Encryption is the basis for secure information exchange through intranet, extranet, and Internet. From a business point of view, security features implemented by encryption include: authentication, making the recipient's confident sender is his or her state; confidentiality, ensuring that only expected recipients can read mail; As well as integrity, make sure messages are not changed during transmission. From a technical point of view, encryption is a science that converts mail into an unreadable format to achieve the purpose of protecting data with mathematical methods.
This article will introduce the following encryption concepts:
Symmetric key encryption: a key
Public key encryption: two keys
One-way rhogue algorithm
Digital signature: combined with public key and hash
Key exchange: combined with symmetrical key and public key
Symmetric key encryption: a key
Symmetric key is encrypted, also called a shared key encryption or confidential key encryption, using a single key with the sender and the recipient. This key is for encryption and is also used to decrypt, called a confidential key (also known as a symmetric key or session key). Symmetric key encryption is an effective way to encrypt a large amount of data.
Symmetric key encryption has many algorithms, but all of these algorithms have a common purpose --- can convert clear text (unencrypted data) into a dark text. The dark text uses the encryption key code, and it is meaningless to anyone who does not decrypt the key. Since the symmetric key is encrypted using the same key when encrypting and decrypting, the security of such an encryption process depends on whether there is an unauthorized person obtains a symmetric key. This is why it is also called secret key encryption. It is desirable to use both sides of the symmetric key encrypted communication, and must first switch the key before switching the encrypted data.
The main scale of the measurement of the symmetric algorithm is the length of its key. The longer the key, the more the number of keys that must be tested before finding the correct key required for decryption data. The more you need to test, the more difficult it is to crack this algorithm. With a good encryption algorithm and a sufficiently long key, if someone wants to reverse the conversion process in a practical time, and from the dark text, it is not possible to do it from the perspective of calculation.
Public key encryption: two keys
Public key encryption uses two keys: a public key and a private key, which is related to mathematics. In order to be connected to a symmetric key, the public key is encrypted is sometimes called an asymmetric key encryption. In public key encryption, public keys can be publicly delivered between communication, or publish in public reserve, but related private keys are confidential. Only using private keys can decrypt data encrypted with public key. Data using private key encryption can only decrypt with public key. Similar to the symmetric key encryption, there are many algorithms in public key encryption. However, the symmetric key and the public key algorithm are not similar in design. You can use a symmetrical algorithm to replace another in the program, and the changes are not large because their work mode is the same. On the other hand, the working mode of different public key algorithms is completely different, so they are not interchangeable. The public key algorithm is a complex mathematical equation that uses a lot of numbers. The main limit of the public key algorithm is that this encryption form is relatively low. In fact, the public key algorithm is usually used only at the critical time, such as when the symmetric key is exchanged between the entity, or when signing a restriction of an email (has a hash by applying a one-way mathematical function. The length of the length is called a hash algorithm for data. Using the public key encryption with other encryption forms (such as symmetric key encryption), it can be optimized. The public key encryption provides an effective method that can be used to send a confidential key used to a large amount of data to a confidential key to someone. Public key encryption can also be used in conjunction with a hash algorithm to generate digital signatures.
Encrypt public key for digital signatures
Digital signature is a method of mail, file, or other digital encoding information, binding their identity and information (ie, providing signature for information). The process of digital signature of the information is needed to convert the information to the signature tags called the signature with the secret information mastered by the sender. Digital Signatures In public key environments, it is really his or her statement, and confirms that the received mail is exactly the same, to help ensure the security of e-commerce transactions. Typically, digital signatures are used to distribute data with plaintext, such as email. In this case, when the sensitivity of the mail itself may not guarantee the security of encryption, ensure that the data is in its original format and is not transmitted by the counterfeiter, it is very important. Common public key algorithm
Here are three most common public key algorithms:
RSA- is suitable for digital signature and key exchange. Rivest-Shamir-Adleman (RSA) encryption algorithm is currently the most widely used public key encryption algorithm, which is especially suitable for data transmitted over Internet. This algorithm is named after its three inventors: Ron Rivest, Adi Shamir and Leonard Adleman. The security of the RSA algorithm is based on the difficulty of decomposing large numbers (in terms of computer processing capabilities and processing time). In the commonly used public key algorithm, the RSA is different, and it can perform digital signature and key exchange operations.
DSA-only for digital signatures. Digital Signature Algorithm, DSA Invented by the NSA, NSA, has been included in the US National Standards and Technology Association (NAST) to federal information processing standards. Among the Federal Information Processing Standard, FIPS, as a criteria for digital signatures. The security of the DSA algorithm originates from the difficulty of calculating discrete algorithms. This algorithm is only used for digital signature operations (not applicable to data encryption).
