What Is Key Management?

Keys, or keys, generally refer to various encryption technologies used in production and life, which can effectively supervise personal data and corporate secrets. Key management refers to the management of keys, such as encryption, Decrypt, crack and more.

Chinese name: Key management
Foreign name: Key Management

Process: 8 steps
Design Principles: 5

Key management performance

Key management includes everything from key generation to key destruction. Mainly manifested in the production of management systems, management protocols and keys

Key management Production, distribution, replacement and injection. For military computer network systems, due to the strong user mobility, complex affiliation relationships, and coordinated operations and command methods, higher requirements are placed on key management.

Key management process

Key management key generation

The key length should be long enough. In general, the larger the key length, the larger the corresponding key space, and the more difficult it is for an attacker to guess the password with exhaustion.

Choose good keys and avoid weak keys. The random bit string generated by the automatic processing device is a good key. When choosing a key, you should avoid choosing a weak key.

For public-key cryptosystems, key generation is more difficult because the keys must meet certain mathematical characteristics.

Key generation can be achieved through online or offline interactive negotiation methods, such as cryptographic protocols.

Key management key distribution

Adopting a symmetric encryption algorithm for confidential communication requires sharing the same key. Usually a member of the system first selects a secret key and then transmits it to another member or other members. The X9.17 standard describes two keys: key encryption keys and data keys. Key encryption keys encrypt other keys that need to be distributed; data keys only encrypt the information stream. Key encryption keys are typically distributed manually. To enhance confidentiality, the key can also be divided into many different parts and then sent out on different channels.

Key Management Verification Key

The key is attached with some error detection and correction bits for transmission. When an error occurs in the key during transmission, it can be easily checked, and the key can be retransmitted if necessary.

The receiving end can also verify that the received key is correct. The sender encrypts a constant with the key, and then sends the first 2-4 bytes of the ciphertext with the key. On the receiving end, do the same. If the decrypted constant on the receiving end matches the constant on the sending end, the transmission is error-free.

Key Management Update Key

When the keys need to be changed frequently, it is really difficult to frequently distribute new keys. An easier solution is to generate new keys from the old keys, which is sometimes called key update. The key can be updated using a one-way function. If both parties share the same key and operate with the same one-way function, they will get the same result.

Key management key storage

Keys can be stored in the brain, magnetic stripe cards, and smart cards. You can also divide the key into two parts, half of which is stored in the terminal and half into the ROM key. A method similar to the key encryption key can also be used to encrypt and store difficult-to-remember keys.

Key management backup key

The backup of the key can adopt key escrow, secret division, secret sharing, etc.

The easiest way is to use a key escrow center. Key escrow requires all users to give their keys to a key escrow center, who backs up the keys (such as locked in a safe somewhere or encrypted with a master key), Once the user's key is lost (such as the user has forgotten the key or the user died unexpectedly), according to certain rules and regulations, the user's key can be obtained from the key escrow center. Another backup scheme is escrow with a smart card as a temporary key. For example, if Alice stores the key in the smart card, she will give it to Bob when Alice is away. Bob can use the card to perform Alice's work. When Alice returns, Bob returns the card. Because the key is stored in the card, Bob Don't know what the key is.

Secret division divides the secret into many pieces, each piece does not represent anything, but put these pieces together, the secret will be reproduced.

A better approach is to use a secret sharing protocol. The key K is divided into n blocks, and each part is called its "shadow". Knowing any m or more blocks can calculate the key K, and knowing any m-1 or less blocks cannot be calculated. Key K, this is called (m, n) threshold (threshold) scheme. At present, many secret sharing schemes have been proposed based on Lagrange's interpolation polynomial method, projective geometry, linear algebra, and Sun Tzu's theorem.

The Lagrange interpolation polynomial scheme is an easy-to-understand secret sharing (m, n) threshold scheme.

Secret sharing solves two problems: first, if the key is accidentally or intentionally exposed, the entire system is vulnerable; and second, if the key is lost or damaged, all the information in the system becomes unusable.

