RSA可以同时用作加密和签名吗? [英] Can RSA be both used as encryption and signature?

问题描述

对不起，但是我的脑子突然变得茫然无措....

I am sorry but my mind suddenly goes blank for this question....

编辑(场景)

如果我想让信息绕过 f-ck 之类的简单过滤器，可以用公钥对信息加密，并用私钥签名吗?

If I want information to bypass simple filters like f-ck, is it OK to encrypt the information with public key, and sign by private key?

公钥可能已经在双方之间交换了，甚至很难获得公钥.

The public key may have already exchanged by both sides, and it is even hard to get the public key.

编辑2

信息本身可能没有那么多凭据.

The information itself may not that much credential.

加密和签名的重点是绕过和完整性.

The point of encryption and signature is for bypassing and integrity.

推荐答案

RSA是两种算法:一种用于非对称加密，另一种用于签名.碰巧两种算法都可以使用相同的私钥结构(这引起了混乱:许多文档，包括 RSA标准，请尝试将签名解释为使用私钥加密"，这充其量是不准确的.)

RSA is two algorithms: one for asymmetric encryption and one for signatures. It so happens that both algorithms can use the same private key structure (this is a source of confusion: many documentations, including the RSA standard, try to explain the signature as "an encryption with the private key", which is, at best, inaccurate).

两种用法都可以使用相同的密钥，但实际上不建议这样做，因为尚未充分探讨两种用法之间的相互作用；同样，用于加密的密钥和用于签名的密钥通常具有不同的生命周期，具有不同的保护机制(例如，您通常希望保留用于加密的私钥的备份，以防止数据丢失:丢失私钥意味着丢失所有数据，已使用该密钥加密；而您不不希望备份签名密钥).

Using the same key for both usages is possible, but not really recommended, because interactions between both kind of usages have not been fully explored; also, keys for encryption and keys for signatures usually have different life cycles with distinct protection mechanisms (for instance, you normally want to keep a backup of the private key for encryption, to prevent data loss: losing the private key means losing all data which has been encrypted with that key; while you do not want a backup of the signature key).

您的情况尚不清楚.不对称的加密使用公用密钥，而生成签名使用专用密钥.如果A要通过加密(出于保密性)和签名(出于完整性)向B发送消息，则A将使用B知道私有密钥的公共密钥对数据进行加密；并且A将使用B知道其公钥的私钥对数据进行签名.这需要两对密钥:一对用于加密和解密(A加密，B解密，B知道私钥)，另一对用于签名(A符号，B验证，A知道私钥).如果A和B都知道私钥，则它们具有共享的秘密，并且使用对称加密( HMAC ).

Your scenario is a bit unclear. Asymmetric encryption uses the public key, while generating the signature uses the private key. If A wants to send a message to B with encryption (for confidentiality) and a signature (for integrity), then A will encrypt the data with a public key for which B knows the private key; and A will sign the data with a private key for which B knows the public key. This calls for two pairs of key: one pair is used for encryption and decryption (A encrypts, B decrypts, B knows the private key), and the other pair is used for signatures (A signs, B verifies, A knows the private key). If both A and B know the private key, then they have a shared secret, and it is much simpler (and faster) to use symmetric encryption (AES) and integrity checks (HMAC).

标准免责声明:，您似乎在设计自己的加密协议.不要这样做.这条道路会导致无数其他聪明人偶然发现的相同安全失败.使用经过验证的协议，例如 SSL/TLS 或

Standard disclaimer: you look like you are designing your own cryptographic protocol. Do not do this. This road leads to the same security failures that countless other smart people have stumbled upon. Use a tried-and-proven protocol such as SSL/TLS or OpenPGP.

这篇关于RSA可以同时用作加密和签名吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！