毕业论文外文翻译详解加密技术概念加密方法以及应用

详解加密技术概念、加密方法以及应用随着网络技术的发展，网络安全也就成为当今网络社会的焦点中的焦点，几乎没有人不在谈论网络上的安全问题，病毒、黑客程序、邮件炸弹、远程侦听等这一切都无不让人胆战心惊。病毒、黑客的猖獗使身处今日网络社会的人们感觉到谈网色变，无所适从。 但我们必需清楚地认识到，这一切一切的安全问题我们不可一下全部找到解决方案，况且有的是根本无法找到彻底的解决方案，如病毒程序，因为任何反病毒程序都只能在新病毒发现之后才能开发出来，目前还没有哪能一家反病毒软件开发商敢承诺他们的软件能查杀所有已知的和未知的病毒，所以我们不能有等网络安全了再上网的念头，因为或许网络不能有这么一日，就象“矛”与“盾”，网络与病毒、黑客永远是一对共存体。 现代的电脑加密技术就是适应了网络安全的需要而应运产生的，它为我们进行一般的电子商务活动提供了安全保障，如在网络中进行文件传输、电子邮件往来和进行合同文本的签署等。其实加密技术也不是什么新生事物，只不过应用在当今电子商务、电脑网络中还是近几年的历史。下面我们就详细介绍一下加密技术的方方面面，希望能为那些对加密技术还一知半解的朋友提供一个详细了解的机会！一、加密的由来 加密作为保障数据安全的一种方式，它不是现在才有的，它产生的历史相当久远，它是起源于要追溯于公元前2000年（几个世纪了），虽然它不是现在我们所讲的加密技术（甚至不叫加密），但作为一种加密的概念，确实早在几个世纪前就诞生了。当时埃及人是最先使用特别的象形文字作为信息编码的，随着时间推移，巴比伦、美索不达米亚和希腊文明都开始使用一些方法来保护他们的书面信息。 近期加密技术主要应用于军事领域，如美国独立战争、美国内战和两次世界大战。最广为人知的编码机器是German Enigma机，在第二次世界大战中德国人利用它创建了加密信息。此后，由于Alan Turing和Ultra计划以及其他人的努力，终于对德国人的密码进行了破解。当初，计算机的研究就是为了破解德国人的密码，人们并没有想到计算机给今天带来的信息革命。随着计算机的发展，运算能力的增强，过去的密码都变得十分简单了，于是人们又不断地研究出了新的数据加密方式，如利用ROSA算法产生的私钥和公钥就是在这个基础上产生的。二、加密的理由 当今网络社会选择加密已是我们别无选择，其一是我们知道在互联网上进行文件传输、电子邮件商务往来存在许多不安全因素，特别是对于一些大公司和一些机密文件在网络上传输。而且这种不安全性是互联网存在基础TCP/IP协议所固有的，包括一些基于TCP/IP的服务；另一方面，互联网给众多的商家带来了无限的商机，互联网把全世界连在了一起，走向互联网就意味着走向了世界，这对于无数商家无疑是梦寐以求的好事，特别是对于中小企业。为了解决这一对矛盾、为了能在安全的基础上大开这通向世界之门，我们只好选择了数据加密和基于加密技术的数字签名。 加密在网络上的作用就是防止有用或私有化信息在网络上被拦截和窃取。一个简单的例子就是密码的传输，计算机密码极为重要，许多安全防护体系是基于密码的，密码的泄露在某种意义上来讲意味着其安全体系的全面崩溃。 通过网络进行登录时，所键入的密码以明文的形式被传输到服务器，而网络上的窃听是一件极为容易的事情，所以很有可能黑客会窃取得用户的密码，如果用户是Root用户或Administrator用户，那后果将是极为严重的。 还有如果你公司在进行着某个招标项目的投标工作，工作人员通过电子邮件的方式把他们单位的标书发给招标单位，如果此时有另一位竞争对手从网络上窃取到你公司的标书，从中知道你公司投标的标的，那后果将是怎样，相信不用多说聪明的你也明白。 这样的例子实在是太多了，解决上述难题的方案就是加密，加密后的口令即使被黑客获得也是不可读的，加密后的标书没有收件人的私钥也就无法解开，标书成为一大堆无任何实际意义的乱码。总之无论是单位还是个人在某种意义上来说加密也成为当今网络社会进行文件或邮件安全传输的时代象征！ 数字签名就是基于加密技术的，它的作用就是用来确定用户是否是真实的。应用最多的还是电子邮件，如当用户收到一封电子邮件时，邮件上面标有发信人的姓名和信箱地址，很多人可能会简单地认为发信人就是信上说明的那个人，但实际上伪造一封电子邮件对于一个通常人来说是极为容易的事。在这种情况下，就要用到加密技术基础上的数字签名，用它来确认发信人身份的真实性。 类似数字签名技术的还有一种身份认证技术，有些站点提供入站FTP和WWW服务，当然用户通常接触的这类服务是匿名服务，用户的权力要受到限制，但也有的这类服务不是匿名的，如某公司为了信息交流提供用户的合作伙伴非匿名的FTP服务，或开发小组把他们的Web网页上载到用户的WWW服务器上，现在的问题就是，用户如何确定正在访问用户的服务器的人就是用户认为的那个人，身份认证技术就是一个好的解决方案。 在这里需要强调一点的就是，文件加密其实不只用于电子邮件或网络上的文件传输，其实也可应用静态的文件保护，如PIP软件就可以对磁盘、硬盘中的文件或文件夹进行加密，以防他人窃取其中的信息。三、两种加密方法 加密技术通常分为两大类：“对称式”和“非对称式”。 