Key Management Key Validity Period

The encryption key cannot be used indefinitely for several reasons: the longer the key is used, the greater the chance of it being leaked; if the key has been leaked, the longer the key is used, the greater the loss; The longer it takes, the more tempting it is to dedicate effort to deciphering iteven with exhaustive attacks; cryptanalysis of multiple ciphertexts encrypted with the same key is generally easier.

Different keys should have different validity periods.

The validity period of a data key mainly depends on the value of the data and the amount of encrypted data in a given time. The greater the value and data transfer rate, the more frequently the key used is changed.

Key encryption keys do not need to be changed frequently because they are used only occasionally as a key exchange. In some applications, the key encryption key is changed only once a month or a year.

The encryption key used to encrypt the saved data file cannot be changed frequently. Usually, each file is encrypted with a unique key, and then all keys are encrypted with a key encryption key. The key encryption key is either memorized or stored in a secure place. Of course, losing this key means losing all file encryption keys.

The validity period of a private key in a public key cryptographic application varies from application to application. The private key used for digital signatures and identification must last for years (or even lifetime), and the private key used for the coin flip protocol should be destroyed immediately after the agreement is completed. Even if the security of the key is expected to last a lifetime, it is necessary to consider changing the key every two years. The old key still needs to be kept secret in case the user needs to verify the previous signature. But the new key will be used as a new file signature to reduce the number of signed files that a cryptanalyst can attack.

Key management

If the key must be replaced, the old key must be destroyed and the key must be physically destroyed.

Key Management System

Public key ciphers make keys easier to manage. No matter how many people are on the network, each person has only one public key.

Using a public / private key pair is not enough. Any good public key cipher implementation needs to separate the encryption key from the digital signature key. But a single pair of encryption and signing keys is not enough. Like ID cards, private keys prove a relationship, and people have more than one relationship. For example, Alice can sign a document in a private name, the company's vice president, and so on.

In the joint pilot of financial IC cards of various commercial banks, the security control and management of keys by banks at all levels is the key to application system security.

"RT-KMS Key Management System" complies with "China Financial Integrated Circuit (IC) Card Specification (v 1.0)" and "Bank IC Card Joint Pilot Technical Solution" to facilitate member banks' independence

Issue cards, share card readers, and complete inter-bank transactions.

Key management security mechanism

In the national bank IC card joint pilot, banks at all levels used key management systems to implement secure key management. The key management system uses the 3DES encryption algorithm and uses the Chinese people

The three-level management system of the head office of the bank, the regional branch of the People's Bank of China (the head office of a commercial bank), and member banks can securely share the public master key to realize card interoperability and equipment sharing.

The entire security architecture mainly includes three types of keys: the national general head office consumer / cash-out master key GMPK, the card-issuing bank's consumption / cash-out master key MPK, and other

Master key. Depending on the purpose of the key, the system uses different processing strategies.

Key Management Design Principles

(1) All keys are loaded and imported in cipher text.

(2) The key is subject to strict authority control. Different institutions or personnel have different authority for different key read, write, update, and use operations.

(3) In order to ensure the security of key usage and consider the actual use needs, the system can generate multiple sets of master keys. If one of the keys is leaked or attacked, the application system can immediately stop using the set of keys. And enable the backup key, so as to avoid the waste of existing investment and equipment as much as possible, and reduce the risk of system use.

(4) Users can choose different combinations and configurations of the key management subsystem according to the needs of actual use.

(5) Key services, storage and backup are in the form of key cards or encryption machines.

Key management technology

Key Management Technology Classification

1. Symmetric key management. Symmetric encryption is based on a shared secret. The two parties using symmetric encryption technology must ensure that they use the same key, ensure that the key exchange between each other is safe and reliable, and set up procedures to prevent key leakage and change the key. In this way, the management and distribution of symmetric keys will become a potentially dangerous and tedious process. The realization of symmetric key management through public key encryption technology makes the corresponding management simpler and more secure. At the same time, it also solves the reliability and authentication problems in the pure symmetric key mode. The trading party can generate a unique symmetric key for each exchanged information (such as each EDI exchange) and encrypt the key with the public key, and then encrypt the encrypted key and use the key The information (such as EDI exchange) is sent to the corresponding trading party. Because a unique key is generated for each information exchange, trading parties no longer need to maintain the key and worry about the key being leaked or expired. Another advantage of this method is that even if a key is leaked, it will only affect one transaction, and will not affect all the trading relationships between the trading parties. This approach also provides a secure way to publish symmetric keys between trading partners.

