非对称加密 公钥解密_了解非对称公钥加密

非对称加密 公钥解密

Asymmetric cryptography, also called public key cryptography, is an essential element of a secure cyberspace. However, understanding asymmetric cryptography can be challenging for people who are not familiar with computer science or cybersecurity principles. This article is written for the non-techie who wants to understand public key cryptography.

非对称密码学，也称为公共密钥密码学，是安全网络空间的基本要素。 但是，对于不熟悉计算机科学或网络安全原理的人来说，了解非对称密码可能会充满挑战。 本文是为想要了解公钥密码学的非技术人员撰写的。

对称密码学 (Symmetric Cryptography)

When two parties (two people, two computers, two companies, etc.) wish to communicate sensitive information with each other, they will need some way to hide that information as it travels from sender to receiver. One way is to take the original data, which we will call plaintext, and convert it into a message that cannot be understood, which we will call ciphertext. Some type of method is used to make this conversion. It can be as simple as a set of steps “switch the first letter of the word with the last letter of the word,” to a more complex mathematical formula. The process of changing the plaintext into the ciphertext is referred to as encryption.

当两方(两个人，两台计算机，两个公司等)希望彼此交流敏感信息时，当信息从发送者到接收者传播时，他们将需要某种隐藏信息的方法。 一种方法是获取原始数据，我们将其称为纯文本 ，并将其转换为无法理解的消息，我们将其称为密文 。 某些类型的方法用于进行此转换。 只需一系列步骤“将单词的第一个字母转换为单词的最后一个字母”，即可简化为更复杂的数学公式。 将明文更改为密文的过程称为加密。

Once the message has been received by the intended party, that party can convert the ciphertext back to plain text. They must know the original method used to encrypt the message, and then they can reverse the process. The process of changing the ciphertext back to plain text is called decryption.

预期的一方收到消息后，该一方可以将密文转换回纯文本。 他们必须知道用于加密消息的原始方法，然后他们才能逆转该过程。 将密文改回纯文本的过程称为解密 。

This process has been around for millennia. Generals going into a battle will know that they will need to communicate sensitive messages across distances. Before a battle, they may agree upon an algorithm for encryption and decryption. During the battle, one general may encrypt his future plans and then ask a courier (on foot, on a horse) to take this message to another general. If the courier is intercepted along the way, the enemy cannot make sense of the message.

这个过程已经存在了数千年。 将军们将参加战斗，他们将知道他们需要在远方交流敏感信息。 在战斗之前，他们可能会同意加密和解密的算法。 在战斗中，一位将军可以加密自己的未来计划，然后要求快递员(步行，骑马)将此信息传达给另一位将军。 如果快递员在途中被拦截，敌人将无法理解消息。

Modern computing has made the process of encryption and decryption more complicated, but also easier. Computers use set mathematical algorithms to encrypt data. These algorithms may be known to everyone interested in encrypting messages. A common one is AES (Advanced Encryption Standard), used by the United States Government.

现代计算使加密和解密过程更加复杂，但也更加容易。 计算机使用集合数学算法来加密数据。 对加密消息感兴趣的每个人都可能知道这些算法。 常见的一种是美国政府使用的AES(高级加密标准)。

These encryption algorithms incorporate a “key” when encrypting communications. This key is unique to each user, and therefore even if the encryption algorithm is the same, the output of encryption will be different for each user.

这些加密算法在加密通信时包含一个“密钥”。 该密钥对于每个用户都是唯一的，因此，即使加密算法相同，每个用户的加密输出也将不同。

This can look visually like this:

看起来像这样：

Rod’s Key + RSA Algorithm -> encrypt the plain text “Cheese and Crackers” -> into ciphertext “Ecv777*!lll”

Rod的密钥+ RSA算法->将纯文本“奶酪和饼干”加密->转换为密文“ Ecv777 *！lll”

Kim’s Key + RSA Algorithm -> encrypt the plain text “Cheese and Crackers” -> into ciphertext “O5deaQm&”

金的密钥+ RSA算法->将纯文本“奶酪和饼干”加密->转换为密文“ O5deaQm＆”

Most discussions about encryption use the example of two fictional people, Alice and Bob. In the figure below, Alice is sending a message to Bob, where the same key is used to encrypt and decrypt the message. Because the same key is used to both encrypt and decrypt a message, this process is called symmetric cryptography.

