DSA 和 RSA 有什么区别?
看来它们都是需要公钥和私钥的加密算法。为什么我要选择其中之一来在我的客户端服务器应用程序中提供加密?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
看来它们都是需要公钥和私钥的加密算法。为什么我要选择其中之一来在我的客户端服务器应用程序中提供加密?
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
发布评论
评论(6)
请查看下面 AVA 的回答。
我的旧答案似乎是错误的
Check AVA's answer below.
My old answer seems wrong
参考,https://web.archive.org/web/20140212143556/http://courses.cs.tamu.edu:80/pooch/665_spring2008/Australian-sec-2006/less19.html
RSA
RSA加密和解密是可交换的
因此它可以直接用作数字签名方案
给定一个 RSA 方案 {(e,R), (d,p,q)}
签署消息 M,计算:
S = M 次方 d (mod R)
要验证签名,请计算:
M = S power e(mod R) = M power ed(mod R) = M(mod R)
RSA 可用于加密和数字签名,
只需颠倒指数的使用顺序即可:
创建签名的秘密指数 (d),公共指数 (e)
任何人都可以验证签名。其他一切都相同。
DSA(数字签名算法)
DSA 是 ElGamal 和 Schnorr 算法的变体。
它创建 320 位签名,但具有 512-1024 位安全性
再次取决于计算离散对数的难度
已被相当广泛地接受。
DSA 密钥生成1
首先选择共享的全局公钥值(p,q,g):
选择一个大素数 p = 2 L 次方
其中 L= 512 至 1024 位,是 64 的倍数
选择 q,p-1 的 160 位质因数
选择g = h 次方(p-1)/q
对于任意 h
然后每个用户选择一个私钥并计算他们的公钥:
选择 x
DSA 密钥生成与 El Gamal 相关,但比 El Gamal 更复杂。
主要是因为使用了二次160位模q来帮助
加快计算速度并减少生成的签名的大小。
DSA 签名创建和验证
签署消息 M
生成随机签名密钥 k, k
要验证签名,请计算:
w = s-1(mod q)
u1= (SHA(M).w)(mod q)
u2= rw(mod q)
v = (g 幂 u1.y 幂 u2(mod p))(mod q)
如果 v=r 则验证签名
签名创建再次类似于 ElGamal,使用
每条消息临时签名密钥 k,但首先计算 mod p,
然后 mod q 来减小结果的大小。请注意,使用
哈希函数 SHA 在这里是明确的。验证还包括
比较两个计算,同样比以下更复杂一点:
但与埃尔·贾迈勒有关。
请注意,几乎所有计算都是 mod q,并且
因此速度要快得多。
但是,与 RSA 相比,DSA 只能用于数字签名
DSA 安全性
潜意识通道的存在存在于许多方案中(任何需要选择随机数的方案),而不仅仅是 DSA。它强调需要“系统安全”,而不仅仅是一个好的算法。
Referring, https://web.archive.org/web/20140212143556/http://courses.cs.tamu.edu:80/pooch/665_spring2008/Australian-sec-2006/less19.html
RSA
RSA encryption and decryption are commutative
hence it may be used directly as a digital signature scheme
given an RSA scheme {(e,R), (d,p,q)}
to sign a message M, compute:
S = M power d (mod R)
to verify a signature, compute:
M = S power e(mod R) = M power e.d(mod R) = M(mod R)
RSA can be used both for encryption and digital signatures,
simply by reversing the order in which the exponents are used:
the secret exponent (d) to create the signature, the public exponent (e)
for anyone to verify the signature. Everything else is identical.
DSA (Digital Signature Algorithm)
DSA is a variant on the ElGamal and Schnorr algorithms.
It creates a 320 bit signature, but with 512-1024 bit security
again rests on difficulty of computing discrete logarithms
has been quite widely accepted.