2. Public key management / digital certificate. Digital certificates (public key certificates) can be used by trading partners to exchange public keys. The International Telecommunication Union (ITU) standard X.509 defines digital certificates. This standard is equivalent to the ISO / IEC 9594-8: 195 standard jointly issued by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Digital certificates usually include the name that uniquely identifies the certificate owner (that is, the trading party), the name that uniquely identifies the certificate issuer, the public key of the certificate owner, the digital signature of the certificate issuer, the validity period of the certificate, and the serial number of the certificate, etc. . A certificate issuer is commonly referred to as a certificate authority (CA), and it is an organization trusted by all parties in trade. Digital certificates can play the role of identifying trading parties, and it is one of the technologies widely used in e-commerce.

3. Standards and specifications related to key management. At present, the relevant international standardization organizations have begun to develop technical standards and specifications on key management. ISO and IEC's Information Technology Committee (JTC1) has drafted international standard specifications for key management. The specification consists of three parts: first, the key management framework; second, the mechanism using symmetric technology; and third, the mechanism using asymmetric technology. The specification has now entered the voting stage of the draft international standard and will soon become a formal international standard.

digital signature

Digital signatures are another type of application of public-key cryptography. Its main method is: The sender of the message generates a 128-bit hash value (or message digest) from the message text. The sender uses his own private key to encrypt this hash value to form the sender's digital signature. This digital signature is then sent to the recipient of the message as an attachment to the message along with the message. The receiver of the message first calculates a 128-bit hash value (or message digest) from the received original message, and then uses the sender's public key to decrypt the digital signature attached to the message. If the two hash values are the same, the receiver can confirm that the digital signature is from the sender. Digital signature can realize the authentication and non-repudiation of the original message.

ISO / IEC JTC1 is already drafting relevant international standards and specifications. The preliminary title of the standard is "Digital Signature Scheme with Information Technology Security Technology with Attachments", which consists of two parts, an overview and an identity-based mechanism.

Key management encryption algorithm

Introduction to cryptography According to records, in 400 BC, the ancient Greeks invented the replacement code. In 1881, the world's first telephone privacy patent appeared. During the Second World War, the German military enabled the "Enigma" cryptographic machine. Cryptography played a very important role in the war.

With the development of the information and digital society, people's awareness of the importance of information security and confidentiality has continued to increase. Therefore, in 1997, the US National Bureau of Standards announced the implementation of the "American Data Encryption Standard (DES)." In the research and application of cryptography, the encryption algorithms used are DES, RSA, SHA, etc. With the increasing demand for encryption strength, AES, ECC, etc. have recently appeared.

The use of cryptography can achieve the following purposes:

Confidentiality: Prevent user's identity or data from being read.

Data integrity: Prevents data from being changed.

Authentication: Ensure that data is sent from a specific party.

2. Introduction to Encryption Algorithms According to different key types, modern cryptographic technologies are divided into two categories: symmetric encryption algorithms (secret key encryption) and asymmetric encryption algorithms (public key encryption).

The symmetric key encryption system uses the same secret key for both encryption and decryption, and both parties must obtain the key and keep the key secret.

Asymmetric key encryption systems use different encryption keys (public keys) and decryption keys (private keys).

Key management symmetric encryption algorithm

In the symmetric encryption algorithm, only one key is used to encrypt and decrypt information, that is, the same key is used for encryption and decryption. Commonly used algorithms include: DES (Data Encryption Standard): a data encryption standard that is fast and suitable for the occasion of encrypting a large amount of data.

3DES (Triple DES): It is based on DES and encrypts a piece of data three times with three different keys, which has higher strength.

