Origin
W.DiffieandM.Hellmanpublishedanarticle"NewDirectioninCryptography"inIEEETrans.onInformationin1976,andproposedthat"asymmetriccryptographyispublicTheconceptof"keycryptosystem"hascreatedanewdirectionincryptographyresearch
Workingprinciple
1.AwantstosendinformationtoB,andAandBmusthaveapairoffunctions.Publicandprivatekeysforencryptionanddecryption.
2.A’sprivatekeyiskeptsecret,andA’spublickeyistoldtoB;B’sprivatekeyiskeptsecret,andB’spublickeyistoldtoA.
3.WhenAwantstosendamessagetoB,AusesB’spublickeytoencryptthemessagebecauseAknowsB’spublickey.
4.AsendsthismessagetoB(themessagehasbeenencryptedwithB'spublickey).
5.AfterBreceivesthismessage,BuseshisprivatekeytodecryptA'smessage.Allotherpeoplewhoreceivethismessagecannotdecryptit,becauseonlyBhasB'sprivatekey.
Mainapplication
Asymmetricencryption(publickeyencryption):Referstoencryptionalgorithmsthatusedifferentkeysforencryptionanddecryption,alsoknownaspublicandprivatekeyencryption.Supposethattwouserswanttoencryptandexchangedata,andthetwopartiesexchangepublickeys.Whenusing,onepartyusestheotherparty'spublickeytoencrypt,andtheotherpartycanuseitsownprivatekeytodecrypt.Iftherearenusersinanenterprise,theenterpriseneedstogeneratenpairsofkeysanddistributenpublickeys.SupposeAusesB'spublickeytoencryptamessageandsignswithA'sprivatekey.Afterreceivingthemessage,BfirstverifiesthesignaturewithA'spublickey,andthendecryptsthemessagewithhisprivatekeyafterconfirmation.Sincethepublickeycanbedisclosed,usersonlyneedtokeeptheirprivatekeys,sothedistributionofencryptionkeyswillbecomeverysimple.Atthesametime,becauseeachuser'sprivatekeyisunique,otheruserscannotonlyusethesender'spublickeytoverifythesourceoftheinformation,butalsousedigitalsignaturestoensurethatthesendercannotdenythattheinformationhasbeensent.Thedisadvantageofasymmetricencryptionisthattheencryptionanddecryptionspeedismuchslowerthansymmetricencryption.Insomeextremecases,itcanevenbe1000timesslowerthansymmetricencryption.
DSACryptoServiceProviderRSACryptoServiceProvider
//Encryption
UnicodeEncodingencoding=newUnicodeEncoding();
byte[]PasswordBytes=encoding.GetBytes(password);//ConvertthepasswordintoabytearrayRSACryptoServiceProvidercrypt=newRSACryptoServiceProvider();//RSAencryptionalgorithm,asymmetricPasswordBytes=crypt.Encrypt(password,false);//Encryptthebytearray,whichisencryptedThepasswordvalueisplacedinatablefieldinthedatabase.
stringkey=crypt.ToXmlString(true);//TheoutputkeyisastringinXMLformatandcontainstheprivatekey.Thisstringshouldbeplacedasafieldinthedatabasetablewiththeuser’spasswordTogether.
//Decryption
RSACryptoServiceProvidercrypt=newRSACryptoServiceProvider();//Akeypairhasbeenrandomlygenerated
crypt.Clear();//Destroythecurrentkeypair
crypt.FromXmlString(key)//Enterthekeypair,thekeyistheXMLformatstringreadfromthedatabasetablefield,thatis,thekeyfieldPasswordBytes=crypt.Decrypt(password,false);//Decryptthebytearrayandreturntheoriginalpasswordtotheuser
Onefeatureoftheabovemethodisthateachusercorrespondstoakeypair(includingpublicandprivatekeys),Theyareallrandomlygenerated,sotheyarealldifferent.Buttheshortcomingisalsoveryobvious,thatis,thekeyisstoredinthedatabase,ifthedatabaseiscompromised,thekeywillbeleaked.
Anothermethodistorandomlygenerateakeypair(includingpublickeyandprivatekey)accordingtotheabovemethod,exportitthroughtheToXmlString(true)method,andthenputthekeyinXMLstringformatGototheAppSettingnodeoftheWeb.configfileofyourWebprogram,andthenreadthekeythroughtheFromXmlString(key)method,whichmeansthatalluserpasswordsareencryptedanddecryptedwiththesamekeypair.
Mainfunctions
Theasymmetricencryptionsystemdoesnotrequirethecommunicationpartiestopassthekeyinadvanceorhaveanyagreementtocompleteconfidentialcommunication,andthekeymanagementisconvenient,whichcanpreventcounterfeitinganddenialTherefore,itismoresuitablefortheconfidentialcommunicationrequirementsinnetworkcommunication.
Mainalgorithms
RSA,Elgamal,knapsackalgorithm,Rabin,D-H,ECC(ellipticcurveencryptionalgorithm).
ThemostwidelyusedistheRSAalgorithm.Elgamalisanothercommonlyusedasymmetricencryptionalgorithm.
