Generating principle of Ethereum public key and private key
Publish: 2021-04-19 12:11:43
1.
How are bitcoin addresses and private keys generated? Bitcoin uses elliptic curve algorithm to generate public key and private key, and chooses secp256k1 curve. The generated public key is a 33 byte large number, and the private key is a 32 byte large number. The wallet file wallet.dat directly stores the public key and private key. The bitcoin address we use when receiving and sending bitcoin is obtained after the public key is processed by the algorithm. The specific process is that the public key is first processed by SHA-256 algorithm to get 32 byte hash result, then processed by ripemed algorithm to get 20 byte summary result, and then the address we see is obtained through the character conversion process. This character conversion process is the same as that of the private key. The steps are as follows: first, add the version number to the input content (the summary result of 20 bytes for the public key and the large number of 32 bytes for the private key). After two successive SHA-256 algorithms, take the first 4 bytes of the hash result of the last time as the check code and attach it to the back of the input content, and then encode it with base58, Get the string{ RRRRR}
2. Asymmetric encryption algorithm uses two completely different but matching keys public key and private key. When asymmetric encryption algorithm is used to encrypt files, only a pair of matching public key and private key can complete the process of plaintext encryption and decryption. Public key encryption is used to encrypt plaintext, and private key is used to decrypt ciphertext. The sender (encryptor) knows the receiver's public key, and only the receiver (decryptor) knows his private key. The basic principle of asymmetric encryption algorithm is that if the sender wants to send the encrypted information that only the receiver can read, the sender must first know the public key of the receiver, and then use the public key of the receiver to encrypt the original text; After receiving the encrypted ciphertext, the receiver can decrypt the ciphertext with his private key. Obviously, using asymmetric encryption algorithm, before the sender and the receiver communicate, the receiver must send the public key that has been randomly generated to the sender, and keep the private key
in short, public key encryption and private key decryption
in short, public key encryption and private key decryption
3. DES is symmetric encryption. There is only one key
4. Use OpenSSL, which comes with Linux. Common commands are as follows: - generate RSA private key (traditional format) OpenSSL genrsa - out RSA_ private_ Key.pem 1024 -- convert the traditional private key format to OpenSSL pkcs8 - topk8 - Information PEM - in RSA in PKCs × 8 format_ private_ Key. PEM - outform PEM - nocrypt -- generate RSA public key OpenSSL RSA - in RSA_ private_ key.pem -pubout -out rsa_ public_ key.pem
5. The public key and private key generated by asymmetric encryption algorithm are based on mathematical problems< For example, RSA: according to number theory, it is easy to find two large prime numbers, but it is very difficult to decompose their procts
SM2: ECDLP based on elliptic curve discrete logarithm problem. That is, consider the equation q = KP, where Q and P belong to EP (a, b), K & lt; p. Then: 1) P = "given Q and P, it is difficult to calculate K
for communication parties A and B, there are public key and private key of a and public key and private key of B. The public key is to tell you that the private key is reserved
the scenarios of using public and private keys include encryption, decryption and digital signature. For example, a sends the file to B,
encryption and decryption:
b sends his public key to a
a encrypts her message with B's public key and sends it to B
b decrypts a's message with his private key
Digital Signature: how can b identify whether a is fake or not
A transfers the signed file to B
b decrypts the file with a's public key to verify the signature. Because only a has a private key.
SM2: ECDLP based on elliptic curve discrete logarithm problem. That is, consider the equation q = KP, where Q and P belong to EP (a, b), K & lt; p. Then: 1) P = "given Q and P, it is difficult to calculate K
for communication parties A and B, there are public key and private key of a and public key and private key of B. The public key is to tell you that the private key is reserved
the scenarios of using public and private keys include encryption, decryption and digital signature. For example, a sends the file to B,
encryption and decryption:
b sends his public key to a
a encrypts her message with B's public key and sends it to B
b decrypts a's message with his private key
Digital Signature: how can b identify whether a is fake or not
A transfers the signed file to B
b decrypts the file with a's public key to verify the signature. Because only a has a private key.
