sm2加密算法实例_实例说明加密算法

sm2加密算法实例

Cryptography, at its most basic, is the science of using codes and ciphers to protect messages.

密码学从根本上讲就是使用代码和密码保护消息的科学。

Encryption is encoding messages with the intent of only allowing the intended recipient to understand the meaning of the message. It is a two way function (you need to be able to undo whatever scrambling you’ve done to the message). This is designed to protect data in transit.

加密是在对消息进行编码时，仅允许目标收件人理解消息的含义。这是一种双向功能(您需要能够撤消对消息所做的任何加扰操作)。旨在保护传输中的数据。

If you're looking for a general background on the difference between symmetric and asymmetric algorithms and a general overview of what encryption is, start here. This article will primarily cover two of the most commonly used encryption algorithms.

如果您正在寻找有关对称和非对称算法区别的一般背景以及什么是加密的一般概述，请从此处开始。本文将主要介绍两种最常用的加密算法。

As a general overview, there was a major problem with symmetric algorithms when they were first created - they only functioned effectively if both parties already knew the shared secret. If they didn't, securely exchanging a key without a third party eves-dropping was extremely difficult.

总的来说，对称算法在首次创建时就存在一个主要问题-只有在双方已经知道共享机密的情况下，对称算法才能有效发挥作用。如果他们不这样做，那么在没有第三方窃听的情况下安全地交换密钥非常困难。

And if a third party obtained the key, it was very easy for them to then break the encryption, defeating the purpose of secure communication.

如果第三方获得了密钥，那么他们很容易破坏加密，从而破坏了安全通信的目的。

Diffie-Hellman solved this problem by allowing strangers to exchange information over public channels which can be used to form a shared key. A shared key is difficult to crack, even if all communications are monitored.

Diffie-Hellman通过允许陌生人通过可用于形成共享密钥的公共渠道交换信息来解决此问题。即使监视所有通信，也很难破解共享密钥。

Diffie-Hellman如何工作？ (How does Diffie-Hellman work?)

Diffie-Hellman is what's called a key exchange protocol. This is the primary use for Diffie-Hellman, though it could be used for encryption as well (it typically isn't, because it's more efficient to use D-H to exchange keys, then switch to a (significantly faster) symmetric encryption for data transmission).

Diffie-Hellman是所谓的密钥交换协议。这是Diffie-Hellman的主要用途，尽管它也可以用于加密(通常不是，因为使用DH交换密钥效率更高，然后切换到(明显更快)对称加密进行数据传输) )。

The way this works is as follows:

其工作方式如下：

Basically, there are two parties, Alice and Bob, which agree on a starting color (arbitrary but has to be different every time). They also have a secret color they keep to themselves. They then mix this color with the shared color, resulting in two different colors. They then pass this color to the other party, who mixes it with their secret color, resulting in the same ending secret color.

基本上，有两方，爱丽丝(Alice)和鲍勃(Bob)，就起始颜色达成共识(任意，但每次都必须有所不同)。它们还具有自己保留的秘密颜色。然后，他们将此颜色与共享颜色混合，从而得到两种不同的颜色。然后，他们将此颜色传递给另一方，后者将其与自己的秘密颜色混合在一起，从而得到相同的结尾秘密颜色。

This relies upon the idea that it's relatively easy to mix two colors together, but it is very difficult to separate them in order to find the secret color. In practice, this is done with mathematics.

这是基于这样的想法：将两种颜色混合在一起相对容易，但是很难将它们分开以找到秘密颜色。实际上，这是通过数学完成的。

For example:

例如：

Bob and Alice agree on two numbers, a large prime, p = 29, and base g = 5鲍勃和爱丽丝在两个数字上达成共识，大质数p = 29，底数g = 5
Now Bob picks a secret number, x (x = 4) and does the following: X = g^x % p (in this case % indicates the remainder. For example 3%2 is 3/2, where the remainder is 1). X = 5 ^4 % 29 = 625 % 29 = 16现在，Bob选择一个秘密数字x(x = 4)并执行以下操作：X = g ^ x％p(在这种情况下，％表示余数。例如3％2为3/2，余数为1) 。 X = 5 ^ 4％29 = 625％29 = 16
Alice also picks a secret number, y (y = 8) and does the following: Y = g^y % p. Y = 5 ^ 8 % 29 = 390,625 % 29 = 24爱丽丝还选择一个秘密数字y(y = 8)，然后执行以下操作：Y = g ^ y％p。 Y = 5 ^ 8％29 = 390,625％29 = 24
Bob sends X to Alice and Alice sends Y to Bob.鲍勃向爱丽丝发送X，爱丽丝向鲍勃发送Y。
Then Bob does the following: K = Y^x % p, K = 24 ^ 4 % 29 = 331,776 % 29 = 16然后Bob执行以下操作：K = Y ^ x％p，K = 24 ^ 4％29 = 331,776％29 = 16
Alice then does the following: K = X^y % p, K = 16 ^ 8 % 29 = 4,294,967,296 % 29 = 16然后爱丽丝执行以下操作：K = X ^ y％p，K = 16 ^ 8％29 = 4,294,967,296％29 = 16

