to some unencrypted message, using an algorithm (cipher), in order to encrypt it. Or applied to an encrypted message, in order to decrypt it.

密钥 —一种“变量值”,它使用一种算法(密码)应用于一些未加密的消息,以便对其进行加密。 或应用于加密的消息,以便对其解密。

The key is meant to be kept secret and should only be known by the sender and recipient of the message. This way if the message were to be captured by any outsider participant, it would read as nonsense and should provide no useful information.

密钥应保密,并且仅应由消息的发送者和接收者知道。 这样,如果该消息将被任何外部参与者捕获,它将被视为无稽之谈,并且不应提供有用的信息。

Plaintext — Unencrypted information. Usually, but not always, awaiting input into an encryption algorithm.

纯文本—未加密的信息。 通常但并非总是如此,等待输入加密算法。

Cyphertext — The result of the encryption of plaintext. Unreadable by a human or computer alike, without the proper decryption algorithm.

密文-加密明文的结果。 没有适当的解密算法,人或计算机都无法读取。

Cipher — An algorithm. It is used to perform encryption on plaintext, decryption on cyphertext, or can be used to do both. Ciphers can be categorized as “procedures” of sorts, series of detail defined steps that can be followed. The way in which the cipher operates will depend on the key selected, which acts as the auxiliary information. So, a key must be chosen before a cipher can be used to encrypt a message.

密码-一种算法。 它用于对明文执行加密,对密文进行解密,或者可以同时使用两者。 密码可以归类为“程序”,可以遵循一系列详细定义的步骤。 密码的操作方式取决于所选的密钥,该密钥用作辅助信息。 因此,必须先选择密钥,然后才能使用密码来加密消息。

Cryptanalysis — In short, the study of decrypting messages (“cracking the code” of the encryption algorithms) without access to the key that was designed to do so.

密码分析 —简而言之,是在不访问旨在为此目的设计的密钥的情况下,对消息进行解密(“解密加密算法的代码”)的研究。

— — — — — — — — — — — — — — — — — — — — — — — — — —

— — — — — — — — — — — — — — — — — — — — — — — — — — — —


For the sake of the rest of the article I will introduce you now to three commonly used players in the game of cryptography:


《非对称加密 密码传输_密码学:对称与非对称加密》

  • Alice (‘A’), who we cast the part of our sender. She wishes to relay some message or data to another party.

    爱丽丝(‘A’) ,我们强制发送者。 她希望将某些消息或数据转发给另一方。

  • Bob (‘B’) the intended recipient of the sent information. He plays the part of Alice’s confidant.

    Bob(‘B’)发送信息的预期收件人。 他扮演爱丽丝的知己。

  • Eve (‘E’), our deceptively nicknamed, “passive” attacker. Short for Eavesdropper, this antagonist can listen in on the exchanges between Alice and Bob but cannot modify their messages as they are being sent back and forth. Their goal would simply be to successfully decrypt an overheard message. (This is different from a Mallory (‘M’), an “active” attacker, who can intercept and directly alter or substitute out a sent message before the second party ever receives it. Mallory participants in the game present more challenging obstacles to creating a safely secured system than Eves do.)

    夏娃(‘E’) ,我们被戏称为“被动”的攻击者。 该对抗者是窃听者的简称,可以侦听爱丽丝和鲍勃之间的往来,但不能在来回发送消息时修改其消息。 他们的目标只是简单地成功解密被窃听的消息。 (这不同于“主动”攻击者Mallory(‘M’),后者可以在第二方收到消息之前拦截并直接更改或替换已发送的消息。游戏中的Mallory参与者在创建游戏时遇到了更具挑战性的障碍比伊夫斯更安全的系统。)

These are short explanations of only a few characters. Four, of the dozens of conventional archetypes, used to aid in comprehension in discussions of cryptology, as well as other science and engineering texts, and (for “Alice” and “Bob” at least) even in game theory and physics thought experiments.

这些是仅几个字符的简短说明。 在数十种常规原型中,有四种用于帮助理解密码学以及其他科学和工程学文本,甚至在博弈论和物理思维实验中(至少对于“爱丽丝”和“鲍勃”而言)。

With the basic definitions provided, and the roles handed out, let’s set the stage to illustrate our two types of cryptosystems.



The only type of encryption publically recognized until the late 70s, symmetric key ciphers will either be of the block or stream variety.


  • Stream Ciphers — encrypt the letters or digits (usually bytes) of a message one at a time.


  • Block Ciphers — gather some number of bits and then encrypt them as one single unit. Then pad the plaintext, making it a multiple of the block size (64-bit blocks were regularly used).

    块密码-收集一定数量的位,然后将它们加密为一个单元。 然后填充明文,使其成为块大小的倍数(定期使用64位块)。

Symmetrical encryption involves one singular key, for both encrypting and decrypting the message. This means the sender and recipient must have the same key available to them.

对称加密涉及一个唯一密钥,用于对消息进行加密和解密。 这意味着发件人和收件人必须具有可用的相同密钥。

《非对称加密 密码传输_密码学:对称与非对称加密》

它是如何工作的? (How Does It Work?)

