Hi, everyone. I'm still a student.
I'm interested in implementing encryption these days. I thought about implementing bidirectional encryption with JCA.
First, every communication, the server sends the public key to the client, and the secret key is stored in the DB, and when an encrypted sentence is sent from the client, the secret key is decrypted with the secret key in the DB.
Second, if you make a table with about 1,000 public-private keys in advance and exchange indexes when communicating, you can see the table and decrypt it on your own.
Is this a good way to do it?
And what I'm curious about is that a packet with a password will be broken and if you decrypt the ciphertext regardless of whether it takes a year, what should I do about that?
I searched for newspaper articles. "To this end, Telegram uses the 256-bit Advanced Encryption Standard (AES) algorithm, the Rivest Shamir Adleman (RSA) 2048 system, and the Diffie-Hellman method as its security technology." By the way, RSA is two-way and AES is one-way, so can the two coexist?
Thank you.
encryption
From the PKI (X.509 public key specification), encryption can be largely divided into secret communication and forgery prevention.
Secret Communication : The purpose is to allow the sender to encrypt the content so that only the recipient can decrypt it. The recipient must first have an encryption key and a decryption key. The encryption key must be delivered securely to the sender before communication, and when the sender delivers the message to the recipient, the recipient can decrypt the message with the decryption key. At this time, the encryption key corresponds to a public key because it is passed to someone else to know, and the decryption key corresponds to a secret key because only the recipient must know it.
Prevent forgery: The sender attaches a signature (electronic signature) to prove that the message's original is not tampered with, along with the message's original text.The recipient can use the sender's known falsification control key to verify that the message is not tampered with from the source. The key used to create the signature is the secret key, and the known counterfeit match key used by the recipient is the public key.
The above is a brief explanation for conceptual purposes.
Now, back to answering the question...
Answer to the first question
For any purpose, most secure communications fall under either of the above, and you can do as you ask.
The actual SSL communication also uses this method. However, the service does not actually store secret keys in the DB, but stores them in a secure (inaccessible file system.
I'd like you to think that usingGeneral For one-way cipher ssl. Sending the Public Key Infrastructure to the client on the server, server is secret encryption to (prevention of forgery) with, and to transfer client server sending content of the Public Key Infrastructure (secret messages) encryption to be.
To communicate confidentially in both directions, both sides must have the other person's public key. You can think of SSL as defining a connection procedure (protocol) that involves exchanging keys here and trusting the keys.
Answer to the second question
If security is really important, we can consider it, but I don't think that's the case for actual services. It's not going to be easy to figure out which key to encrypt and decrypt, and if it's easy, it's easy for a third party to figure it out, so there's no difference between writing one and writing several in principle. It seems to have the effect of making data collection for encryption hacking longer.
A considerable amount of effort in encryption hacking
It's possible. However, increase the number of bits in the key that you use for encryption to make it probably close to zero. The length of the key is currently recommended as 2048 bits. Maybe if your computer's performance gets better and you don't have a new alternative encryption technology, it'll be oriented toward longer keys.
RSA
The RSA algorithm is an asymmetric key algorithm that divides it into public and private keys.
AES
This is usually used to encrypt private keys. When you use a public certificate, you must have put the certificate password in it Use the password you entered to unlock the encryption algorithm that hangs on the secret key. One of the symmetric key algorithms used to encrypt private keys is AES. Therefore, it seems to coexist, but AES is used to keep secret keys more secure. Even so, if the secret key is leaked, it can be decrypted after a sufficient time, so be careful not to expose the secret key online in the first place.
(Correction answer)
In SSL's actual communication, it is encrypted with a symmetric key algorithm such as AES, which is then encrypted with an asymmetric key to pass this symmetric key to the other party. (As @Park Jongjin said)
© 2024 OneMinuteCode. All rights reserved.