非对称加密

发布于 2024-09-16 18:02:36 字数 862 浏览 7 评论 0原文

我明天有高级开发考试,但我被加密主题困住了。我已在 http://support.microsoft.com/kb/246071 上阅读了相关内容。然而我还是很困惑。

如果消息使用非对称加密和公钥进行加密,解密者如何知道用来解密的私钥?当然,做到这一点的唯一方法是公开私钥,但这违背了非对称加密的目的。

有人可以用非技术人员能够理解的方式解释一下吗?它只是我不明白的非对称加密,而不是对称加密。提前致谢。

问候,

理查德

编辑:总结一下网络应用程序的所有答案(我需要了解这一点的具体用途):

  1. 用户访问网站;
  2. 要求用户提供公钥;
  3. 用户创建公钥和私钥对,将私钥保密,并将公钥发送回服务器;
  4. 服务器使用公钥对需要发送给用户的任何内容进行加密,并将信息发送给用户;
  5. 用户使用他/她的私钥解密服务器的响应;
  6. 用户执行他们需要的操作并向服务器发回响应,并使用私钥对其进行加密;
  7. 服务器使用公钥解密。 步骤 4 - 7 可能会持续多次,也可能仅发生一次,或者仅发生 4 和 5。

这一切都正确吗?如果是这样,那么这应该就是我考试时需要知道的全部内容。如果出现有关此主题的问题,我认为我不需要了解更多信息即可获得最大 40% - 不过我会提到证书和签名的存在。

感谢您的所有帮助。

此致,

理查德

编辑:嗯,我刚刚从考试中回来,我认为一切顺利。但是,没有出现有关密码学的问题......无论如何,我们都很感谢您的帮助。谢谢大家。

问候,

理查德

I have an exam tomorrow in Advanced Development, but I am stuck on the topic of Encryption. I have read up on it at http://support.microsoft.com/kb/246071. However I am still confused.

If a message is encrypted using Asymmetric Encryption, using the public key, how is the decryptor going to know the private key with which to decrypt it? Surely the only way to do this is to make the private key public, but that defeats the object of Asymmetric Encryption.

Can someone please explain this in a way that a non-techie would be able to understand it? Its only Asymmetric Encryption I dont understand, not Symmetric Encryption. Thanks in advance.

Regards,

Richard

Edit: So to sum up all the answers in the case of a web application (the specific use for which I need to know about this):

  1. User visits a website;
  2. User is requested to provide a public key;
  3. User creates public and private key-pair, keep the private one private and sends back the public key to the server;
  4. Server uses the public key to encrypt anything which needs to be sent to the user and sends the information to the user;
  5. User uses his / her private key to decrypt the response from the server;
  6. User does what they need to and sends back a response to the server, using the private key to encrypt it;
  7. Server decrypts using the public key.
    Steps 4 - 7 may continue many times, or they may only happen once, or only 4 and 5 may occur.

Is this all correct? If so then it should be all I need to know for the exam. I shouldnt think I would need to know any more to get the maximum 40% should a question on this subject come up - will mention the existence of certificates and signatures though.

Thank you for all the help.

Regards,

Richard

Edit: Well I have just got back from my exam and it went fairly ok I think. But no question on cryptography came up, however... The help was appreciated anyway. Thanks all.

Regards,

Richard

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

铁憨憨 2024-09-23 18:02:36

私钥只能由其合法用户知道并且不能分发。它的对应部分,即公钥,可以分发给任何人。

基于此,您可以得到 4 个操作:

  • 使用公钥加密 使用
  • 私钥解密
  • 使用私钥签名
  • 使用公钥验证签名

您可能遇到的下一个问题是身份与公钥的绑定(如您不想用冒名顶替者的公钥加密某些内容或信任用冒名顶替者的公钥签名的某些内容)。公钥分发有多种模型。通常,您可以拥有:

  • 信任网络,人们在公钥之间签署彼此的关联和身份:这通常是 PGP 模型。
  • 公钥基础设施 (PKI),您可以在其中让证书颁发机构(通常与中间体一起)生成证书树状层次结构。 (PGP 也可以使用此模型,但这似乎不太常见。)

A private key is meant to be known only by its legitimate user and not distributed. Its counterpart, the public key, may be distributed to anyone.