6. This online search
encryption and authentication
first of all, we need to distinguish the two basic concepts of encryption and authentication
encryption is to encrypt data, so that even if illegal users get encrypted data, they can not get the correct data content, so data encryption can protect data and prevent eavesdropping attacks. It focuses on the security of data. Identity authentication is used to judge the authenticity of an identity. After the identity is confirmed, the system can give different permissions according to different identities. It focuses on the authenticity of users. The emphasis of the two is different
public key and private key
secondly, we need to understand the concept and function of public key and private key
in modern cryptosystem, encryption and decryption use different keys (public keys), that is, asymmetric key cryptosystem. Each communication party needs two keys, namely public key and private key, which can be used to encrypt and decrypt each other. The public key is public and does not need to be kept secret, while the private key is held by the indivial himself and must be kept and kept secret
principle of public key and private key:
one public key corresponds to one private key
in the key pair, what we all know is the public key, but what we only know is the private key
if one of the keys is used to encrypt data, only the corresponding key can be decrypted
if one of the keys can be used to decrypt data, the data must be encrypted by the corresponding key
the main application of asymmetric key cryptography is public key encryption and public key authentication, and the process of public key encryption is different from that of public key authentication. I will explain the difference in detail below
encryption process based on public key
for example, there are two users, Alice and Bob. Alice wants to send a piece of plaintext to Bob through double key encryption technology. Bob has a pair of public key and private key, so the encryption and decryption process is as follows:
Bob sends his public key to Alice
Alice encrypts her message with Bob's public key and sends it to Bob
Bob decrypts Alice's message with his private key.
encryption and authentication
first of all, we need to distinguish the two basic concepts of encryption and authentication
encryption is to encrypt data, so that even if illegal users get encrypted data, they can not get the correct data content, so data encryption can protect data and prevent eavesdropping attacks. It focuses on the security of data. Identity authentication is used to judge the authenticity of an identity. After the identity is confirmed, the system can give different permissions according to different identities. It focuses on the authenticity of users. The emphasis of the two is different
public key and private key
secondly, we need to understand the concept and function of public key and private key
in modern cryptosystem, encryption and decryption use different keys (public keys), that is, asymmetric key cryptosystem. Each communication party needs two keys, namely public key and private key, which can be used to encrypt and decrypt each other. The public key is public and does not need to be kept secret, while the private key is held by the indivial himself and must be kept and kept secret
principle of public key and private key:
one public key corresponds to one private key
in the key pair, what we all know is the public key, but what we only know is the private key
if one of the keys is used to encrypt data, only the corresponding key can be decrypted
if one of the keys can be used to decrypt data, the data must be encrypted by the corresponding key
the main application of asymmetric key cryptography is public key encryption and public key authentication, and the process of public key encryption is different from that of public key authentication. I will explain the difference in detail below
encryption process based on public key
for example, there are two users, Alice and Bob. Alice wants to send a piece of plaintext to Bob through double key encryption technology. Bob has a pair of public key and private key, so the encryption and decryption process is as follows:
Bob sends his public key to Alice
Alice encrypts her message with Bob's public key and sends it to Bob
Bob decrypts Alice's message with his private key.
7. To achieve secure login, we can use the following three methods, one based on asymmetric encryption algorithm, one based on symmetric encryption algorithm, and the last one based on hash algorithm. Let's discuss these three methods separately
among the asymmetric encryption algorithms, RSA algorithm and ECC (elliptic curve encryption) algorithm are the most commonly used. In order to achieve secure login by using asymmetric encryption algorithm, firstly, when the client requests the login page from the server, the server generates the public key and private key, and then passes the public key along with the login page to the client browser. When the user enters the user name and password and clicks login, the public key and private key are generated by the server, JavaScript in login page calls asymmetric encryption algorithm to encrypt user name and password with public key. Then it is submitted to the server. The server decrypts it with the private key, and compares it with the user name and password in the database. If it is consistent, the login is successful. Otherwise, the login fails