The great (*possibly magic*) thing about this, is that both Bob and Alice have the same number, K, and can now use this to talk secretly, because no one else knows K.

这样做的最大好处(*可能是魔术*)是鲍勃和爱丽丝都有相同的数字K，并且现在可以用它来秘密交谈，因为没人知道K。

The security of this protocol is predicated on a few things:

该协议的安全性取决于以下几点：

(Fact) It's relatively easy to generate prime numbers, even large prime numbers (like p).(事实)生成质数，甚至大质数(如p)都相对容易。
(Fact) Modular exponentiation is easy. In other words, it's relatively easy to compute X = g ^ x % p.(事实)模幂很容易。换句话说，计算X = g ^ x％p相对容易。
(Assumption based on current computing power and mathematics) Modular root extraction without the prime factors is very hard. Essentially, it's very hard to find K without knowing x and y, even if you've snooped on the traffic and can see p, g, X, and Y.(基于当前计算能力和数学的假设)没有素因数的模块化根提取非常困难。从本质上讲，即使您窥探了流量并且可以看到p，g，X和Y，也很难在不知道x和y的情况下找到K。

Thus, assuming this was implemented correctly, it's relatively easy to do the math required to create the key, but is extremely difficult and time consuming to do the math required to try to break the key by brute forcing it.

因此，假设正确实现了该功能，则进行创建密钥所需的数学运算相对容易，但是进行试图通过蛮力破解来破坏密钥所需的数学运算极其困难且耗时。

Even if an attacker could compromise this key, Diffie-Hellman allows for perfect forward secrecy.

即使攻击者可以破坏此密钥，Diffie-Hellman仍可以提供完美的前向保密性。

什么是完美的前向保密？ (What is perfect forward secrecy?)

This is the idea that if you crack the encryption that the server is using to communicate now, it doesn’t mean that all communications that the server has ever carried out are able to be read.

这是一个想法，如果您破解了服务器现在用于通信的加密，并不意味着可以读取服务器曾经执行的所有通信。

In other words, it only allows you to see the communications that are being used now (ie with this secret key). Since each set of communications has a different secret key, you would have to crack them all separately.

换句话说，它仅允许您查看当前正在使用的通信(即使用此密钥)。由于每组通信都有不同的密钥，因此您必须分别破解它们。

This is possible if each session has a different, ephemeral key for each session. Because Diffie-Hellman always uses new random values for each session, (therefore generating new keys for each session) it is called Ephemeral Diffie Hellman (EDH or DHE). Many cipher suites use this to achieve perfect forward secrecy.

如果每个会话具有不同的临时密钥，则这是可能的。由于Diffie-Hellman始终为每个会话使用新的随机值(因此为每个会话生成新的密钥)，因此被称为临时Diffie Hellman(EDH或DHE)。许多密码套件都使用此功能来实现完美的前向保密性。

As Diffie-Hellman allows you to exchange key material in plaintext without worrying about compromising the shared secret, and the math is too complicated for an attacker to brute force, the attacker can't derive the session key (and even if they could, using different, ephemeral, keys for each session means that they could only snoop on this session - not any in the past or future).

由于Diffie-Hellman允许您以明文形式交换密钥材料而无需担心破坏共享密钥，并且数学过于复杂，以至于攻击者无法强行使用，因此攻击者无法导出会话密钥(即使他们可以使用每个会话使用不同的临时密钥意味着它们只能在此会话上监听(过去或将来不能监听任何密钥)。

Forward secrecy is enabled with any Diffie-Hellman key exchange, but only ephemeral key exchange (a different key for every session) provides perfect forward secrecy.

任何Diffie-Hellman密钥交换都可以启用前向保密性，但是只有临时密钥交换(每个会话使用不同的密钥)才能提供完美的前向保密性。

Here's a post from Scott Helme talking about this in more depth and explaining how to enable this on your servers.