AES (Advanced Encryption Standard): Advanced Encryption Standard, a next-generation encryption algorithm standard with fast speed and high security level;

In October 2000, NIST (National Institute of Standards and Technology) announced the adoption of a new key encryption standard selected from 15 candidate algorithms. Rijndael was selected as the future AES. Rijndael was created in the second half of 1999 by researchers Joan Daemen and Vincent Rijmen. AES is increasingly becoming the de facto standard for encrypting all forms of electronic data.

The National Institute of Standards and Technology (NIST) established a new Advanced Encryption Standard (AES) specification on May 26, 2002.

Algorithm principle The AES algorithm is based on permutation and permutation operations. Permutation is the rearrangement of data, and replacement is the replacement of one unit of data with another. AES uses several different methods to perform permutations and permutations.

AES is an iterative, symmetric-key block cipher that can use 128, 192, and 256-bit keys, and encrypt and decrypt data in 128-bit (16-byte) blocks. Unlike public key cryptography, which uses key pairs, symmetric key cryptography uses the same key to encrypt and decrypt data. The number of digits of the encrypted data returned by the block cipher is the same as the input data. Iterative encryption uses a loop structure in which input data is repeatedly permuted and replaced.

Comparison of AES and 3DES

Algorithm name	Algorithm type	Key length	speed	Decryption time (construction machine tries 255 keys per second)	LF
AES	Symmetric block cipher	128, 192, 256-bit	high	149 trillion years	low
3DES	Symmetric feistel password	112 or 168	low	4.6 billion years	in

Key Management Asymmetric Algorithm

The common asymmetric encryption algorithms are as follows:

RSA: Invented by RSA, it is a public key algorithm that supports variable-length keys. The length of the file blocks that need to be encrypted is also variable.

DSA (Digital Signature Algorithm): Digital signature algorithm is a standard DSS (Digital Signature Standard);

ECC (Elliptic Curves Cryptography): Elliptic Curve Cryptography.

In 1976, because symmetric encryption algorithms could not meet the needs, Diffie and Hellman published an article called "New Trends in Cryptography", which introduced the concept of public key encryption, and the RSA algorithm was proposed by Rivet, Shamir, and Adelman.

With the progress and improvement of the method of decomposing large integers, the increase in computer speed, and the development of computer networks, in order to ensure the security of data, the RSA key needs to be continuously increased. However, the increase in key length has resulted in a large speed of encryption and decryption. In order to reduce, the hardware implementation becomes more and more unbearable, which brings a heavy burden on the application using RSA, so a new algorithm is needed to replace RSA.

In 1985, N. Koblitz and Miller proposed the use of elliptic curves for cryptographic algorithms, based on the discrete logarithm problem ECDLP in point groups on elliptic curves over finite fields. ECDLP is a harder problem than factorization, it is exponentially difficult.

Principle-The problem of elliptic curve The discrete logarithm problem on the elliptic curve ECDLP is defined as follows: Given a prime number p and an elliptic curve E, for Q = kP, find the positive integer k less than p if P and Q are known . It can be proved that it is easier to calculate Q from k and P, but it is more difficult to calculate k from Q and P.

Corresponding to the addition operation in the elliptic curve and the modular multiplication operation in the discrete logarithm, and the multiplication operation in the elliptic curve and the modular power operation in the discrete logarithm, we can establish a corresponding cryptosystem based on the elliptic curve. .

For example, corresponding to the Diffie-Hellman public key system, we can implement it on the elliptic curve as follows: Select the generator P on E, which requires that the group elements generated by P are enough, and the communicating parties A and B select a and b, respectively. A and b are kept confidential, but aP and bP are made public, and the key used for communication between A and B is abP, which is not known to a third party.

