• 欢迎访问速搜资源吧,如果在网站上找不到你需要的资源,可以在留言板上留言,管理员会尽量满足你!

【速搜问答】电子邮件加密是什么

问答 admin 9个月前 (04-13) 158次浏览 已收录 0个评论

汉英对照:
Chinese-English Translation:

随着计算机的发展,对电子邮件的保护也越来越全面。电子邮件加密的核心思想是加密处理电子邮件,通过此方法,允许特定的人对其阅读,从而保证信息的安全性。

With the development of computer, the protection of e-mail is more and more comprehensive. The core idea of e-mail encryption is to encrypt e-mail. By this method, specific people are allowed to read it, so as to ensure the security of information.

随着计算机的发展,对电子邮件的保护也越来越全面。电子邮件加密的核心思想是加密处理电子邮件,通过此方法,允许特定的人对其阅读,从而保证信息的安全性。

With the development of computer, the protection of e-mail is more and more comprehensive. The core idea of e-mail encryption is to encrypt e-mail. By this method, specific people are allowed to read it, so as to ensure the security of information.

技术分类

Technology classification

对称加密技术

Symmetric encryption technology

对称加密算法,又称为单密钥算法或秘密密钥算法,顾名思义,使用相同的密钥进行加密和解密。这种算法中,发送方使用加密密钥对原始数据(称之为明文)进行加密之后,把它变成第三方无法看懂的复杂信息(称之为密文)发送至接收方,接收方如果想看到原始数据,根据对称加密技术的原理,他必须通过此加密算法的逆运算对密文进行解密运算,从而变成可读的明文。这种算法是较早应用、技术非常成熟的一种加密算法,但是这种方法存在着严重的不足:

Symmetric encryption algorithm, also known as single key algorithm or secret key algorithm, as the name suggests, uses the same key for encryption and decryption. In this algorithm, the sender encrypts the original data (called plaintext) with the encryption key, and sends it to the receiver as complex information (called ciphertext) which can not be understood by the third party. If the receiver wants to see the original data, according to the principle of symmetric encryption technology, he must decrypt the ciphertext through the inverse operation of this encryption algorithm, so as to become readable It’s clear text. This algorithm is a very mature encryption algorithm which has been used earlier, but it has serious shortcomings

1、由于接收方和发送方使用相同的密钥,一旦密钥泄漏,那么任何人都能够轻而易举地解密消息;

1. Because the receiver and the sender use the same key, once the key is leaked, anyone can easily decrypt the message;

2、为了保证安全性,每次使用对称加密算法时,收发双方都需要使用其他人不知道的唯一密钥,这将造成双方所持有密钥的数量以几何级数快速增长,使得密钥管理极其复杂。

2. In order to ensure security, each time symmetric encryption algorithm is used, the sender and the receiver need to use a unique key that others do not know. This will cause the number of keys held by both sides to grow geometrically and make key management extremely complex.

因此,针对对称密钥技术的这些不足之处,非对称密钥体系加密技术逐渐产生并成熟,大而积地取代了原来的对称密钥技术。

Therefore, in view of these shortcomings of symmetric key technology, asymmetric key system encryption technology has gradually come into being and matured, which has largely replaced the original symmetric key technology.

传统非对称密钥体系(PKI / CA)加密技术

Traditional asymmetric key system (PKI / CA) encryption technology

PKI ( Public Key Infrastructure)是指公钥基础设施,它从技术上解决了网络通信安全的种种障碍。CA(Certificate Authority)是指认证中心,它从法律规范、人力投入、管理运营等方面解决了网络信任的多种问题。因此,将二者统一称为‘“PKI/CA” 。 PKI/CA 主要组成机构:用户、注册机构和认证中心。其工作原理如图所示。

PKI (public key infrastructure) refers to the public key infrastructure, which technically solves all kinds of obstacles of network communication security. Ca (certificate authority) refers to the certification center, which solves many problems of network trust from the aspects of legal norms, human investment, management and operation. Therefore, they are called “PKI / Ca”. PKI / Ca mainly consists of user, registration organization and Certification Center. Its working principle is shown in the figure.

