AES vs. RSA Encryption: What Are the Differences?

原作者：Ron Franklin
转载地址：https://blog.syncsort.com/2019/03/data-security/aes-vs-rsa-encryption-differences/

AES与RSA加密：有什么区别？

在互联网时代已经非常清楚的一件事是，防止未经授权的人访问存储在支持Web的计算机系统中的数据非常困难。工作人员要做的就是单击电子邮件中的错误链接，或者对看似合法的信息请求做出不正确的反应，入侵者可以完全访问您的所有数据。在当今的监管和公共关系环境中，这种违规行为可能是灾难性的。

但是，如果您可以放心，即使攻击者可以访问您的信息，他们也无法使用它，该怎么办？这就是数据加密的作用。

One thing that’s become abundantly clear in the internet age is that preventing unauthorized people from gaining access to the data stored in web-enabled computer systems is extremely difficult. All it takes is for a worker to click on the wrong link in an email, or respond unwarily to a seemingly legitimate request for information, and an intruder could gain complete access to all your data. In today’s regulatory and public relations environments, that kind of breach can be catastrophic.

But what if you could be assured that even if an attacker got access to your information, they couldn’t use it? That’s the role of data encryption.

加密如何运作

加密的基本思想是将数据转换为原始含义被掩盖的形式，只有经过适当授权的人才能解密它。这是通过使用基于称为键的数字的数学函数对信息进行加扰来完成的 。使用相同或不同密钥的逆过程用于解密（或解密）信息。如果将相同的密钥用于加密和解密，则该过程称为 对称过程。如果使用了不同的密钥，则该过程被定义 为非对称的。

当今，最广泛使用的两种加密算法是AES和RSA。两者都是高效且安全的，但是它们通常以不同的方式使用。让我们看一下它们之间的比较。

The basic idea of encryption is to convert data into a form in which the original meaning is masked, and only those who are properly authorized can decipher it. This is done by scrambling the information using mathematical functions based on a number called a key. An inverse process, using the same or a different key, is used to unscramble (or decrypt) the information. If the same key is used for both encryption and decryption, the process is said to be symmetric. If different keys are used the process is defined as asymmetric.

Two of the most widely used encryption algorithms today are AES and RSA. Both are highly effective and secure, but they are typically used in different ways. Let’s take a look at how they compare.

AES加密

AES（高级加密标准）已成为全球政府，金融机构和安全意识强的企业选择的加密算法。美国国家安全局（NSC）使用它来保护该国的“最高机密”信息。

AES算法连续将一系列数学转换应用于每个128位数据块。由于此方法的计算要求较低，因此AES可以与便携式计算机和智能手机等消费计算设备一起使用，并可以快速加密大量数据。例如，IBM z14大型机系列使用AES来启用普遍加密，其中整个系统中的所有数据（无论是静止的还是传输中的）都被加密。

AES是一种对称算法，使用相同的128、192或256位密钥进行加密和解密（AES系统的安全性随密钥长度呈指数增长）。即使使用一个128位密钥，通过检查2128个 可能的密钥值（“强力”攻击）来破解AES的任务也需要大量计算，以至于即使最快的超级计算机平均也需要 超过100万亿美元年 做。实际上，AES从未被破解过，并且 根据当前的技术趋势，有望在未来几年保持安全。

AES (Advanced Encryption Standard) has become the encryption algorithm of choice for governments, financial institutions, and security-conscious enterprises around the world. The U.S. National Security Agency (NSC) uses it to protect the country’s “top secret” information.

The AES algorithm successively applies a series of mathematical transformations to each 128-bit block of data. Because the computational requirements of this approach are low, AES can be used with consumer computing devices such as laptops and smartphones, as well as for quickly encrypting large amounts of data. For example, the IBM z14 mainframe series uses AES to enable pervasive encryption in which all the data in the entire system, whether at rest or in transit, is encrypted.

AES is a symmetric algorithm which uses the same 128, 192, or 256 bit key for both encryption and decryption (the security of an AES system increases exponentially with key length). With even a 128-bit key, the task of cracking AES by checking each of the 2128 possible key values (a “brute force” attack) is so computationally intensive that even the fastest supercomputer would require, on average, more than 100 trillion years to do it. In fact, AES has never been cracked, and based on current technological trends, is expected to remain secure for years to come.

RSA加密

RSA以麻省理工学院的科学家（Rivest，Shamir和Adleman）的名字命名，该科学家于1977年首次对其进行了描述。RSA是一种非对称算法，使用公知的密钥进行加密，但是需要使用仅预期接收者知道的其他密钥才能进行加密。解密。在此系统中，适当地称为公用密钥密码术（PKC），公用密钥是将两个巨大质数相乘的乘积。仅公开长度为1024、2048或4096位的产品。但是RSA解密需要了解该产品的两个主要因素。因为没有已知的方法可以计算这么大的素数，所以只有公钥的创建者才能生成解密所需的私钥。

RSA比AES具有更高的计算强度，并且速度慢得多。通常用于仅加密少量数据。

RSA is named for the MIT scientists (Rivest, Shamir, and Adleman) who first described it in 1977. It is an asymmetric algorithm that uses a publicly known key for encryption, but requires a different key, known only to the intended recipient, for decryption. In this system, appropriately called public key cryptography (PKC), the public key is the product of multiplying two huge prime numbers together. Only that product, 1024, 2048, or 4096 bits in length, is made public. But RSA decryption requires knowledge of the two prime factors of that product. Because there is no known method of calculating the prime factors of such large numbers, only the creator of the public key can also generate the private key required for decryption.

RSA is more computationally intensive than AES, and much slower. It’s normally used to encrypt only small amounts of data.

AES和RSA如何一起工作

AES的一个主要问题是，作为对称算法，它要求加密器和解密器使用相同的密钥。这就引起了关键的密钥管理问题–如何将所有重要的秘密密钥分发给世界各地的数百名接收者，而又不会冒在途中某处不慎或故意受到破坏的巨大风险？答案是结合AES和RSA的优势。

在包括互联网在内的许多现代通信环境中，交换的大量数据都通过快速的AES算法进行加密。为了获得解密该数据所需的秘密密钥，授权接收者发布了公共密钥，同时保留了只有他们自己知道的关联私有密钥。然后，发送者使用该公共密钥和RSA加密并向每个接收者传输他们自己的秘密AES密钥，该密钥可用于解密数据。

A major issue with AES is that, as a symmetric algorithm, it requires that both the encryptor and the decryptor use the same key. This gives rise to a crucial key management issue – how can that all-important secret key be distributed to perhaps hundreds of recipients around the world without running a huge risk of it being carelessly or deliberately compromised somewhere along the way? The answer is to combine the strengths of AES and RSA.

In many modern communication environments, including the internet, the bulk of the data exchanged is encrypted by the speedy AES algorithm. To get the secret key required to decrypt that data, authorized recipients publish a public key while retaining an associated private key that only they know. The sender then uses that public key and RSA to encrypt and transmit to each recipient their own secret AES key, which can be used to decrypt the data.