The corresponding ELGamal cryptosystem can be implemented on the elliptic curve in the following way:

Embed the plaintext m on the Pm point on E, choose a point B E, and each user chooses an integer a, 0 <a <N, where N is a known order, a is confidential, and aB is public. To send m to A, send the following pair of numbers: [kB, Pm + k (aAB)], where k is a randomly generated integer. A can find k (aAB) from kB. Pm + k (aAB) -k (aAB) = Pm is used to recover Pm. Also corresponding to DSA, consider the following equation:

K = kG [where K and G are points on Ep (a, b) and k is an integer less than n (n is the order of point G)]

It is not difficult to find that given k and G, it is easy to calculate K according to the addition rule; but given K and G, it is relatively difficult to find k.

This is the difficult problem for the elliptic curve encryption algorithm. We refer to point G as the base point, k (k <n, n is the order of base point G) as the private key, and K as the public key.

Comparison of ECC and RSA Compared with ECC and RSA, they have absolute advantages in many aspects, mainly reflected in the following aspects:

Strong resistance to attack. The same key length is many times more resistant to attack.

The calculation amount is small and the processing speed is fast. The overall speed of ECC is much faster than RSA and DSA.

Small storage space. The key size and system parameters of ECC are much smaller than those of RSA and DSA, which means that it takes up much less storage space. This is of special significance for the application of encryption algorithms on IC cards.

Low bandwidth requirements. When encrypting and decrypting long messages, the three types of cryptosystems have the same bandwidth requirements, but the ECC bandwidth requirements are much lower when applied to short messages. The low bandwidth requirement makes ECC have a wide application prospect in the field of wireless networks.

These characteristics of ECC make it bound to replace RSA as a universal public key encryption algorithm. For example, the makers of the SET protocol have adopted it as the default public key cryptographic algorithm in the next-generation SET protocol.

The following two shows a comparison of the security and speed of RSA and ECC.

Breakthrough time (MIPS years)	RSA / DSA (key length)	ECC key length	RSA / ECC key length ratio
10	512	106	5: 1
10	768	132	6: 1
10	1024	160	7: 1
10	2048	210	10: 1
10	21000	600	35: 1

Comparison of RSA and ECC security modules

Features	Security Builder 1.2	BSAFE 3.0
163-bit ECC (ms)	1,023 bits RSA (ms)
Key pair generation	3.8	4,708.3
signature	2.1 (ECNRA)	228.4
3.0 (ECDSA)
Certification	9.9 (ECNRA)	12.7
10.7 (ECDSA)
DiffieHellman key exchange	7.3	1,654.0

RSA and ECC speed comparison

Key management hash algorithm

A hash algorithm is also called a hash algorithm. In English, it is Hash, which is to transform an input of any length (also called pre-image) into a fixed-length output through a hash algorithm, and the output is a hash value. This conversion is a compression map, that is, the space of the hash value is usually much smaller than the space of the input. Different inputs may be hashed into the same output, and it is not possible to uniquely determine the input value from the hash value. Simply put, it is a function that compresses messages of any length to a fixed-length message digest.

HASH is mainly used for encryption algorithms in the field of information security. It converts information of different lengths into messy 128-bit codes. These codes are called HASH values. It can also be said that hash is to find a data content and data storage address. The mapping between the hash is a refinement of the information, usually its length is much smaller than the information, and is a fixed length. A cryptographic hash must be irreversible, which means that through the hash result, no part of the original information can be deduced. Any change in the input information, even just one bit, will cause a significant change in the hash result, which is called the avalanche effect. Hashing should also be anti-collision, meaning that two pieces of information with the same hash result cannot be found. Hash results with these characteristics can be used to verify whether the information has been modified.

One-way hash functions are generally used to generate message digests, key encryption, etc. The common ones are:

MD5 (Message Digest Algorithm 5): It is a one-way hash algorithm developed by RSA Data Security.

SHA (Secure Hash Algorithm): can operate on data of any length to generate a 160-bit value;

In 1993, the Secure Hash Algorithm (SHA) was proposed by the National Institute of Standards and Technology (NIST) and published as the Federal Information Processing Standard (FIPS PUB 180). In 1995, a revised version of FIPS PUB 180-1 was released. It is usually called SHA-1. SHA-1 is based on the MD4 algorithm, and its design largely mimics MD4. It is now recognized as one of the most secure hashing algorithms and is widely used.