关于加密的大多数讨论都以两个虚构的人为例，即Alice和Bob。 在下图中，爱丽丝正在向鲍勃发送一条消息，鲍勃使用相同的密钥对消息进行加密和解密。 因为使用相同的密钥来加密和解密消息，所以此过程称为对称加密 。

Credit: https://www.twilio.com/blog/what-is-public-key-cryptography

图片来源： https ： //www.twilio.com/blog/what-is-public-key-cryptography

In sum, symmetric cryptography is an encryption system in which the same key is used to both encrypt and decrypt communications.

总而言之，对称密码学是一种加密系统，其中相同的密钥用于加密和解密通信。

非对称密码 (Asymmetric Cryptography)

But what if Alice and Bob (or our generals) never meet each other to agree upon or exchange keys. How can they communicate securely? To give a real-world example, suppose you are a journalist wanting to get information from a source who lives in another country. The source has knowledge of some injustices in their country. Sending this information by e-mail or through social media applications can be dangerous. They cannot put their information on a USB and send it because that may be intercepted.

但是，如果爱丽丝和鲍勃(或我们的将军)从来没有见过对方就达成共识或交换密钥怎么办？ 他们如何安全通信？ 举一个真实的例子，假设您是一名记者，希望从居住在另一个国家的消息来源获取信息。 消息人士对他们国家的一些不公正现象有所了解。 通过电子邮件或社交媒体应用程序发送此信息可能很危险。 他们无法将其信息放在USB上进行发送，因为这可能会被截获。

To deal with this problem, asymmetric (or public key) cryptography is used.

为了解决这个问题，使用了非对称(或公钥)加密技术。

We can use the same general process as above (Key + Algorithm), except now the key is split into a public key and a private key. You can encrypt a message with the public key and decrypt with the private key!

我们可以使用与上述相同的通用过程(“密钥+算法”)，只是现在将密钥分为公共密钥和私有密钥 。 您可以使用公钥加密消息，并使用私钥解密！

Here is how the general process would work:

以下是一般流程的工作方式：

• Bob uses an application to generate a public and private key. These keys are together called a key-pair. An example application of a website generating keys is here: https://pgpkeygen.com/.

  鲍勃(Bob)使用应用程序生成公用密钥和专用密钥。 这些密钥一起称为密钥对。 网站生成密钥的示例应用程序在这里： https : //pgpkeygen.com/ 。

• Bob can then take his public key and “share” it. There are many ways he can do this. He can place his key in spaces that belong to her online — social media accounts, his website, even as a signature in his e-mail address. There are also several public repositories where people have posted their public keys. An example is the OpenPGP key server (http://keys.gnupg.net/). But he keeps his private key secure and no one has access to it.

  然后，Bob可以获取他的公共密钥并“共享”它。 他有很多方法可以做到这一点。 他可以将密钥放置在属于她的在线空间中-社交媒体帐户，他的网站，甚至可以作为他的电子邮件地址中的签名。 人们还发布了一些公共密钥，其中有一些公共存储库。 一个示例是OpenPGP密钥服务器( http://keys.gnupg.net/ )。 但是他保持私钥的安全，没有人可以使用它 。

• Alice can find Bob’s public key on his website or a key server, encrypt a sensitive message using Bob’s public key, and then e-mail the message to Bob. Only someone with the private half of the key-pair can then decrypt the message.
  爱丽丝可以在其网站或密钥服务器上找到鲍勃的公钥，使用鲍勃的公钥对敏感消息进行加密，然后将其通过电子邮件发送给鲍勃。 然后，只有拥有密钥对私密一半的人才能解密该消息。
• So, when Bob receives the message from Alice, he can decrypt the message using his private key.
  因此，当鲍勃从爱丽丝那里收到消息时，他可以使用自己的私钥解密消息。
• If the message happens to be intercepted in transit, it cannot be read
  如果邮件恰好在传输过程中被拦截，则无法阅读

Like the symmetric cryptography discussed above, the algorithms used for asymmetric cryptography are widely known. The most widely used, and the one we will use is the RSA (Rivest–Shamir–Adleman) algorithm.

