if Party A has a certificate and a public key and a private key, and if it is necessary to encrypt communication with Party B, the public key should be transmitted to Party B. what is puzzling is that if the public key is solved in the process of transmitting the public key to Party B, will it not be possible to use the public key to decrypt all the information sent by Party A to Party B?
the public key can be made public. The function of the public key is to encrypt the data. The encrypted data can only be decrypted with the corresponding private key, and the public key is not responsible for decryption.
in asymmetric encryption, the public key is used for encryption and the private key is used for decryption.
the so-called asymmetric encryption means that Party A receives the ciphertext encrypted by the public key and decrypts it with the private key. Party B encryption and Party A decryption are not the same key, so it is called asymmetric encryption.
generally speaking, the data sent by Party B to Party An is secure. Usually, the data sent by Party A to Party B is not sensitive, unless the business requires extremely high security, which will require the client to have a certificate. For example, online banking business sometimes requires a certificate to be installed on the computer.
take https as an example (there may be some deviation in the details described). B authenticates A with a certificate, and then the two parties need to negotiate a symmetric encryption key for subsequent data transmission, and this key is generated by B. after encryption with A's public key, it is transmitted from B to A
, that is, if A has a certificate public and private key, some private information needs to be transmitted to B. The key generated by B is required to encrypt
I don't remember the details clearly. You can look for the relevant process of https encryption. In a common process, it should be useful to use a mixture of symmetric and asymmetric encryption to solve
.decide the security of network transmission.
for example, the certificate you just mentioned, it is the digital signature of some identity information of the website + the public key of the website by the certification authority.
after the client gets the certificate sent with https, it will use the public key of the issuing authority to decode the certificate and obtain the identity information of the website, so as to determine whether the website is its own
.the website you want to visit.
after identity confirmation, use the public key of the website to encrypt a random string and return it to the server, which uses its own private key to decrypt the random string. Subsequent
data information is encrypted through this random string fetch.
I remember that https seems to have an implementation of this process (I simplified it a lot, of course).
Party An and Party B are similar to the server and client of https.
the server exposes the certificate, so the client can obtain it; the certificate of the server solves the problem that the client trusts the server.
if you need the server to trust the client, you need the client to have a corresponding certificate
take RSA as an example. Even if you intercept a 2048-bit RSA with a public key, how long will it be decomposed? Only the RSA private key can decrypt the RSA public key. So even if you receive the public key on the Internet, you don't have the time and energy to decrypt it. It can be easily decrypted unless the private key is obtained.
the public key is the lock, and the private key is the key (the only one). What's the use if someone steals the lock without a key?
the public key cannot decrypt data, but it can be encrypted. Decryption requires a private key. Even if you know the encryption algorithm, you cannot decrypt it through the public key. This is asymmetric encryption.
Why can't the public key be decrypted? Take the rsa encryption algorithm as an example. To put it simply, you can't get the divisor based on the remainder and divisor. This divisor is the original text, the divisor is the public key, and the ciphertext is the remainder. On the other hand, the private key and the public key are obtained by the formula of two primes. Because of such a connection, the private key can deduce the original text from the remainder, which is also the remainder of a series of formulas. Ras's asymmetric encryption is based on such a "magical" algorithm. For specific examples of the algorithm, please see this blog
in a word, it is impossible to crack data without a private key. You can take a look (figure http) in this book which introduces the security knowledge of https,SSL, certificate in detail
.