有关PGP的基本概念

2014年从msn space存档中重新恢复出来！

以下内容摘自bouncycastle的邮件列表中针对某人问题的回复，对于理解PGP的基本概念有所帮助，故此摘录如下，以备参考。

If I'm saying anything basic that you already know, please forgive me.
I mean no offense; I'm just not sure what level to start from.

You mentioned a five digit PIN number and a certificate. It sounds like
you need to encrypt the PIN number so you can send it across the network,
and some other party can read it?

Allow me to offer a few basics. DES and Triple-DES ("3DES" or "DESede") are
"symmetric cipher algorithms." This means they use the same key to
encrypt and to decrypt. This key is usually called a "secret key".
DES keys are 8 bytes long (64 bits, of which 8 are parity).
Triple-DES keys are 24 bytes long (192 bits of key, 24 bits of parity).

Also, DES and 3DES are "block cipher" algorithms. That is, they work on
blocks of data. The block size for DES and 3DES is 64 bits, or 8 bytes.

By comparison, RSA is a "public key" algorithm. That is, RSA actually
uses a key pair. There is a "public key" and a matching "private key."
The public key is usually distributed inside an X.509 certificate, though
this is not strictly required. As the name suggests, the private key is
never distributed.

These days, RSA keys are typically 1024 bits long, or 128 bytes. Using
the default algorithm, an RSA key can be used to encrypt up to N-11 bytes
of data, where N is the key length in bytes.

Normally, one does not encrypt data directly with an RSA key. Instead,
one creates a one-time-use random key for a symmetric cipher. (For
instance, one might generate 24 bytes of random data for use as a 3DES
key.) For convenience, let's call that key "Kmsg" (the "message" key).
One would then encrypt the actual message data using this message key.
Then, one encrypts Kmsg using the RSA public key of the intended
message recipient. Finally, send the encrypted message and the
encrypted Kmsg to the recipient.

As a specific example, suppose Alice wants to send Bob an encrypted
message. Let's say Alice decides to use DES. Alice generates Kmsg.
Let's suppose Kmsg = 0x1234567812345678 (eight bytes). We'll call the
message M.

Alice applies DES to encrypt M with Kmsg: DES(M,Kmsg)

Now, Alice encrypts Kmsg with Bob's public key: RSAPUB(Kmsg,Bob)

Alice sends Bob both DES(M,Kmsg) and RSAPUB(Kmsg,Bob). Bob uses his
private key: RSAPRIV (RSAPUB (Kmsg, Bob), Bob) == Kmsg. Then, Bob
uses the recovered Kmsg to decrypt DES(M,Kmsg) and gets back M.

One nice advantage of this scheme is that Alice can send the encrypted
message to all of Bob, Carol, and David very simply. Alice simply sends:

{ DES(M,Kmsg), RSAPUB(Kmsg,Bob), RSAPUB(Kmsg,Carol), RSAPUB(Kmsg,David) }

Each recipient uses the corresponding private key to decrypt one of the
RSAPUBs and then decrypt the original message. In fact, this is how
encrypted mail (S/MIME) works.

Phew, now, back to your case. If you really have a five digit PIN, you
can actually encrypt the PIN directly using RSA, or you can do what is
described above.

Hope this helps clarify matters some.

>>>>>> 更多阅读 <<<<<<

为什么你好心说的话，别人却不听

降本增效不可不知的三种情况

闲话SpringAOP的应用

欢迎加入「福强私学」

跨越2190个日夜，始终坚持“实践 + 原创”打造的715125字专属知识库，囊括了（但不限于）从职场、技术、管理与商业等多个板块的内容。

一个ChatGPT触达不到的地方
一个带你超越AI/人工智能的地方
一个与你一起成长的地方

https://afoo.me/kb.html

开天窗，拉认知，订阅「福报」，即刻拥有自己的全模态人工智能。