像上面讨论的对称密码学一样，用于非对称密码学的算法也是众所周知的。 使用最广泛的算法是RSA(Rivest–Shamir–Adleman)算法。

An example of this process is shown below, again using Bob and Alice:

下面再次使用Bob和Alice显示了此过程的示例：

Credit: https://sendgrid.com/docs/glossary/dkim/ 信用：https://sendgrid.com/docs/glossary/dkim/

Another aspect of asymmetric cryptography is that it can be used to increase data integrity by ensuring that a message has not been altered in transit.

非对称加密的另一个方面是，通过确保消息在传输过程中没有被更改，可以将其用于提高数据完整性。

Let’s say Alice also generates a key-pair. Like Bob, she can keep a secure private key and make her public key available. The key-pairs give Alice the ability to sign a message with this private key, which can then be verified with someone decrypting the message with Alice’s public key. In simple terms, if we believe that only Alice has access to her private key, then any message that can be decrypted with Alice’s public key must come from Alice.

假设Alice也生成了一个密钥对。 像鲍勃一样，她可以保留一个安全的私钥并使她的公钥可用。 密钥对使Alice能够使用此私钥对消息进行签名，然后可以由某人使用Alice的公钥解密消息来进行验证。 简而言之，如果我们认为只有爱丽丝可以访问她的私钥，那么任何可以用爱丽丝的公钥解密的消息都必须来自爱丽丝。

Here is how the general process would work. I will incorporate the previous example of Alice sending an encrypted message to Bob:

这是一般流程的工作方式。 我将结合爱丽丝(Alice)向鲍勃发送加密消息的先前示例：

• Bob generates a key-pair and makes his public key available
  鲍勃生成一个密钥对并使他的公共密钥可用
• Alice wants to send a secure message to Bob, and so she encrypts her message with Bob’s public key
  爱丽丝想向鲍勃发送安全消息，因此她用鲍勃的公钥对消息加密
• However, she wants Bob to know that her message has not been altered in transit (for example, someone could intercept the message, and delete Alice’s original message and encrypt a new message with Bob’s key)
  但是，她希望Bob知道她的消息在传输过程中没有被更改(例如，某人可以拦截该消息，然后删除Alice的原始消息并使用Bob的密钥加密一条新消息)

• So, she makes a hash of the (encrypted) message and then encrypts that with her private key. This is called signing a message. Yes, it can be very confusing. A hash function is an algorithm that produces a small series of values from a larger block of data. It is quick and easy to produce a hash, and it does not take up much data space. The two most common hash functions are MD5 (Message Digest 5) and SHA (Secure Hash Algorithm).

  因此，她对(加密的)消息进行哈希处理 ，然后使用她的私钥对其进行加密。 这称为签署消息。 是的，这可能非常令人困惑。 哈希函数是一种算法，可以从较大的数据块中生成一小部分值。 生成哈希很容易，而且不占用太多数据空间。 最常见的两个哈希函数是MD5(消息摘要5)和SHA(安全哈希算法)。

• Alice sends the encrypted hash (encrypted with her private key) and the encrypted original message (encrypted with Bob’s public key) to Bob.
  爱丽丝将加密的哈希值(用她的私钥加密)和加密的原始消息(用鲍勃的公钥加密)发送给鲍勃。
• Bob can then decrypt the original message (using his private key) and read it.
  然后，Bob可以解密原始消息(使用其私钥)并读取它。

• He can also check to see if the message was altered in transit. He does this by getting a hash of the decrypted original message. He then decrypts Alice’s hash (using her public key) and then compares the two hashes. If they are the same, they can be sure that Alice’s message was not altered in transit. This is called verification.