Diffie-Hellman- is only available for key exchange. Diffie-Hellman is the first public key algorithm for inventors, named by the name of the inventors Whitfield Diffie and Martin Hellman. The security of the DIFFIE-Hellman algorithm is derived from the difficulty of calculating discrete algorithms in a limited field. The Diffie-Hellman algorithm is only used for key exchange.
One-way rhogue algorithm
Hash-also called a hash value or message summary, is a data conversion type with a key (symmetric key or public key). The hash is to convert one piece of data of any length into a fixed length, irreversible number by using a one-way mathematical function called a hash algorithm to data. The length of the resulting hash should be long enough, thus making the opportunity to find two pieces of data having the same haveh value. The sender generates the hash value of the mail and encrypts it, and then it is sent with the mail itself. The recipient simultaneously decrypts the email and hash values, and the received mail generates another hash value, and then compares the two hash values. If both are the same, the mail is extremely likely to have no changes during transmission.
Common unidirectional hash function
Below is two most common hash functions:
MD5. The MD5 is a hash algorithm designed by Ron Rivest designed a 128-bit hash value. The MD5 is designed to optimize for Intel processors. The basic principles of this algorithm have been leaked, which is why it is not very popular.
SHA-1. Similar to the DSA public key algorithm, the safety hash algorithm 1 (SHA-1) is also designed by NSA, and is included in the FIPS by NIST as the standard of hash data. It produces a 160-bit hash value. SHA-1 is a universal hash algorithm for creating digital signatures.
Digital Signature: Combined with the public key and hash algorithm can use public key technology to create a digital signature with a hash algorithm. Digital signatures can be used as a data integrity check and provide credentials with private key. The steps to sign and verify data (completed by the PKI application such as Microsoft Outlook) are as follows:
The sender uses a hash algorithm to data and generates a hash value.
The sender uses the private key to convert the hash value to a digital signature.
Then, the sender sent the data, signature and sender's certificate to the recipient.
The recipient applies the hash algorithm to the received data and generates a hash value.
The recipient uses the sender's public key and the newly generated hash value verification signature.
This process is transparent to the user.
The speed of the hash algorithm processing data is much better than the public key algorithm. Hash data also shorten the length of data to sign, thus speeding up the signature process. When you create or verify the signature, the public key algorithm must be converted with a column value (128 or 160 bits). The detailed steps of creating a signature and verify signature depends on the public key algorithm used.
Key exchange: combined with symmetrical key and public key
The symmetric key algorithm is ideal for fast and secure encrypted data. However, its disadvantage is that the sender and the recipient must switch the secret key before switching the data. Combined with the symmetric key algorithm of encrypted data and the public key algorithm of the switching secret key can generate a fast and flexible solution.
The key exchange step based on the public key is as follows:
The sender gets the public key of the recipient.
The sender creates a random confidential key (a single key used in the symmetric key encryption).
The sender uses the confidential key and the symmetrical key algorithm to convert the plaintext data into the text data.
The sender uses the recipient's public key to convert the secret key to a secret key.
The sender sends the text data to the recipient of the recipient.
The recipient uses its private key to convert the secret key to its plaintext.
The recipient uses the plain text confidential key to convert the dark text data into a plaintext data.
Similarly, these steps are done by enabling PKI applications, such as Microsoft Outlook, and transparent to users.
Concept of public key basic structure
Terms Public Key Basic Structure (PKI) is used to describe strategies, standards, and software for controlling or manipulating certificates and public keys and private keys. In fact, PKI refers to a set of systems that are composed of other registries that are inspected and validated by other registries involved in the digital certificate, certificate authority (CA), and the legitimacy of the parties involved in the parties. The relevant standards of PKI are still in the continuous development, even if these standards have been widely implemented as elements of e-commerce.
PKI generally includes:
certificate
Certificate Authority (CA)
Unable CA hierarchy
registered
Certificate registration
Certificate revocation
Certificate chain verification
certificate
Public key certificates are often referred to as certificates for authentication on Internet, Extranet, and intranet and secure data exchange. The issuer and signator of the certificate are well known certification authorities (CA). The entity that issues a certificate is the subject of the certificate. The public key certificate is a declaration of digitally signed, which binds the value of the public key with the body (personal, device and service) of the corresponding private key. By signing on the certificate, CA can verify that the private key corresponding to the public key on the certificate is owned by the subject specified by the certificate. You can issue certificates for a variety of purposes, such as web user authentication, web server authentication, secure email, IP security (IP), IP security (IP, S / MIME), S / MIME Security, security socket protocol layer / transaction layer security (Secure Sockets Layer / Transaction Layer Security, SSL / TLS), and code signature. If you use the Windows 2000 Enterprise Certification Authority within an organization, the certificate can be used to log in to the Windows 2000 domain. The certificate can also be issued by a CA to another CA to establish a certificate hierarchy.