这是 Scott Helme 的帖子，更深入地讨论了这一点，并说明了如何在服务器上启用它。

Diffie-Hellman的局限性是什么？ (What are Diffie-Hellman's limitations?)

The biggest limitation of D-H is that is doesn't verify identity. In other words, anyone can claim to be Alice or Bob and there is no built-in mechanism for verifying that their statement is true.

DH的最大限制是不验证身份。换句话说，任何人都可以声称自己是Alice或Bob，并且没有内置的机制来验证其陈述是否正确。

In addition, if the implementation is not carried out in a secure manner, the algorithm could be cracked with enough dedicated resources (unlikely, but possible for academic teams or nation-state actors).

另外，如果实施不是以安全的方式进行的，则该算法可能会被足够的专用资源破解(不太可能，但对于学术团队或民族国家行为者而言可能)。

For example, this could occur if the random number generator is not provided with adequate entropy to support the desired strength - in other words, because computer generated numbers are never truly random, the degree to which you've artificially injected uncertainness matters to the strength of your implementation.

例如，如果没有为随机数生成器提供足够的熵来支持所需强度，就可能发生这种情况；换句话说，由于计算机生成的数字永远不是真正随机的，因此您人工注入不确定性的程度与强度有关您的实施。

Additionally, there was an attack demonstrated in 2015 which showed that when the same prime numbers were used by many servers as the beginning of the key exchange, the overall security of Diffie-Hellman was lower than expected.

此外，2015年发生的一次攻击表明，当许多服务器在密钥交换开始时使用相同的质数时，Diffie-Hellman的总体安全性低于预期。

Essentially an attacker could simply precompute the attack against that prime, making it easier to compromise sessions for any server which has used that prime number.

本质上，攻击者可以简单地预先计算针对该素数的攻击，从而更容易破坏使用该素数的任何服务器的会话。

This occurred because millions of servers were using the same prime numbers for key exchanges. Precomputing this type of attack still requires either academic or nation-state level resources and is unlikely to impact the vast majority of people.

发生这种情况是因为数百万台服务器使用相同的素数进行密钥交换。预计算这种类型的攻击仍然需要学术或国家一级的资源，并且不太可能影响绝大多数人。

However, luckily for those who have to worry about nation-state attackers, there is a different way to achieve the DH key exchange using elliptic curve cryptography (ECDHE). This is out of the scope of this article, but if you're interested in learning more about the math behind this exchange, check out this article.

但是，幸运的是，对于那些担心民族攻击者的人来说，有另一种使用椭圆曲线密码术(ECDHE)实现DH密钥交换的方法。这超出了本文的范围，但是如果您有兴趣了解有关此交换背后的数学知识的更多信息，请查看本文。

For a more detailed look at the weaknesses of DH, check out this whitepaper and this website.

要详细了解DH的弱点，请查阅本白皮书和本网站。

RSA (RSA)

RSA is named for the creators – Rivest, Shamir, Adleman – and it is a manner of generating public and private keys.

RSA以创建者(Rivest，Shamir，Adleman)的名字命名-它是生成公钥和私钥的一种方式。

Technically there are two RSA algorithms (one used for digital signatures, and one used for asymmetric encryption.) - this article covers the asymmetric encryption algorithm.

从技术上讲，有两种RSA算法(一种用于数字签名，一种用于非对称加密。)-本文介绍了非对称加密算法。

This allows for key exchange - you first assign each party to the transaction public/private keys, then you generate a symmetric key, and finally, you use the public/private key pairs to securely communicate the shared symmetric key.

这样就可以进行密钥交换-首先将交易双方分配给交易的公钥/私钥，然后生成对称密钥，最后使用公钥/私钥对安全地通信共享的对称密钥。

Because asymmetric encryption is generally slower than symmetric encryption, and doesn't scale as well, using asymmetric encryption to securely exchange symmetric keys is very common.

由于非对称加密通常比对称加密慢，并且不能扩展，因此使用非对称加密安全地交换对称密钥非常普遍。

So, how does it work?