  他还可以检查邮件在传输过程中是否被更改。 他通过获取解密后的原始消息的哈希值来做到这一点。 然后，他(使用她的公共密钥)解密Alice的哈希，然后比较两个哈希。 如果它们相同，则可以确保在传输过程中未更改Alice的消息。 这称为验证 。

A visual example is given below:

下面是一个可视示例：

Image Credit: https://medium.com/@meruja/digital-signature-generation-75cc63b7e1b4

图片来源： https : //medium.com/@meruja/digital-signature-generation-75cc63b7e1b4

日常使用 (Everyday Uses)

The use of Alice and Bob are ways of explaining the logic behind both symmetric and asymmetric cryptography. For most people, this process occurs without them even knowing it.

使用Alice和Bob是解释对称和非对称密码背后逻辑的方法。 对于大多数人来说，这个过程是在他们甚至不知道的情况下发生的。

One use example is the Apple iPhone and the automatic encryption of the data on your phone. For someone to read your data, they need your passkey. If law enforcement collects your phone, and you do not give them the passkey, they will have tremendous difficulty reading the data. This is an example of symmetric cryptography.

一个使用示例是Apple iPhone和手机上数据的自动加密。 为了使某人读取您的数据，他们需要您的密码。 如果执法部门收集了您的电话，而您没有给他们提供密码，则他们将很难读取数据。 这是对称加密的一个示例。

A second example is HTTPS (HTTP Secure), which uses both symmetric and asymmetric cryptography. Imagine you decide to buy some books from Amazon’s website. When you enter www.amazon.com into the web address, your computer is essentially requesting data from Amazon’s server. There are four steps:

第二个示例是HTTPS(HTTP安全)，它同时使用对称和非对称密码。 假设您决定从亚马逊网站上购买一些书籍。 当您在网址中输入www.amazon.com时 ，您的计算机实际上是在从Amazon的服务器请求数据。 分为四个步骤：

• Amazon’s server will send that data along with its public key. Amazon and most companies have had their public key verified by some certificate authority so that we know the key actually belongs to Amazon.
  亚马逊的服务器将发送该数据及其公钥。 亚马逊和大多数公司的公钥都经过某个证书颁发机构的验证，因此我们知道该密钥实际上属于亚马逊。
• Your browser then generates a separate symmetric key that will be used for the remainder of the connection (session). This symmetric key is encrypted and sent back to Amazon’s servers.
  然后，您的浏览器会生成一个单独的对称密钥，该对称密钥将用于其余的连接(会话)。 此对称密钥已加密并发送回Amazon服务器。
• Amazon’s server can decrypt this new key with its private key.
  Amazon的服务器可以使用其私钥解密此新密钥。
• Now the browser and server encrypt their subsequent communications with the symmetric key until the session ends. They have established a secure channel.
  现在，浏览器和服务器使用对称密钥加密其后续通信，直到会话结束。 他们建立了安全的渠道。

These four steps are shown visually below:

这四个步骤如下图所示：

Image Credit: https://www.digicert.com/ssl-cryptography.htm

图片来源： https : //www.digicert.com/ssl-cryptography.htm

Further Reading

进一步阅读

• “A Deep Dive on End-to-End Encryption: How Do Public Key Encryption Systems Work?” — https://ssd.eff.org/en/module/deep-dive-end-end-encryption-how-do-public-key-encryption-systems-work

  “深入研究端到端加密：公钥加密系统如何工作？” — https://ssd.eff.org/en/module/deep-dive-end-end-encryption-how-do-public-key-encryption-systems-work

• “Cryptography: Encrypt and Decrypt Your Data” — https://hackersonlineclub.com/cryptography/

  “密码学：加密和解密数据” — https://hackersonlineclub.com/cryptography/

翻译自: https://medium.com/swlh/understanding-asymmetric-public-key-cryptography-24092bcd7741

非对称加密 公钥解密