ElgamalwasinventedbyTaherElgamalin1985.ItisbasedontheDiffieˉHellmankeyexchangealgorithm,whichenablesbothcommunicatingpartiestoderivethesecretkeyvaluethatonlytheyknowthroughpubliccommunication[DiffieˉHellman].DiffieˉHellmanwasinventedbyWhitfieldDiffieandMartinHellmanin1976.Itisregardedasthefirstasymmetricencryptionalgorithm.ThedifferencebetweenDiffieˉHellmanandRSAisthatDiffieˉHellmanisnotanencryptionalgorithm,itjustgeneratesasecretvaluethatcanbeusedasasymmetrickey..IntheDiffieˉHellmankeyexchangeprocess,thesenderandthereceiverrespectivelygenerateasecretrandomnumber,andderivethepublicvaluefromtherandomnumber,andthenthetwopartiesexchangethepublicvalue.ThebasisoftheDiffieˉHellmanalgorithmistheabilitytogenerateasharedkey.Aslongasthepublicvalueisexchanged,bothpartiescanusetheirownprivatenumberandtheother'spublicvaluetogenerateasymmetrickey,whichiscalledasharedkey.Forbothparties,thesymmetrickeyisthesameandcanbeusedtousesymmetricencryption.Algorithmtoencryptdata.
ComparedwithRSA,oneoftheadvantagesofDiffieˉHellmanisthatitusesanewsetofvalueseachtimethekeyisexchanged.WhenusingtheRSAalgorithm,iftheattackerobtainstheprivatekey,thenhecannotonlydecryptMessagesinterceptedbeforecanalsodecryptallmessagesafterwards.However,RSAcanpreventman-in-the-middleattacksthroughauthentication(suchasusingX.509digitalcertificates),butDiffieHellmanisveryvulnerabletoman-in-the-middleattacks.
Algorithmdifference
NonSymmetricencryptionalgorithmDifferencefromsymmetricencryptionalgorithm
First,thekeyvalueusedformessagedecryptionisdifferentfromthekeyvalueusedformessageencryption;
Secondly,theasymmetricencryptionalgorithmisthousandsoftimesslowerthanthesymmetricencryptionalgorithm,butitprotectsIntermsofcommunicationsecurity,asymmetricencryptionalgorithmshavetheadvantagethatsymmetricencryptionisdifficulttoachieve.
Toillustratethisadvantage,anexampleofasymmetricencryptionalgorithmisusedtoemphasize:
AliceusesthekeyKtoencryptthemessageandsendsittoBob.AfterBobreceivestheencryptedmessage,UsethekeyKtodecryptittorestoretheoriginalmessage.Thereisaquestionhere,thatis,howdoesAlicesendthekeyvalueusedtoencryptthemessagetoBob?TheansweristhatwhenAlicesendsthekeyvaluetoBob,itmustpassthroughanindependentsecurecommunicationchannel(thatis,noonecanlistentothechannelCommunication).
Thisneedtouseanindependentsecurechanneltoexchangesymmetricencryptionalgorithmkeyswillcausemoreproblems:
First,thereisanindependentsecurechannel,butthebandwidthofthesecurechannelislimited.,Youcan’tdirectlyuseittosendtheoriginalmessage.
Secondly,AliceandBobcannotdeterminehowlongtheirkeyvaluecanbekeptwithoutrevealing(thatis,notknownbyothers)andwhentoexchangeanewkeyvalue
Ofcourse,TheseproblemsarenotonlyencounteredbyAlice,Bobandeveryoneelsewillencounterthem,theyallneedtoexchangekeysanddealwiththesekeymanagementproblems(infact,X9.17isaDESkeymanagementANSIstandard[ANSIX9.17]).IfAlicewantstosendmessagestohundredsofpeople,thenthingswillbeevenmoretroublesome.Shemustuseadifferentkeyvaluetoencrypteachmessage.Forexample,tosendanotificationto200people,Aliceneedstoencryptthemessage200timesandencryptthemessageonceforeachrecipient.Obviously,inthiscase,thecostofusingasymmetricencryptionalgorithmforsecurecommunicationisconsiderable.
Themainadvantageofasymmetricencryptionalgorithmsistousetwokeyvaluesinsteadofone:onekeyvalueisusedtoencryptthemessage,andtheotherkeyvalueisusedtodecryptthemessage.Thesetwokeyvaluesaregeneratedinthesameprocessandarecalledakeypair.Thekeyusedtoencryptthemessageiscalledthepublickey,andthekeyusedtodecryptthemessageiscalledtheprivatekey.Messagesencryptedwithapublickeycanonlybedecryptedwiththecorrespondingprivatekey.Theprivatekeyisknowntonooneexcepttheholder,whilethepublickeycanbesentthroughaninsecurechannelorpublishedinadirectory.
AliceneedstosendaconfidentialdocumenttoBobviaemail.First,BobusesemailtosendhispublickeytoAlice.ThenAliceencryptsthedocumentwithBob'spublickeyandsendstheencryptedmessagetoBobviaemail.SinceanymessageencryptedwithBob'spublickeycanonlybedecryptedwithBob'sprivatekey,evenifthesnoopknowsBob'spublickey,themessageisstillsafe.AfterBobreceivestheencryptedmessage,hedecryptsitwithhisprivatekeytorestoretheoriginaldocument.