# 有关PGP的基本概念

2014年从msn space存档中重新恢复出来！

以下内容摘自bouncycastle的邮件列表中针对某人问题的回复，对于理解PGP的基本概念有所帮助，故此摘录如下，以备参考。

If I'm saying anything basic that you already know, please forgive me. I mean no offense; I'm just not sure what level to start from. You mentioned a five digit PIN number and a certificate. It sounds like you need to encrypt the PIN number so you can send it across the network, and some other party can read it? Allow me to offer a few basics. DES and Triple-DES ("3DES" or "DESede") are "symmetric cipher algorithms." This means they use the same key to encrypt and to decrypt. This key is usually called a "secret key". DES keys are 8 bytes long (64 bits, of which 8 are parity). Triple-DES keys are 24 bytes long (192 bits of key, 24 bits of parity). Also, DES and 3DES are "block cipher" algorithms. That is, they work on blocks of data. The block size for DES and 3DES is 64 bits, or 8 bytes. By comparison, RSA is a "public key" algorithm. That is, RSA actually uses a key pair. There is a "public key" and a matching "private key." The public key is usually distributed inside an X.509 certificate, though this is not strictly required. As the name suggests, the private key is never distributed. These days, RSA keys are typically 1024 bits long, or 128 bytes. Using the default algorithm, an RSA key can be used to encrypt up to N-11 bytes of data, where N is the key length in bytes. Normally, one does not encrypt data directly with an RSA key. Instead, one creates a one-time-use random key for a symmetric cipher. (For instance, one might generate 24 bytes of random data for use as a 3DES key.) For convenience, let's call that key "Kmsg" (the "message" key). One would then encrypt the actual message data using this message key. Then, one encrypts Kmsg using the RSA public key of the intended message recipient. Finally, send the encrypted message and the encrypted Kmsg to the recipient. As a specific example, suppose Alice wants to send Bob an encrypted message. Let's say Alice decides to use DES. Alice generates Kmsg. Let's suppose Kmsg = 0x1234567812345678 (eight bytes). We'll call the message M. Alice applies DES to encrypt M with Kmsg: DES(M,Kmsg) Now, Alice encrypts Kmsg with Bob's public key: RSAPUB(Kmsg,Bob) Alice sends Bob both DES(M,Kmsg) and RSAPUB(Kmsg,Bob). Bob uses his private key: RSAPRIV (RSAPUB (Kmsg, Bob), Bob) == Kmsg. Then, Bob uses the recovered Kmsg to decrypt DES(M,Kmsg) and gets back M. One nice advantage of this scheme is that Alice can send the encrypted message to all of Bob, Carol, and David very simply. Alice simply sends: { DES(M,Kmsg), RSAPUB(Kmsg,Bob), RSAPUB(Kmsg,Carol), RSAPUB(Kmsg,David) } Each recipient uses the corresponding private key to decrypt one of the RSAPUBs and then decrypt the original message. In fact, this is how encrypted mail (S/MIME) works. Phew, now, back to your case. If you really have a five digit PIN, you can actually encrypt the PIN directly using RSA, or you can do what is described above. Hope this helps clarify matters some.

「为AI疯狂」星球上，扶墙老师正在和朋友们讨论有趣的AI话题，你要不要⼀起来呀？^-^

这里

- 不但有及时新鲜的AI资讯和深度探讨
- 还分享AI工具、产品方法和商业机会
- 更有体系化精品付费内容等着你，加入星球(https://t.zsxq.com/0dI3ZA0sL) 即可免费领取。(加入之后
**一定记得看置顶消息**呀！)

存量的时代，省钱就是赚钱。

在增量的时代，省钱其实是亏钱。

避坑儿是省钱的一种形式，更是真正聪明人的选择！

弯路虽然也是路，但还是能少走就少走，背后都是高昂的试错成本。

**订阅「福报」**，少踩坑，少走弯路，多走一步，就是不一样的胜率！