The main body can be identified by multiple names, such as user main names (for end user certificates), directory name, email name, and DNS domain name. The certificate should also contain the following information: The validity period of the certificate.
The serial number of the certificate, CA should ensure that the serial number is unique.
The name of the CA and the key used to sign the certificate.
The identifier of the policy that CA is used to determine the policy of the certificate body (describe the CA policy will be described in detail later).
The usage of the key pair (public key and related private key) identified in the certificate.
The location of the certificate revocation list (CRL) is a document that lists the certificate that has been revoked and published by CA. To ensure its integrity, CRL is signed with the private key of CA.
The certificate provides a mechanism for establishing a relationship between the public key and the entity with the corresponding private key. Currently used certificate formats are defined by ITU-T X.509 Version 3 (X.509V3) international standards. RFC 2459 is a profile of X.509V3, further illustrating the fields defined in X.509V3. Windows 2000 PKI adopts X.509V3 standard. The Windows certificate is programmed in accordance with the instructions in RFC 2459, but still called X.509V3 certificates. ITU-T X.509 is not the only format of the certificate. For example, Pretty Good Privacy (PGP) secure email relies on a certificate unique to PGP.
Certificate issuing agency
Certificate Authority (CA) is a trusted entity that issues a certificate to a certificate to a personal, computer or any other application entity. CA Acceptance Certificate Application, based on the Policy of the CA, verify the applicant's information, and then use its private key to apply its digital signature to the certificate. Then, CA issues the certificate to the subject of the certificate as a secure credentials inside the PKI. Since different CAs use different methods to verify the binding between the public key and the subject, it is very important to understand the strategy of the CA before selecting the issuing agency.
CA can be a remote third-party mechanism, such as VeriSign. As a choice, you can also create CAs you are using for your organization, for example, create a CA by installing the Windows 2000 certificate service. Each CA may have a completely different identity credential requirements, such as Windows 2000 domain accounts, staff tags, driver licenses, notarized requests or actual addresses.
CA strategy
The CA issued a certificate to the applicant according to a set of standards established. A set of criteria used in the acceptance certificate request (and issuing certificates, revoking certificates, and issuing CRLs) is called CA strategies. Typically, CA issues its strategy with a document called a Certification Practice Statement (CPS).
Type of certification authority
The type of CA includes three of the following:
Self-signed CA. In the self-signed CA, the public key in the certificate and the key used to verify the certificate are the same. Some self-signature CA is root CA
Dependent CA. In the subordinate CA, the public key in the certificate and the key used to verify the certificate are different. A CA is called another CA certificate called cross-certification.
Root CA. The root CA is a special CA that is subject to the highest level of the certificate hierarchy. All certificate chains are terminated in root CA. The root issued agency must sign its own certificate because there is no higher certification body in the certificate hierarchy.
All self-signed CAs are root CA because the certificate chain is terminated when the self-signature CA is signed.
Unable CA hierarchy
Administrators can create a hierarchy of the CA, starting from the root CA certificate, then adding intermediate CAs, each CA can issue a certificate for its dependent CA. When the CA issues a certificate to the final entity (user), the certificate chain is terminated.
The distribution cost of the root CA certificate is the highest, because if you start changing the root certificate, you must rebuild the entire PKI. If the root certificate changes, you must revoke the old root certificates of all clients in the organization and add new root certificates. In addition, you must re-issue all certificates issued by root CA and then issued by the slave CA to the final entity. Therefore, when deploying a CA hierarchy, a small amount of long life root CA can provide the most economical solution. The root CA is very important - because they are unconditionally trustworthy because they are the vertices of the certificate chain - therefore, there is a circle authentication outside when the certificate is distributed. That is, since the root CA is self-signature, some people must have proved that the root certificate is genuine. Because the final entity is much more than CA, the CA issued to the final entity uses the private key to sign a large number of data. The more frequently used the key to the data signature, the larger the possibility of encrypting the data. Therefore, in order to maintain safety, the online CA issued to the final entity must always replace its signature key.
The list of CAs with certificates to the final entity have much larger than the list of intermediate or root CAs (these CAs are only available to other CAs, more from the CA issued certificate). Part of the reason is because the final entity is much more than the CA certificate. In addition, there are many reasons to explain why the certificate must be revoked, such as the staff changed or left the company.
CA Release The Certificate List (CRL), which lists the certificates that should not be reused. Relevant entries for the revocation certificate will remain in the list of CRLs until the CA will delete the certificate from the list after the validity period of the certificate. The more entries in the CRL, the larger the CRL, the longer the download time. Typically, users who use slower network links (such as dial-up) will experience download time issues. CA can also manage the size of the CRL list. One method is to maintain multiple lists, called partition CRLs. Another way is to shorten the validity period of the certificate has been issued, thus speeding up the speed of the CA from the list of revocations.