Principle SHA-1 is a data encryption algorithm. The idea of the algorithm is to receive a piece of plain text and then convert it into a (usually smaller) cipher text in an irreversible way. It can also be simply understood as taking a string of input. Codes (called pre-mapping or messages) and transforming them into a shorter, fixed-bit output sequence, a hash value (also known as a message digest or message authentication code).

The security of a one-way hash function is that its operation process of generating a hash value is highly one-way. If a password is embedded in the input sequence, no one can produce the correct hash value without knowing the password, thus ensuring its security. The SHA divides the input stream into 512 bits (64 bytes) per block, and produces 20 bytes of output called an information authentication code or a message digest.

The maximum length of the input message of this algorithm does not exceed 264 bits, and the output produced is a 160-bit message digest. The input is processed in 512-bit packets. SHA-1 is irreversible, anti-collision, and has a good avalanche effect.

A digital signature can be realized through a hash algorithm. The principle of digital signature is to convert the plain text to be transmitted into a message digest (a different plain text corresponds to a different message digest) through a function operation (Hash). The plaintext is transmitted to the receiver together. The receiver compares the new plaintext generated by the accepted plaintext with the decryption of the message digest sent by the sender. The comparison result indicates that the plaintext has not been changed.

The MAC (Information Authentication Code) is a hash result. Part of the input information is a password. Only participants who know the password can calculate and verify the validity of the MAC code again. See below for MAC generation.

Enter information

password

Hash function

Information authentication code

Comparison of SHA-1 and MD5 Because both are derived from MD4, SHA-1 and MD5 are very similar to each other. Correspondingly, their strength and other characteristics are similar, but there are other differences:

Security for forced provisioning: The most significant and important difference is that the SHA-1 digest is 32 bits longer than the MD5 digest. Using forcible techniques, the difficulty of generating any message with its digest equal to a given digest is a 2 order of magnitude operation for MD5 and a 2 order of magnitude operation for SHA-1. In this way, SHA-1 has greater strength against brute force attacks.

Security of cryptanalysis: Due to the design of MD5, which is vulnerable to cryptanalysis attacks, SHA-1 does not appear to be vulnerable to such attacks.

Speed: On the same hardware, SHA-1 runs slower than MD5.

Key management comparison

Comparison of symmetric and asymmetric algorithms

The above summarizes the principles of the two encryption methods. In general, there are the following differences:

I. In terms of management: The public key cryptographic algorithm requires fewer resources to achieve its purpose. In terms of key distribution, the difference between the two is an exponential level (one is n and one is n). So the private key cryptographic algorithm is not suitable for wide area network use, and more importantly, it does not support digital signatures.

Second, in terms of security: Because public-key cryptography is based on unsolved mathematical problems, it is almost impossible to crack. As for the private key cryptographic algorithm, although AES is theoretically impossible to crack, from the perspective of computer development. Public keys are even more superior.

Third, from the perspective of speed: AES software implementation speed has reached megabits per second or dozens of megabits. It is 100 times the public key. If it is implemented in hardware, this ratio will be expanded to 1000 times.

Selection of Encryption Algorithm The previous chapters have introduced symmetric decryption algorithms and asymmetric encryption algorithms, and many people are wondering: So which one should we use in the process of actual use?

We should determine according to the characteristics of our use. Because the operation speed of asymmetric encryption algorithm is much slower than that of symmetric encryption algorithm, when we need to encrypt a large amount of data, we recommend using symmetric encryption algorithm to increase the speed of encryption and decryption.

Symmetric encryption algorithms cannot implement signatures, so signatures can only be asymmetric algorithms.

Because the key management of the symmetric encryption algorithm is a complicated process, the management of the key directly determines his security, so when the amount of data is small, we can consider using an asymmetric encryption algorithm.

In the actual operation process, we usually adopt the following method: use asymmetric encryption algorithm to manage the key of the symmetric algorithm, and then use the symmetric encryption algorithm to encrypt the data. In this way, we have integrated the advantages of the two types of encryption algorithms to achieve encryption. The advantage of fast speed, but also the advantages of secure and convenient management of keys.