如图,注册机构作为用户与认证中心的中间通信,它的主要功能是审核申请者身份的真实性,通过此项审核后,它把用户的信息上传至认证中心,在此进行最后的制证操作。此外,注册机构也会将证书的吊销、更新等提交给认证中心进行处理。由此可见,认证中心可以看作一个可信任的第三方体系,他会为该信任体系中的所有用户发放一张数字证书,以此证明他的身份己经通过鉴定。所以每次交易时,能够方便快速地判定是否为此信任体系中用户的最有效方法就是:对双方的数字证书进行检查。

As shown in the figure, as the intermediate communication between the user and the certification center, the main function of the registration organization is to verify the authenticity of the applicant’s identity. After passing this verification, it uploads the user’s information to the certification center, where it carries out the final certificate making operation. In addition, the registration authority will also submit the revocation and update of the certificate to the certification authority for processing. It can be seen that the certification authority can be regarded as a trusted third-party system. It will issue a digital certificate to all users in the trust system to prove that his identity has passed the authentication. Therefore, in each transaction, the most effective way to quickly and conveniently determine whether this is the user in the trust system is to check the digital certificates of both parties.

这种 PKI / CA 技术以数字证书为核心,能够对网络中传输的信息进行加密和解密、签名和验证,以此确保除了发送方和接收方外,电子邮件无法被其他人获得,在传输过程中邮件不被更改,通过数字证书,发送方能够确认接收方身份是否真实,对于自己发出的信息,发送方无法抵赖。

This PKI / Ca With digital certificate as the core, the technology can encrypt, decrypt, sign and verify the information transmitted in the network, so as to ensure that the e-mail can not be obtained by other people except the sender and receiver, and the e-mail will not be changed in the transmission process. Through the digital certificate, the sender can confirm whether the identity of the receiver is true, and the sender can not change the information sent by himself deny.

PKI/CA 体系加密技术较为成熟,但应用于电子邮件加密时仍然存在着一些不足,如:

PKI / CA system encryption technology is relatively mature, but there are still some shortcomings when applied to e-mail encryption, such as:

1、管理密钥不方便;

1. The key management is not convenient;

2、进行加解密操作的前提是:需要先交换密钥,此过程繁琐;

2. The premise of encryption and decryption operation is: need to exchange keys first, this process is cumbersome;

3、一个完整且有效的 CA 系统至少应具有以下部分:公钥密码证书、历史密钥、黑名单的管理,密钥的备份与恢复,自动更新密钥等。综上,CA 证书获得比较麻烦,这种电子邮件加密技术一直很难普及。 这种传统非对称密钥体系(PKI / CA)加密技术只适用于企业、单位、一些高端用户和高端电子商务中。

3. A complete and effective CA system should at least have the following parts: public key cryptography certificate, historical key, blacklist management, key backup and recovery, automatic key update, etc. To sum up, CA certificate is difficult to obtain, and this e-mail encryption technology has been difficult to popularize. This traditional asymmetric key system (PKI / CA) encryption technology is only suitable for enterprises, units, some high-end users and high-end e-commerce.

链式加密技术

Chain encryption technology

链式加密技术是一种新颖而又巧妙的邮件加密技术,这种技术将对称密钥算法和非对称密钥算法结合起来,这种加密技术的工作方式是(见图 2):发件人 A 选择一个随机生成的密钥(称之为会话

Chain encryption technology is a novel and ingenious e-mail encryption technology, which combines symmetric key algorithm with asymmetric key algorithm. The working mode of this encryption technology is (see Figure 2): sender a selects a randomly generated key (called session key)

由此可知,链式加密技术结合了两种加密算法的优点,它既有对称加密算法的快速性,又有 RSA 算法的认证性和强保密性。另外,在链式加密技术中,用户自己管理密钥,而公钥的交换依赖于信任机制。因此,用户的电子邮件是绝对安全的。著名的电子邮件加密软件 PCP 就是采用这种技术进行加密的。

It can be seen that the chain encryption technology combines the advantages of the two encryption algorithms. It not only has the rapidity of symmetric encryption algorithm, but also has the authentication and strong confidentiality of RSA algorithm. In addition, in the chain encryption technology, the user manages the key, and the exchange of public key depends on the trust mechanism. Therefore, the user’s e-mail is absolutely secure. The famous e-mail encryption software PCP uses this technology for encryption.