Based on this, you can get 4 operations:

  • encrypt using the public key
  • decrypt using the private key
  • sign using the private key
  • verify the signature using the public key

The next problem you may encounter is the binding of an identity to a public key (as you wouldn't want to encrypt something with or trust something signed with the public key of an impostor). There are various models of public key distributions. Typically, you can have:

  • a web of trust, where people sign each other's association between the public key and the identity: this is typically the PGP model.
  • a public key infrastructure (PKI) where you get certification authorities to produce certificates, often with intermediates, in a tree-like hierarchy. (PGP can use this model too, but this seems less common.)
寒江雪… 2024-09-23 18:02:36

Alice 创建了她的私钥 + 公钥。她将私钥保密。她公开了她的公钥。

鲍勃获取爱丽丝的公钥(他应该首先验证,这确实是爱丽丝的公钥!),并使用它来加密发送给爱丽丝的消息。

Alice 可以使用她的私钥解密该消息。

Alice creates her Private Key + Public Key. She keeps her Private Key private. She makes her Public Key public.

Bob takes Alice's Public Key (he should first verify, that it's really Alice's Public Key!), and uses it to encrypt a message, which he sends to Alice.

Alice can decrypt the message using her Private Key.

只是我以为 2024-09-23 18:02:36

其他人提供了“通用”描述,我将更深入地了解现实生活的一面。

大多数现代非对称加密标准不使用原始公钥和私钥,而是使用更复杂的包装器,例如 X.509 证书或 OpenPGP 密钥(这是当今两种最流行的非对称加密基础设施)。证书和 OpenPGP 密钥都包含额外的信息,可以轻松识别、搜索和管理它们。

现在,加密的数据块通常包括用于加密的公共部分(即证书或公共OpenPGP密钥),或者至少包括ID(该公共部分的散列)。数据的接收者通常拥有(或应该拥有)公共和私有部分(私钥通常与证书或公共 openpgp 密钥保存在一起)。因此,当接收者收到加密数据时,他知道他需要在其私钥存储中查找具有给定 ID 的公共部分(或者当它包含在加密数据中时查找给定公共部分)。

存在不包含任何内容的情况。然后接收者无需做任何事,只能尝试所有可用的私钥进行解密。但这种情况很少见,因为默认情况下,证书或密钥 ID 存在于加密数据块中。

Others have provided a "generic" description and I'll go deeper into the real-life side.

Most modern asymmetric encryption standards operate not with raw public and private keys, but with more complex wrappers, such as X.509 certificates or OpenPGP keys (these are two most popular asymmetric encryption infrastructures today). Both certificates and OpenPGP keys contain extra information that lets them be easily identified, searched for and managed.

Now, the encrypted data block usually includes the public part (i.e. the certificate or public OpenPGP key) used for encryption, or at least the ID (hash of this public part). The recipient of the data usually has (or is supposed to have) both public and private parts (private keys are usually kept together with certificates or public openpgp keys) at hand. So when the recipient receives the encrypted data, he knows that he needs to look his private key storage for public part with given ID (or for given public part when it's included into the encrypted data).

There exist cases when nothing is included. Then the recipient has nothing to do but try all available private keys for decryption. But such cases are rare as by default the certificate or key id are present in the encrypted data block.

荆棘i 2024-09-23 18:02:36

公钥由“解密者”提供给“加密者”,因此,根据定义,“解密者”知道私钥(因为它是“解密者”创建的密钥对的一部分。

The public key is provided to the "encryptor" by the "decryptor", therefore, by definition, the "decryptor" knows the private key (because it is part of the key pair created by the "decryptor".

十秒萌定你 2024-09-23 18:02:36

假设“解密者”= D,“加密者”= E。D

之前将其公钥发送给 E,因此 E 可以加密该消息。因为只有 D 知道自己的私钥,所以只有 D 知道如何解密 E 刚刚发送给他的消息(记住:一个密钥用于加密,另一个用于解密)。通过这种方式,您可以获得隐私。

Let's say "decryptor" = D, and "encryptor" = E.

D previously sent his public key to E, so E can encrypt the mesage. Because only D knows his own private key, only D will know how to decrypt the message E just sent him (remember: one key is used to encrypt, the other to decrypt). In this way, you get privacy.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文