it looks simple, but here are a few questions. At present, the key of 1024-2048 bits is considered to be secure in RSA algorithm. If the key length is less than this length, it is considered that it can be cracked. But this length is beyond the range of digital operation allowed by programming language itself, so it needs to realize large number operation by simulation. On the client side of the web system, if JavaScript is used to simulate the running of large numbers, the efficiency will be very low. Therefore, if such a key is used to encrypt data on the client side, many browsers will issue a warning that the execution time is too long and stop running. However, decryption or key generation takes longer than encryption. Although decryption and key generation are executed on the server side, if the server side is a scripting language such as PHP and ASP, they will not be competent for such work. The key length requirement of ECC algorithm is lower than that of RSA algorithm. The 160 bit key length of ECC algorithm is considered to be equivalent to the 1024 bit key length of RSA algorithm. Although the analog large number operation still needs to be involved, the computation amount of key length of ECC algorithm is acceptable, but ECC algorithm is much more complex than RSA algorithm, so it is difficult to implement
symmetric encryption algorithm is much faster than asymmetric encryption algorithm, but symmetric encryption algorithm requires the sender and receiver of data to share a key, and the key can not be directly transmitted through an insecure network, otherwise the key and the encrypted data can be monitored at the same time, The intruder can directly use the monitored key to decrypt the encrypted information
is it impossible to achieve secure login through symmetric encryption algorithm? In fact, as long as the key exchange algorithm can achieve secure login, the commonly used key exchange algorithm is Diffie Hellman key exchange algorithm. First, when the client requests the login page from the server, the server generates a large prime number P, its primitive root g, and a random number Xa, then calculates Ya = GXA mod p, sends P, G, Ya together with the login page to the client, and the client also generates a random number XB, Calculate Yb = gxb mod p, and then calculate k = yaxb mod P. now K is the key. Next, you can use K as the key to encrypt the user's input with symmetric encryption algorithm, and then send the encrypted information together with the calculated Yb to the server. The server calculates k = ybxa mod p, so you can get the same key K as the client, Finally, with the corresponding decryption algorithm of the client encryption algorithm, the encrypted information can be decrypted on the server. After decryption, the information is compared. If it is consistent, the login is successful, otherwise the login fails. Note that the random number XA generated by the server and the random number XB generated by the client are not passed to each other. Only P, G, ya, Yb and encrypted data are transmitted
however, if we use hash algorithm instead of encryption algorithm to process the login password, we can avoid directly decrypting the original text. However, if we use MD5 or SHA1 to process the login password and submit it, once the intruder listens to the hashed password, it is not necessary to decrypt the original text and submit the monitored data to the server directly, Then we can achieve the purpose of intrusion. Moreover, MD5 algorithm has been cracked, SHA1 algorithm has been proved to be cracked in theory, even if offline collision is used, the password equivalent to the original password can be found. So it is not feasible to hash the password directly with MD5 or SHA1
however, if a key is added to the hash algorithm, the situation will be different. HMAC algorithm just does this. Let's see how to use HMAC algorithm to achieve secure login. First, when the client requests the login page from the server, the server generates a random string, which is sent to the client browser together with the login page. After the user enters the user name password, the password uses MD5 or SHA1 to generate hash value as the key, and the random string sent by the server is used as the message data for HMAC operation. The results are then submitted to the server. The reason why we need to hash the user's password and then use it as the key instead of directly using it as the key is to ensure that the key is long enough and not too long. After the server receives the data submitted by the client, it performs the same operation on the random string stored in the server and the user password, and then compares them. If the results are consistent, the login is considered successful, otherwise, the login fails. Of course, if you don't use the HMAC algorithm, you can combine the password with the random number generated by the server and then do MD5 or SHA1
here, the random string sent by the server is different every time the client requests, so even if the intruder listens to the random string and the encrypted submitted data, it cannot submit the same data again to pass the verification. Moreover, the key cannot be calculated from the monitored data, so the login information cannot be forged
symmetric and asymmetric encryption algorithms are not only suitable for login verification, but also for initial password setting and subsequent password modification, while hash algorithm is only suitable for login verification. But hash algorithm is more efficient than symmetric and asymmetric encryption algorithm.
