加密
加密解密相关常用概念 :
- Plain Text : 明文,可以被人类或者激情理解的内容
- Ciphertext : 密文,加密后的内容,一般不能直接被人类或者机器所理解,需要解密
- Encryption : 将
Plain Text
转换为Ciphertext
的过程,通常使用一种加密算法(Encrypt Algorithm) - Decryption : 解密,将
Ciphertext
转换为Plain Text
的过程,通常使用和加密算法(Encrypt Algorithm)相对应的解密算法(Decrypt Algorithms) - Cipher : 加密和解密过程中算法使用的密码。
- Block Cipher : 在对数据进行加密之前,需要首先将其分割成块(Block)
- Stream Cipher : 加密过程中无需将其分割成块(Block)
- Key : 通常值密钥对(公钥/私钥)
以下是一些较为经典的加密算法
Algorithm | Description | |
---|---|---|
AES Advanced Encryption Standard, also called Rijndael |
- Symmetric Cryptography - Block Cipher 。encrypting data in 128- , 192- , 256- , 512- bit, blocks using a 128- , 192- , 256 , or 512 -bit key |
|
Blowfish |
- Symmetric Cryptography - Block Cipher 。encrypting data in 64-bit blocks using the same 32-bit to 448-bit keys for encrypting/decrypting. |
|
CAST5 |
- Symmetric Cryptography - Block Cipher 。 encrypting data in 64-bit blocks using the same up to 128-bit key for encrypting/decrypting. |
|
DES Data Encryption Standard |
已经被认为是不安全的 - Symmetric Cryptography - Block Cipher 。encrypting data in 64-bit blocks using the same 56-bit key for encrypting/decrypting. |
|
3DES |
增强的 DES 加密算法 - Symmetric Cryptography Data is encrypted up to 48 times with three different 56-bit keys before the encryption process is completed. |
|
IDEA |
- Symmetric Cryptography - Block Cipher 。 encrypting data in 64-bit blocks using the same 128-bit key for encrypting/decrypting |
|
RC5 |
- Symmetric Cryptography - Block Cipher 。 encrypting data in 32- , 64-``, or 128- bit blocks ,using the same up to 2,048-bit keys for encrypting/decrypting |
|
RC6 |
- Symmetric Cryptography Same as RC5, but slightly faster |
|
EI Gamal |
- Asymmetric Cryptography Uses two keys derived from a logarithm algorithm |
|
Elliptic Curve Cryptosystems |
- Asymmetric Cryptography Uses two keys derived from an algorithm containing two randomly chosen points on an elliptic curve. |
|
RC4 also called ArcFour or ARC4 |
- Stream Cipher encrypting data in 64-bit blocks using a variable key size for encrypting/decrypting. |
|
RSA |
最流行的非对称加密算法,使用 Public/Private Key 进行加解密- Asymmetric Cryptography |
Symmetric Cryptography
Symmetric Cryptography : 对称加密,也叫 密码加密(Secret Key) 或者 私钥加密(Private Key) ,它使用一个 密码(Key) 对 Plain Text 进行加密(Encrypt),在解密时需要使用同样的 密码(Key) 对 Ciphertext 进行解密,它的优势是 加解密速度快(性能优势),缺点是 密码(Key)要在加密和解密时共享,容易泄漏
Linux 上流行的 Symmetric Cryptography 工具是 OpenPGP,由包 gnupg2
提供了命令 gpg2
(GNU Privacy Guard)。RHEL 系列一般默认安装了 gnupg2
,Ubuntu 可以使用命令 apt install gnupg2
进行安装
以下示例使用 gpg2
对文件进行加密:
tar -cvzf /tmp/backup.tar.gz /etc |
以下示例对文件进行解密:
gpg2 -d --force-mdc /tmp/backup.tar.gz.gpg > /tmp/backup.tar.gz |
Asymmetric Cryptography
Asymmetric Cryptography 也称作 Private/public Key Cryptography
,它使用一对密钥(Key Pair),由 Public Key
和 Private Key
组成,其中 Public Key
是可以公开的,而 Private Key
必须私密保存(不公开)
Private/public Key Cryptography
有以下特性:
- 通常情况下,
Public Key
用来对数据进行加密,Private Key
用来对数据解密 Public Key
加密的数据,只有对应Key Pair
中的Private Key
才能解密- 高度安全
- 相对于 Symmetric Cryptography ,性能上较差,且公私钥管理较为复杂
Linux 中,gpg2
工具也可以生成和管理 Private/public Key Pair