It’s really as simple as:


  • Alice uses her private key to encrypt the message she intends to send.


  • She then passes that encrypted message along to Bob.


  • When Bob receives the encrypted messaged he proceeds to decrypt it, with the same private key that Alice used.


Easy as that, one key — two (or possibly more) people.


Well…hold on. Addressing the question “How can Bob have the same private key as Alice?” leads us to the central, and major, flaw in the Symmetrical scheme. In order for Alice and Bob to have the same private key, it has to be handed off at some point between them, which opens the door for an Eve, or even a Mallory, to intercept the key and effectively render it useless in securing their communication of information.

好吧…等等。 解决“ Bob如何拥有与Alice相同的私钥?”这一问题。 导致我们发现对称方案的主要缺陷。 为了使Alice和Bob拥有相同的私钥,必须在它们之间的某个点将其移交,这为Eve甚至Mallory开门,以截取该密钥并有效地使其失去保护其安全性的作用。信息交流。


Also known as public-key cryptography, this is the much newer adaptation to the age-old symmetrical type above. The process here requires not the use of two identical keys, but for each party (sender and recipient) to have their own set of individual keys. (This makes the initial sharing of private keys unnecessary and eliminates the added risk associated with symmetrical.)

也称为公钥密码术 ,这是对上面古老的对称类型的更新得多。 这里的过程不需要使用两个相同的密钥,而是使每一方(发送方和接收方)都有自己的一组独立密钥。 (这使得不需要私钥的初始共享,并且消除了对称带来的额外风险。)

The first key is still referred to as the “private key”, but in this case is unique to the holder and must now be kept completely secret (even from the other party, sender or recipient). The second is called the “public key” and can be distributed freely, as it is not responsible for decryption (only encryption). These two keys are different, while still related mathematically, which means it is not meant to ever be possible for one key to be calculated based on knowledge of the other.

第一个密钥仍称为“ 私钥 ”,但在这种情况下,对所有者而言是唯一的,并且现在必须完全保密(即使是来自另一方,发送者或接收者)。 第二个称为“ 公钥 ”,由于它不负责解密(仅加密),因此可以自由分发。 这两个密钥是不同的,尽管在数学上仍然相关,这意味着永远不可能基于另一个的知识来计算一个密钥。

《非对称加密 密码传输_密码学:对称与非对称加密》

它是如何工作的? (How Does It Work?)

A slightly more complicated process:


  • Alice and Bob both generate a public and private key for themselves (they use the RSA algorithm)


  • Alice sends Bob her public key and Bob in turn sends Alice his public key. (Neither reveals their private key to anyone else.)

    爱丽丝向鲍勃发送她的公钥,而鲍勃又向艾丽斯发送他的公钥。 (都不会向其他任何人透露其私钥。)

  • Alice writes a message again, but this time encrypts it with Bob’s public key. She then sends the message along to Bob.

    爱丽丝再次写一条消息,但是这次用鲍勃的公钥加密了。 然后,她将消息发送给Bob。

  • When Bob receives the encrypted message, he uses his private key to decrypt it and reads the message Alice wrote.


两者之间 (Between The Two)

  • Data manipulation in symmetrical encryption is much faster than in asymmetrical because it utilizes only one key and because the lengths of the keys used are usually shorter.


  • Asymmetrical encryption is hardly ever used to directly encrypt large amounts of data, unlike symmetric; it increases the size of the cryptogram and can leave the data to take up more space in storage or more time to move. For decryption especially, the performance to security ratio with the asymmetric scheme is typically less impressive than in the symmetric scheme. As security increases, the efficiency of decryption decreases.

    与对称加密不同,几乎不使用非对称加密来直接加密大量数据。 它增加了密码的大小,并可能使数据占用更多的存储空间或更多的移动时间。 特别是对于解密而言,非对称方案的性能与安全比通常不如对称方案令人印象深刻。 随着安全性的提高,解密效率降低。

  • Most public-key algorithms involve more computationally expensive operations (exponentiation, for example).


Given what we know about both, the obvious pros and cons of each scheme, it seems like symmetrical appears “better” in most categories, with the exception of its glaring “sharing the key” flaw.




进入混合密码系统 ,在左级。 (Enter, stage left, the hybrid cryptosystem.)

A combination of any data encapsulation scheme (a symmetric-key cryptosystem), which supplies the efficiency, and any key encapsulation scheme (an asymmetric-key cryptosystem), which provides the convenience.


A simple example of a hybrid implementation:


  • A symmetric-key encryption algorithm of high quality is applied to the message.


  • The symmetric key itself is then encrypted using a public-key algorithm.


  • The encrypted symmetric key is sent along with the message.


KEY POINT: Essentially all practical asymmetric schemes in effect today employ some version of a hybrid system optimization.


感谢您的阅读! (Thank you for reading!)

翻译自: https://levelup.gitconnected.com/cryptography-symmetric-vs-asymmetric-encryption-db36277c8329

非对称加密 密码传输

    原文地址: https://blog.csdn.net/weixin_26722031/article/details/108136045