If the encryption algorithm is selected, how many digits are used for the key? Generally speaking, the longer the key, the slower the operation speed. It should be selected according to the security level we actually need. In general, RSA recommends using 1024-bit numbers, ECC recommends using 160-bits, and AES uses 128 as Just fine.

The application of cryptography in modern times, with the popularization of the commercial application of cryptography, public key cryptography has received unprecedented attention. In addition to the traditional password application system, the PKI system is mainly based on public key cryptography and provides functions such as encryption, signature, authentication, key management, and distribution.

Confidential communication: Confidential communication is the cause of cryptography. When using public-private key cryptosystems for confidential communications, the recipient of the information can only decrypt the information if they know the corresponding key.

Digital signature: Digital signature technology can replace traditional handwritten signatures, and from a security perspective, digital signatures have good anti-forgery features. It has a wide application environment in government agencies, military fields, and commercial fields.

Secret sharing: Secret sharing technology refers to the use of cryptography to split a secret message into n pieces of information called sharing factors, and distribute them to n members. Only k (kn) legitimate members can recover the sharing factor. Secret information, none of which or m (mk) members cooperate to know the secret information. The use of secret sharing technology can control any secret information, command, etc. that requires the joint control of multiple people.

Authentication function: Transmission of sensitive information on the open channel, signature technology is used to verify the authenticity and integrity of the message, and the identity of the communication subject is verified by verifying the public key certificate.

Key management: The key is a more fragile and important link in the confidential system. The public key cryptosystem is a powerful tool to solve the key management work. The public key cryptosystem is used for key negotiation and generation. Share secret information; use public key cryptography for key distribution, protection, key escrow, key recovery, etc.

Based on the public key cryptosystem, in addition to the above general functions, the following systems can be designed and implemented: secure e-commerce systems, electronic cash systems, electronic election systems, electronic bidding systems, electronic lottery systems, etc.

The emergence of public key cryptosystems is the basis for the transition of cryptography from traditional government, military and other application areas to commercial and civilian use. At the same time, the development of the Internet and e-commerce has opened up a broader prospect for the development of cryptography.

The future of encryption algorithms With the improvement of computing methods, the speed of computer operation, and the development of the network, more and more algorithms are cracked.

At the Crypto'2004 International Conference on Crypto'2004, Professor Wang Xiaoyun from Shandong University in China deciphered the MD5, HAVAL-128, MD4, and RIPEMD algorithm reports, which shocked the world's top cryptographic experts. This means that these algorithms will be eliminated from the application. Subsequently, SHA-1 was also declared cracked.

There are three attack experiments that have an impact on DES in history. In 1997, the DES key was cracked in 96 days using 70,000 computers from various countries at that time. In 1998, the Electronic Frontier Foundation (EFF) used a special computer manufactured by the US $ 250,000 to crack the DES key in 56 hours. In 1999, EFF completed the cracking in 22 hours and 15 minutes. therefore. DES, which once had outstanding contributions, cannot meet our growing needs.

Recently, a group of researchers successfully broke a 512-bit integer factor and announced the RSA crack.

We say that the security of data is relative. It can be said that it is safe under certain conditions for a certain period of time. With the development of hardware and networks, or the emergence of another Wang Xiaoyun, the current common encryption algorithms may be encrypted in a short time Cracking. At that time, we had to use longer keys or more advanced algorithms to ensure the security of the data. Therefore, the encryption algorithm still needs to be continuously developed and improved to provide higher encryption security strength and operation speed.

Looking at these two algorithms, one goes from DES to 3DES to AES, and one goes from RSA to ECC. Its development angle is not only from the aspects of the simplicity of the key, the low cost, the simplicity of management, the complexity of the algorithm, the security of confidentiality, and the speed of calculation. Therefore, the development of future algorithms must also be based on these perspectives. In practice, these two algorithms are often combined. It is also necessary that a new type of algorithm that combines the advantages of the two algorithms in the future will appear. By that time, the realization of e-commerce will certainly be faster and more secure.