DSA Key Generation
firstly shared global public key values (p,q,g) are chosen:
choose a large prime p = 2 power L
where L= 512 to 1024 bits and is a multiple of 64
choose q, a 160 bit prime factor of p-1
choose g = h power (p-1)/q
for any h<p-1, h(p-1)/q(mod p)>1
then each user chooses a private key and computes their public key:
choose x<q
compute y = g power x(mod p)
DSA key generation is related to, but somewhat more complex than El Gamal.
Mostly because of the use of the secondary 160-bit modulus q used to help
speed up calculations and reduce the size of the resulting signature.
DSA Signature Creation and Verification
to sign a message M
generate random signature key k, k<q
compute
r = (g power k(mod p))(mod q)
s = k-1.SHA(M)+ x.r (mod q)
send signature (r,s) with message
to verify a signature, compute:
w = s-1(mod q)
u1= (SHA(M).w)(mod q)
u2= r.w(mod q)
v = (g power u1.y power u2(mod p))(mod q)
if v=r then the signature is verified
Signature creation is again similar to ElGamal with the use of a
per message temporary signature key k, but doing calc first mod p,
then mod q to reduce the size of the result. Note that the use of
the hash function SHA is explicit here. Verification also consists of
comparing two computations, again being a bit more complex than,
but related to El Gamal.
Note that nearly all the calculations are mod q, and
hence are much faster.
But, In contrast to RSA, DSA can be used only for digital signatures
DSA Security
The presence of a subliminal channel exists in many schemes (any that need a random number to be chosen), not just DSA. It emphasises the need for "system security", not just a good algorithm.
顺便说一句,您不能使用 DSA 加密,只能签名。尽管它们在数学上(或多或少)是等效的,但您实际上不能将 DSA 用作加密方案,而只能用作数字签名方案。
Btw, you cannot encrypt with DSA, only sign. Although they are mathematically equivalent (more or less) you cannot use DSA in practice as an encryption scheme, only as a digital signature scheme.
参考
man ssh-keygen,DSA 密钥的长度严格限制为 1024 位,以保持符合 NIST 的 FIPS 186-2。尽管如此,更长的 DSA 密钥理论上是可能的; FIPS 186-3 明确允许它们。此外,1024 位长的 RSA 或 DSA 密钥不再保证安全性。总之,2048 位 RSA 密钥是目前的最佳选择。
要采取的更多预防措施
建立安全的 SSH 连接需要的不仅仅是选择安全的加密密钥对技术。鉴于爱德华·斯诺登(Edward Snowden)对美国国家安全局(NSA)的揭露,人们必须比以前认为足够的保持更加警惕。
仅举一个例子,使用安全的密钥交换算法同样重要。以下是当前最佳 SSH 强化实践< /strong>。
With reference to
man ssh-keygen, the length of a DSA key is restricted to exactly 1024 bit to remain compliant with NIST's FIPS 186-2. Nonetheless, longer DSA keys are theoretically possible; FIPS 186-3 explicitly allows them. Furthermore, security is no longer guaranteed with 1024 bit long RSA or DSA keys.In conclusion, a 2048 bit RSA key is currently the best choice.
MORE PRECAUTIONS TO TAKE
Establishing a secure SSH connection entails more than selecting safe encryption key pair technology. In view of Edward Snowden's NSA revelations, one has to be even more vigilant than what previously was deemed sufficient.
To name just one example, using a safe key exchange algorithm is equally important. Here is a nice overview of current best SSH hardening practices.
除了上面的好答案之外。
RSA 代表 Ron Rivest、Adi Shamir 和 Leonard Adleman。
And in addition to the above nice answers.
RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman.
RSA 和 DSA 是不同的东西,尽管两者都与加密有关。令人难以置信的是,这个问题没有被驳回,而其他明智的问题却被驳回。它要求写一篇关于 RSA 的论文和一篇关于 DSA 的不同论文,这样你就可以得出它们不一样的结论。它们不够相似,不足以询问有什么区别。
RSA and DSA are different things, albeith both are related to encryption. It is unbelievable that this question is not shot down, while other sensible question are. It asks for writing a treatise on RSA and a different treatise on DSA, so you can draw the conclusion that they are not the same. They are not sufficiently similar to ask what the difference is.