among the asymmetric encryption algorithms, RSA algorithm and ECC (elliptic curve encryption) algorithm are the most commonly used. In order to achieve secure login by using asymmetric encryption algorithm, firstly, when the client requests the login page from the server, the server generates the public key and private key, and then passes the public key along with the login page to the client browser. When the user enters the user name and password and clicks login, the public key and private key are generated by the server, JavaScript in login page calls asymmetric encryption algorithm to encrypt user name and password with public key. Then it is submitted to the server. The server decrypts it with the private key, and compares it with the user name and password in the database. If it is consistent, the login is successful. Otherwise, the login fails
it looks simple, but here are a few questions. At present, the key of 1024-2048 bits is considered to be secure in RSA algorithm. If the key length is less than this length, it is considered that it can be cracked. But this length is beyond the range of digital operation allowed by programming language itself, so it needs to realize large number operation by simulation. On the client side of the web system, if JavaScript is used to simulate the running of large numbers, the efficiency will be very low. Therefore, if such a key is used to encrypt data on the client side, many browsers will issue a warning that the execution time is too long and stop running. However, decryption or key generation takes longer than encryption. Although decryption and key generation are executed on the server side, if the server side is a scripting language such as PHP and ASP, they will not be competent for such work. The key length requirement of ECC algorithm is lower than that of RSA algorithm. The 160 bit key length of ECC algorithm is considered to be equivalent to the 1024 bit key length of RSA algorithm. Although the analog large number operation still needs to be involved, the computation amount of key length of ECC algorithm is acceptable, but ECC algorithm is much more complex than RSA algorithm, so it is difficult to implement
symmetric encryption algorithm is much faster than asymmetric encryption algorithm, but symmetric encryption algorithm requires the sender and receiver of data to share a key, and the key can not be directly transmitted through an insecure network, otherwise the key and the encrypted data can be monitored at the same time, The intruder can directly use the monitored key to decrypt the encrypted information
is it impossible to achieve secure login through symmetric encryption algorithm? In fact, as long as the key exchange algorithm can achieve secure login, the commonly used key exchange algorithm is Diffie Hellman key exchange algorithm. First, when the client requests the login page from the server, the server generates a large prime number P, its primitive root g, and a random number Xa, then calculates Ya = GXA mod p, sends P, G, Ya together with the login page to the client, and the client also generates a random number XB, Calculate Yb = gxb mod p, and then calculate k = yaxb mod P. now K is the key. Next, you can use K as the key to encrypt the user's input with symmetric encryption algorithm, and then send the encrypted information together with the calculated Yb to the server. The server calculates k = ybxa mod p, so you can get the same key K as the client, Finally, with the corresponding decryption algorithm of the client encryption algorithm, the encrypted information can be decrypted on the server. After decryption, the information is compared. If it is consistent, the login is successful, otherwise the login fails. Note that the random number XA generated by the server and the random number XB generated by the client are not passed to each other. Only P, G, ya, Yb and encrypted data are transmitted
however, if we use hash algorithm instead of encryption algorithm to process the login password, we can avoid directly decrypting the original text. However, if we use MD5 or SHA1 to process the login password and submit it, once the intruder listens to the hashed password, it is not necessary to decrypt the original text and submit the monitored data to the server directly, Then we can achieve the purpose of intrusion. Moreover, MD5 algorithm has been cracked, SHA1 algorithm has been proved to be cracked in theory, even if offline collision is used, the password equivalent to the original password can be found. So it is not feasible to hash the password directly with MD5 or SHA1
however, if a key is added to the hash algorithm, the situation will be different. HMAC algorithm just does this. Let's see how to use HMAC algorithm to achieve secure login. First, when the client requests the login page from the server, the server generates a random string, which is sent to the client browser together with the login page. After the user enters the user name password, the password uses MD5 or SHA1 to generate hash value as the key, and the random string sent by the server is used as the message data for HMAC operation. The results are then submitted to the server. The reason why we need to hash the user's password and then use it as the key instead of directly using it as the key is to ensure that the key is long enough and not too long. After the server receives the data submitted by the client, it performs the same operation on the random string stored in the server and the user password, and then compares them. If the results are consistent, the login is considered successful, otherwise, the login fails. Of course, if you don't use the HMAC algorithm, you can combine the password with the random number generated by the server and then do MD5 or SHA1
here, the random string sent by the server is different every time the client requests, so even if the intruder listens to the random string and the encrypted submitted data, it cannot submit the same data again to pass the verification. Moreover, the key cannot be calculated from the monitored data, so the login information cannot be forged
symmetric and asymmetric encryption algorithms are not only suitable for login verification, but also for initial password setting and subsequent password modification, while hash algorithm is only suitable for login verification. But hash algorithm is more efficient than symmetric and asymmetric encryption algorithm.
8. Yes, the public key is opposite to the private key. If one is the public key, the other is the private key
9.
To use OpenSSL on Ubuntu, you need to install it first. The command is as follows:
sudo apt get install OpenSSL
after the installation, you can use OpenSSL
first, you need to enter the interactive interface of OpenSSL and enter OpenSSL on the command line
1) generate RSA private key:
genrsa - out RSA_ private_ Key.pem 1024
this command will generate a 1024 bit private key. The successful interface is as follows:
3) generate RSA public key
input the command RSA - in RSA_ private_ key.pem -pubout -out rsa_ public_ Key.pem and enter
10.
Yes,
-
a public key corresponds to a private key
-
in the key pair, what we all know is the public key, but what we only know is the private key
-
if one of the keys is used to encrypt data, only the corresponding key can be decrypted
-
if one of the keys can be used to decrypt data, the data must be encrypted by the corresponding key
Hot content