那么它是怎样工作的？

Pick 2 very large prime numbers (at least 512 bits, or 155 decimal digits each), x and y (these numbers need to be secret and randomly chosen)选择2个非常大的质数(至少512位，或每个155个十进制数字)，x和y(这些数字需要保密并随机选择)
Find the product, ie z = x*y查找乘积，即z = x * y
Select an odd public integer, e, between 3 and n - 1, and has no common factors (other than 1) with (x-1)(y-1) (so it is relatively prime to x - 1 and y - 1).选择一个介于3和n-1之间的奇数公共整数e，并且与(x-1)(y-1)没有公因数(除了1之外)(因此它相对于x-1和y-1而言是质数) )。
Find the least common multiple of x - 1 and y - 1, and call it L.找到x-1和y-1的最小公倍数，并将其称为L。
Calculate the private exponent, d, from x, y, and e. de = 1 % L. d is the inverse of e % L (you know that an inverse exists because e is relatively prime to z - 1 and y - 1). This system works because p = (p ^ e) ^d % z.根据x，y和e计算私有指数d。 de = 1％L。d是e％L的倒数(您知道存在倒数，因为e相对于z-1和y-1相对质数)。该系统起作用是因为p =(p ^ e)^ d％z。
Output (z, e) as the public key and (z, d) as the private key.输出(z，e)作为公钥，并输出(z，d)作为私钥。

Now, if Bob would like to send a message to Alice, he generates the ciphertext(C) from the plain text(P) using this formula:

现在，如果Bob想要向Alice发送消息，他将使用以下公式从纯文本(P)生成密文(C)：

C = P^e % z

C = P ^ e％z

In order to decrypt this message, Alice computes the following:

为了解密此消息，Alice计算以下内容：

P = C^d % z

P = C ^ d％z

The relationship between d and e ensures that encryption and decryption functions are inverses. That means that the decryption function is able to successfully recover the original message, and that it's quite hard to recover the original message without the private key (z, d) (or prime factors x and y).

d和e之间的关系确保加密和解密函数是相反的。这意味着解密功能能够成功恢复原始消息，并且如果没有私钥(z，d)(或素数x和y)很难恢复原始消息。

This also means that you can make z and e public without compromising the security of the system, making it easy to communicate with others with whom you don't already have a shared secret key.

这也意味着您可以在不损害系统安全性的情况下公开z和e，从而轻松与尚未共享密钥的其他人进行通信。

You can also use the operations in reverse to get a digital signature of the message. First, you use the decryption operation on the plaintext. For example, s = SIGNATURE(p) = p ^ d % z.

您还可以反向使用这些操作来获取消息的数字签名。首先，对明文使用解密操作。例如，s = SIGNATURE(p)= p ^ d％z。

Then, the recipient can verify the digital signature by applying the encryption function and comparing the result with the message. For example, m = VERIFY(s) = S ^ e % z.

然后，收件人可以通过应用加密功能并将结果与消息进行比较来验证数字签名。例如，m = VERIFY(s)= S ^ e％z。

Often when this is done, the plaintext is a hash of the message, meaning you can sign the message (regardless of length) with only one exponentiation.

通常，完成此操作后，纯文本就是消息的哈希，这意味着您可以只用一个幂就可以对消息签名(不考虑长度)。

The security of system is based on a few things:

系统的安全性基于以下几点：

(Fact) It's relatively easy to generate prime numbers, even large prime numbers (like x and y).(事实)生成质数，甚至大质数(如x和y)都相对容易。
(Fact) Multiplication is easy. It's very easy to find z.(事实)乘法很容易。找到z很容易。
(Assumption based on current mathematics) Factoring is hard. Given z, it's relatively hard to recover x and y. It is do-able, but it takes a while, and it is expensive.

(基于当前数学的假设)因式分解很难。给定z，恢复x和y相对困难。它是可行的，但是要花一些时间，而且价格昂贵。

(Assumption based on current mathematics) Factoring is hard. Given z, it's relatively hard to recover x and y. It is do-able, but it takes a while, and it is expensive.

(基于当前数学的假设)分解很难。给定z，恢复x和y相对困难。它是可行的，但是要花一些时间，而且价格昂贵。

(Assumption based on current mathematics) Factoring is hard. Given z, it's relatively hard to recover x and y. It is do-able, but it takes a while, and it is expensive. One estimate says that recovering the prime factors of a 1024-bit number would take a year on a machine which cost $10 million. Doubling the size would exponentially increase the amount of work needed (several billion times more work).

(基于当前数学的假设)因式分解很难。给定z，恢复x和y相对困难。它是可行的，但是要花一些时间，而且价格昂贵。一项估算表明，在一台成本为1000万美元的机器上，要恢复1024位数字的素数将需要一年。将大小加倍将成倍增加所需的工作量(工作量增加数十亿倍)。

(Assumption based on current mathematics) Factoring is hard. Given z, it's relatively hard to recover x and y. It is do-able, but it takes a while, and it is expensive. One estimate says that recovering the prime factors of a 1024-bit number would take a year on a machine which cost $10 million. Doubling the size would exponentially increase the amount of work needed (several billion times more work).