基于身份的密码加密技术

Identity based password encryption technology

1984 年,以色列著名科学家、RSA 体系的发明者之一 A. Shamir 提出了基于身份密码的思想,大幅度地简化了传统公钥密码系统中密钥管理问题。基于身份的加密(Identity Based Encryption , IBE)是一种新型的公钥加密体制,加密用的公钥不是从公钥证书中获得的,而是直接使用表示用户身份的字符串作为公钥,它的工作原理可通过发送方 A 和接收方 B 之间的具体通信来体现,用户公钥使用发送方 A 自己公开的身份信息(如姓名、身份证号、E-mail 等),而用户私钥是由另外一个可信任的第三方(称之为可信中心)生成。可信中心

In 1984, A. Shamir, a famous Israeli scientist and one of the inventors of RSA system, proposed the idea of identity based cryptography, which greatly simplified the key management problem in traditional public key cryptosystem. Identity based encryption (IBE) is a new public key encryption system. The public key used for encryption is not obtained from the public key certificate, but directly uses the string representing the user’s identity as the public key. Its working principle can be reflected by the specific communication between sender a and receiver B. the user’s public key uses sender a Their own identity information (such as name, ID number, E-mail, etc.), and the user’s private key is generated by another trusted third party (called trusted center). Trusted center

由于基于身份加密不需要公钥证书及相关操作,简化了公钥的使用与管理,所以这种加密技术提出后的二十余年中,它就成为了密码学中的研究热点。作为一种新的公钥密码机制,基于身份加密技术在建设成本、管理效率和计算优化等方而较传统 PKI 有很大提升,被看作是未来构建公钥信任体系的一种有效手段。但是在此体系中,用户的密钥都是被托管在服务器端,所以服务器的安全性以及服务提供者的承诺[”〕对用户信息保密性至关重要。典型的基于身份密码的邮件加密产品是赛曼邮件天使系统。

Because identity based encryption does not need public key certificate and related operations, which simplifies the use and management of public key, it has become a research hotspot in cryptography in the past 20 years. As a new public key cryptography mechanism, identity based encryption technology has greatly improved compared with traditional PKI in terms of construction cost, management efficiency and calculation optimization. It is regarded as an effective means to build public key trust system in the future. But in this system, the user’s key is hosted in the server, so the security of the server and the promise of the service provider are very important to the confidentiality of the user’s information. A typical e-mail encryption product based on ID password is symman e-mail Angel system.

技术比较

Technical comparison

对称加密技术的优点是算法公开、计算量小、机密速度快、加密效率高,缺点是使用相同密钥、安全型较低、容易泄露;传统非对称密钥体系(PCA/CA)加密技术的优点是能够保证身份的真实性和不可抵赖性,缺点是密钥管理复杂,CA 证书获得较麻烦;链路加密技术的优点是速度快、安全性高,缺点是证书维护、撤销等操作需要的成本较高;基于身份的密码加密技术的优点是不需要任何证书,接收方的公共密钥自他的身份信息,密钥设有使用期限,因此不需要予以撤销,能够抵御垃圾邮件的攻击,缺点是需要一个集中服务器,增大了泄露的安全风险。

Symmetric encryption technology has the advantages of open algorithm, small amount of calculation, fast secret speed and high encryption efficiency, but it has the disadvantages of using the same key, low security and easy to leak. Traditional asymmetric key system (PCA / CA) encryption technology has the advantages of ensuring the authenticity and non repudiation of identity, but the disadvantages are complex key management and ca The advantages of link encryption technology are fast speed and high security, but the disadvantages are the high cost of certificate maintenance and revocation. The advantages of identity based encryption technology are that it does not need any certificate, the receiver’s public key is his identity information, and the key has a service life, so it does not need to be revoked, which can resist the attack of spam The disadvantage is that it needs a centralized server, which increases the security risk of leakage.


速搜资源网 , 版权所有丨如未注明 , 均为原创丨转载请注明原文链接:【速搜问答】电子邮件加密是什么
喜欢 (0)
[361009623@qq.com]
分享 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址