用于加密的公钥;私钥用于解密?
据我所知,私钥和公钥在数学上是相关的,用一个密钥加密的数据只能用另一个密钥解密。我的问题是私钥始终用于加密数据,而公钥始终用于解密数据?或者可以反过来,如果是这样,您能否给出一些在其他方向使用的示例应用程序(用于加密的公钥和用于解密的私钥)?
I understand that private and public keys are mathematically related and data encrypted with one key can only be decrpyted with other. My question is that private key is always used to encrypt data whereas public key is always used to de-crypt it? Or can be be vice-vera and if so can you give some example application where its used in other direction (public key to encrypt and private key to decrypt)?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
加密是为了保持某些数据的机密性;数据被转换为不透明的 blob,并且反向操作需要攻击者不知道的东西,即“秘密”或“私人”信息。加密的全部意义在于解密不能只用公共信息来完成;因此解密使用私钥。然而,让任何人加密数据是没有问题的,因此加密可以使用公钥。
有一些算法(实际上只有一种:RSA)乍一看似乎是“可逆的”:您可能会考虑使用私钥进行加密,使用公钥进行解密。如上所述,存在机密性(如果解密密钥是公开的,那么任何人都可以解密,因此加密的数据不能再被视为机密)。这种“逆向加密”可以用作数字签名算法的基础,其中没有机密性的概念,而是密钥所有者行为的可验证证明。
但是 RSA 的意义远不止模幂运算。 RSA加密首先通过称为“填充”的操作将输入消息转换为大整数。 RSA签名生成首先通过另一个操作(也称为“填充”)将输入消息转换为大整数; 但是这根本不是相同的填充。填充对于安全性至关重要,并且加密和签名所需的特性截然不同。例如,加密填充需要高水平的附加随机性,而签名填充需要大量冗余(以及哈希函数,以便容纳长输入消息)。
将签名称为“使用私钥加密”是 RSA 标准历史上的说法(因此名称为“md5WithRSAEncryption”),但它不准确(填充是而且必须是不同的)并且过于具体(它适用于仅适用于 RSA,不适用于 El Gamal、DSA、Diffie-Hellman、NTRU...)。这只是一个普遍存在的困惑。
Encryption is about keeping some data confidential; the data is transformed into an opaque blob and the reverse operation requires something that the attacker does not know, i.e. a "secret" or "private" information. The whole point of encryption is that decryption cannot be done with only public information; hence decryption uses the private key. However, there is no problem in letting anybody encrypt data, thus encryption can use the public key.
There are some algorithms (in practice, only one: RSA) which, from a casual glance, appear to be "revertible": you might think about using the private key for encryption, and the public key for decryption. As explained above, there goes confidentiality (if the decryption key is public, then anybody can decrypt, hence the encrypted data cannot be considered as confidential anymore). Such a "reversed encryption" may be used as the basis for a digital signature algorithm, in which there is no notion of confidentiality, but, instead, of verifiable proof of key owner action.
However there is more to RSA than the modular exponentiation. RSA encryption first transforms the input message into a big integer through an operation called "padding". RSA signature generation first transforms the input message into a big integer through another operation which is also called "padding"; but this is not at all the same padding. Padding is essential for security, and the needed characteristics are quite distinct between encryption and signature. For instance, an encryption padding needs a high level of added randomness, whereas a signature padding requires a lot of redundancy (and a hash function, in order to accommodate long input messages).
Talking of signatures as "encryption with the private key" is the way the RSA standard historically put it (hence names such as "md5WithRSAEncryption"), but it is inaccurate (paddings are, and must be, different) and overly specific (it applies only to RSA, not El Gamal, DSA, Diffie-Hellman, NTRU...). This is just a widespread confusion.
如果我想向您发送安全消息,我会使用您的公钥加密该消息。这样,只有您(知道私钥)才能解密它。
If I want to send you a secure message, I would encrypt the message with your public key. That way, only you (knowing the private key) can decrypt it.
您不仅可以使用公钥进行加密,这实际上是您进行保密加密时的正常操作模式。这是有道理的 - 任何人都可以使用公钥加密,并且只有正确的接收者才能使用其私钥解密。
在许多公钥系统中,签名在数学上类似于相反的情况 - “使用私钥加密” - 但请注意,签名操作从根本上不同于加密操作。例如,对于 RSA,签名必须使用不变的、可验证的填充方法,而加密则应使用随机填充。
Not only can you use a public key for encryption, that is actually the normal mode of operation when you are encrypting for secrecy. This makes sense - anyone can encrypt with the public key, and only the proper recipient can decrypt using their private key.
In many public key systems, signing is mathematically similar to the opposite case - "encrypting with the private key" - but note that the signing operation is fundamentally distinct from the encryption operation. For example, with RSA, signing must use an invariant, verifiable padding method, whereas encryption should use random padding.
它是可以互换的。
数字签名->私钥加密,公钥解密,以便验证发送者。
发送消息->公钥加密,私钥解密,所有者读取消息。
编辑:人们似乎不同意“可互换”的定义。我需要澄清的是,我正在谈论操作的数学角度,而不是安全性方面最好的。 Ofc,您应该使用按键来执行其预期操作。
然而,Henrick Hellström 在 SO 线程中的回应解释了为什么它们在数学上可以互换: Are public key和私钥可以互换吗?
It's interchangeable.
Digital Signature -> Private key encrypts, public key decrypts so to verify sender.
Send a message -> Public key encrypts, private decrypts and owner reads the message.
EDIT: People seem to disagree with the "Interchangeable" definition. I need to clarify that I am talking about the mathematical perspective of the operation, not what is best in terms of security. Ofc, you should use keys for their intended operation.
However, Henrick Hellström response in SO thread explains why they are interchangeable mathematically : Are public key and private key interchangeable?