Many applications must be able to identify the most recent revocation status information of the certificate. Only one online CA can release current information about the status status. The rugged state published by the offline CA must be published to the online location.
Most of the attacked CAs are in online, physical security measures are poor and signed a large number of certificates. Therefore, when establishing root CA and slave CA, you should balance security and availability. Typically, it is recommended to use a three-level hierarchy, which is a offline independent root CA, an offline independent subordinate policy CA and a online subordinate project issued an enterprise CA.
Offline root CA. When designing the hierarchy of CA, the security level of the root CA should be set to highest. The root CA should be saved in a safe location with offline state and use it only to sign a small number of certificates. However, the CA and keys should be saved in a specialized vault, and at least two operators enter the custody library, one performs a predetermined operation, and another audit it. (In the Windows 2000 network, separate CA is designed so that they can run offline.)
Offline intermediate CA. There can be one or more subordinate CAs below a root CA. The intermediate slave CA is set offline, and the security of the CA can be improved.
Online issued CA. The CA of the last level in the CA chain must be online, so it can be used to accept certificate applications from many clients. Online CA below the root CA can also always publish the latest revocation status information. Administrators can frequently change this CA key because the opening of the new certificate (overhead of management) is the lowest. The dependent CA is not entirely used, but through the attack from the affiliate CA, it does not get much more value, and advanced CA can block this attack by revocation of the certificate. registered
Register is the process of introducing yourself to CA. When the certificate is applied, the registration can be implicit, or is done by another trusted entity (such as a smart card registration station) that guarantees the main body, or when the source credibility (such as the domain administrator) is received. automatic completion. Once the registration is performed to CA, the certificate is issued to the subject as long as it is in accordance with the standard established according to the CA policy.
Certificate registration
The certificate registration is the final entity to apply for a certificate and receive the certificate from the CA. The certificate application provides identity information to CA, which will then be part of the issued certificate. CAs apply according to a set of standard acceptance, which may require offline, non-automatic authentication (authentication outside the circle). If the application is successfully accepted, the CA will then issue a certificate to the user.
Certificate registration through the registration body
A special certificate registration can be done by registration body (RA), and RA can be guaranteed to CA to bind the public key with the identity and attribute of the expected certificate holder. RA is the body with special certificates. This special certificate contains information that can indicate the body identity to the CA. Typically, RA establishes binding between the public key and the body, and then signing on the application for the main body to provide the Evidence that the RA is about to binding guarantees to the CA. Essentially, using RA is a form-CA delegation RA to execute the task binding between the public key and entity.
RA generates a securely bound certificate established between the main body and the public key. In a Windows 2000 operating system, the certificate service uses domain authentication to identify the user identity of most types of certificates. The Windows 2000 Smart Card Registration Station created a smart card login certificate is used by RA. RA can verify the identity of the smart card receiver, and provide a more secure binding between the body and the public key that is individually completed alone than the domain authentication.
Certificate revocation
The certificate has a designated life, but CA can shorten this life by a process called certificate revocation. CA Releases a certificate revocation list (CRL) to list the serial number of the certificate that is considered to be free. CRL specified life is usually much shorter than the life of the certificate. CA can also join a certificate to be revoked in CRL. It can also join the start date that is considered to be changed in this state.
The following conditions can be designated as a reason for the revocation:
Leak key
Leak CA
Dependent relationship change
Replaced
Business termination
Certificate hold (this is the only reason to change the status code of the revocated certificate, very useful in the case of the certificate status)
The CA revocation certificate means that the CA revokes the relevant statement that allows the use of the key pair before the certificate is expired. After the revocation of the certificate expires, the relevant entries in the CRL are deleted to shorten the size of the CRL list.
During the verification signature, the application can check CRL to determine if a given certificate and key pair are still trusted. If it is not credible, the application can judge the reason or date of the revocation or the date of use. If the certificate is used to verify the signature, and the date of the signature is announted earlier than the CA, the signature is still considered effective.
After the application gains the CRL, the client caokes the CRL, and the client will use it until it expires. If the CA releases a new CRL, the application with a valid CRL does not use the new CRL until the CRL owned by the application expires. Certificate chain confirmation
Microsoft CryptoAPI provides a standard framework that uses this framework to get encryption services and digital certificate services. In addition to CryptoAPI for Windows 95, Windows 98, Windows NT and Windows 2000, third-party vendors can develop and sell their own plug-in modules to provide additional encryption services.
In the Windows network, when generating a request for the new certificate, the information in this request is first passed from the requesting program to CryptoAPI. Then, CryptoAPI passed the corresponding data to a program called Encrypted Service Provider (CSP), which is installed on your computer, or on a certain device (such as a smart card) that can be accessed in your computer. CSP is an independent software module that performs encryption operations such as secret key exchange, digital signature, and public key authentication.