(基于当前数学的假设)因式分解很难。给定z，恢复x和y相对困难。它是可行的，但是要花一些时间，而且价格昂贵。一项估计表明，在一台成本为1000万美元的机器上，要恢复1024位数字的素数将需要一年。将大小增加一倍将成倍增加所需的工作量(工作量增加数十亿倍)。

As technology continues to advance, these costs (and the work required) will decrease, but at this point, this type of encryption, properly implemented, is an unlikely source of compromise.

随着技术的不断发展，这些成本(和所需的工作)将减少，但是在这一点上，正确实施的这种加密不太可能造成损害。

Generally the only hackers with this type of money and dedication to a single target are nation-states. Plus, if there's an easier way to compromise a system (see below), that's probably a better option.

通常，只有拥有这种金钱并致力于一个目标的黑客才是民族国家。另外，如果有一种更简单的方法来破坏系统(见下文)，那可能是一个更好的选择。

4. (Fact) Modular exponentiation is easy. In other words, it's relatively easy to compute c = p ^ e % z.

4.(事实)模块化求幂很容易。换句话说，计算c = p ^ e％z相对容易。

5. (Fact) Modular root extraction - reversing the process above - is easy if you have the prime factors (if you have z, c, e, and the prime factors x and y, it's easy to find p such that c = p ^ e % z).

5.(事实)如果有素数因子，则求模根提取-逆转上述过程很容易(如果有z，c，e以及素数因子x和y，则很容易找到p使得c = p ^ e％z)。

6. (Assumption based on current computing power and mathematics) Modular root extraction without the prime factors is very hard (if you have z, c, e, but not x and y, it's relatively hard to find p such that c = p ^ e % z, particularly if a is sufficiently large).

6.(基于当前计算能力和数学的假设)没有素因数的模块化根提取非常困难(如果您具有z，c，e，但没有x和y，则很难找到p使得c = p ^ e％z，特别是如果a足够大时)。

Want to learn more about the math from much smarter people? Check out this article.

是否想向更聪明的人学习更多数学知识？查看这篇文章。

太好了，哪个更好？ (Great, which is better?)

It depends on your use case. There are a few differences between the two algorithms - first, perfect forward secrecy (PFS), which we talked about earlier in context of Diffie-Hellman. While technically you could generate ephemeral RSA key pairs, and provide perfect forward secrecy with RSA, the computational cost is much higher than for Diffie-Hellman - meaning that Diffie-Hellman is a better choice for SSL/TLS implementations where you want perfect forward secrecy.

这取决于您的用例。两种算法之间存在一些差异-首先是完美前向保密(PFS)，我们之前在Diffie-Hellman的背景下谈到了该算法。从技术上讲，您可以生成临时RSA密钥对，并使用RSA提供完美的前向保密性，但计算成本比Diffie-Hellman高得多-这意味着Diffie-Hellman是您想要完美前向保密性的SSL / TLS实现的更好选择。

While there are some performance differences between the two algorithms (in terms of work required from the server), the performance differences generally aren't large enough to make a difference when choosing one over the other.

尽管两种算法之间存在一些性能差异(就服务器所需的工作而言)，但性能差异通常不足以在选择一个与另一个算法时产生差异。

Instead, in general, the primary consideration when determining which is better depends on which one is more supported for your use case (for example, when implementing SSL you'll want Diffie Hellman due to perfect forward secrecy) or which is more popular or accepted as the standard in the industry.

相反，通常，在确定哪个更好时，主要考虑因素取决于您的用例所支持的哪个(例如，在实施SSL时，由于完美的前向保密性，您将希望Diffie Hellman)或哪个更受欢迎或被接受作为行业标准。

For example, while Diffie-Hellman was US government approved, and supported by an institutional body, the standard wasn't released - whereas RSA (standardized by a private organization) provided a free standard, meaning that RSA became very popular among private organizations.

例如，尽管Diffie-Hellman得到美国政府的批准并得到机构的支持，但该标准并未发布-而RSA(由私人组织标准化)提供了免费标准，这意味着RSA在私人组织中非常受欢迎。

If you're interested in reading more, there's a great thread here on the differences.

如果你有兴趣，有一个很大的线程在这里上的差异。

Interested in learning how to hackers use cryptographic attacks? Try this set of challenges from Cryptopals.

有兴趣学习如何让黑客使用加密攻击吗？试试Cryptopals的这组挑战。

翻译自: https://www.freecodecamp.org/news/understanding-encryption-algorithms/

sm2加密算法实例