PKI principle
PKI is the public key system. It uses the characteristics of public key algorithms to establish a certificate, manage and use the system to support and complete identity authentication, information encryption in the network system, to ensure data integrity and resistance. The PKI system can have a variety of different architectures, implement methods and communication protocols.
Public (asymmetric) key algorithm uses an encryption algorithm and a pair of keys: a public key (public key, public key) and a private key (private key, private key). The basic principle is: encrypted by a key, can only decrypt it by another key with it. The public key can be widely sent to communicators related to themselves, and the private key needs to be stored very safely. In use, Party A can encrypt the data with the public key of Party B, and Party B can complete the decryption using its own private key. The public key is bundled by the electronic certificate with its owner's name, the working unit, the email address, etc., authenticated, distributed, and managed by the authority (CA, CERTIFICATE Authority). Transmit your public key to the other party when handed over to the other party. Certificates can also be stored in a public place, so that others can easily find and download.
The public key method also provides a way to perform digital signatures: signature party extracts a summary and encrypts it with its own private key; the receiver verifies the validity and identity of the signed party certificate, with the signatory key Decrypt and verify, confirm the integrity and resistance of information being signed.
The public key method typically encrypts files and data from a symmetrical key method having high computational efficiency using a symmetric key (single key) method.
At present, the RSA public key method, the key length 512 or 1024 is mainly used, which is the basis of the widely used SSL / TLS and S / MIME and other secure communication protocols.