对称式加密就是加密和解密使用同一个密钥，通常称之为“Session Key ”这种加密技术目前被广泛采用，如美国政府所采用的DES加密标准就是一种典型的“对称式”加密法，它的Session Key长度为56Bits。 非对称式加密就是加密和解密所使用的不是同一个密钥，通常有两个密钥，称为“公钥”和“私钥”，它们两个必需配对使用，否则不能打开加密文件。这里的“公钥”是指可以对外公布的，“私钥”则不能，只能由持有人一个人知道。它的优越性就在这里，因为对称式的加密方法如果是在网络上传输加密文件就很难把密钥告诉对方，不管用什么方法都有可能被别窃听到。而非对称式的加密方法有两个密钥，且其中的“公钥”是可以公开的，也就不怕别人知道，收件人解密时只要用自己的私钥即可以，这样就很好地避免了密钥的传输安全性问题。四、密钥的管理 密钥既然要求保密，这就涉及到密钥的管理问题，管理不好，密钥同样可能被无意识地泄露，并不是有了密钥就高枕无忧，任何保密也只是相对的，是有时效的。要管理好密钥我们还要注意以下几个方面：1、密钥的使用要注意时效和次数 如果用户可以一次又一次地使用同样密钥与别人交换信息，那么密钥也同其它任何密码一样存在着一定的安全性，虽然说用户的私钥是不对外公开的，但是也很难保证私钥长期的保密性，很难保证长期以来不被泄露。如果某人偶然地知道了用户的密钥，那么用户曾经和另一个人交换的每一条消息都不再是保密的了。另外使用一个特定密钥加密的信息越多，提供给窃听者的材料也就越多，从某种意义上来讲也就越不安全了。因此，一般强调仅将一个对话密钥用于一条信息中或一次对话中，或者建立一种按时更换密钥的机制以减小密钥暴露的可能性。2、多密钥的管理 假设在某机构中有100个人，如果他们任意两人之间可以进行秘密对话，那么总共需要多少密钥呢？每个人需要知道多少密钥呢？也许很容易得出答案，如果任何两个人之间要不同的密钥，则总共需要4950个密钥，而且每个人应记住99个密钥。如果机构的人数是1000、10000人或更多，这种办法就显然过于愚蠢了，管理密钥将是一件可怕的事情。 Kerberos提供了一种解决这个较好方案，它是由MIT发明的，使保密密钥的管理和分发变得十分容易，但这种方法本身还存在一定的缺点。为能在因特网上提供一个实用的解决方案，Kerberos建立了一个安全的、可信任的密钥分发中心（Key Distribution Center，KDC），每个用户只要知道一个和KDC进行会话的密钥就可以了，而不需要知道成百上千个不同的密钥。 假设用户甲想要和用户乙进行秘密通信，则用户甲先和KDC通信，用只有用户甲和KDC知道的密钥进行加密 ，用户甲告诉KDC他想和用户乙进行通信，KDC会为用户甲和用户乙之间的会话随机选择一个对话密钥，并生成一个标签，这个标签由KDC和用户乙之间的密钥进行加密，并在用户甲启动和用户乙对话时，用户甲会把这个标签交给用户乙。这个标签的作用是让用户甲确信和他交谈的是用户乙，而不是冒充者。因为这个标签是由只有用户乙和KDC知道的密钥进行加密的，所以即使冒充者得到用户甲发出的标签也不可能进行解密，只有用户乙收到后才能够进行解密，从而确定了与用户甲对话的人就是用户乙。 当KDC生成标签和随机会话密码，就会把它们用只有用户甲和KDC知道的密钥进行加密，然后把标签和会话钥传给用户甲，加密的结果可以确保只有用户甲能得到这个信息，只有用户甲能利用这个会话密钥和用户乙进行通话。同理，KDC会把会话密码用只有KDC和用户乙知道的密钥加密，并把会话密钥给用户乙。 用户甲会启动一个和用户乙的会话，并用得到的会话密钥加密自己和用户乙的会话，还要把KDC传给它的标签传给用户乙以确定用户乙的身份，然后用户甲和用户乙之间就可以用会话密钥进行安全的会话了，而且为了保证安全，这个会话密钥是一次性的，这样黑客就更难进行破解了。同时由于密钥是一次性由系统自动产生的，则用户不必记那么多密钥了，方便了人们的通信。五、加密技术的应用 加密技术的应用是多方面的，但最为广泛的还是在电子商务和VPN上的应用，下面就分别简叙。1、在电子商务方面的应用 电子商务（E-business）要求顾客可以在网上进行各种商务活动，不必担心自己的信用卡会被人盗用。在过去，用户为了防止信用卡的号码被窃取到，一般是通过电话订货，然后使用用户的信用卡进行付款。现在人们开始用RSA（一种公开/私有密钥）的加密技术，提高信用卡交易的安全性，从而使电子商务走向实用成为可能。 许多人都知道NETSCAPE公司是Internet商业中领先技术的提供者，该公司提供了一种基于RSA和保密密钥的应用于因特网的技术，被称为安全插座层（Secure Sockets Layer，SSL）。也许很多人知道Socket，它是一个编程界面，并不提供任何安全措施，而SSL不但提供编程界面，而且向上提供一种安全的服务，SSL3.0现在已经应用到了服务器和浏览器上，SSL2.0则只能应用于服务器端。 SSL3.0用一种电子证书（electric certificate）来实行身份进行验证后，双方就可以用保密密钥进行安全的会话了。它同时使用“对称”和“非对称”加密方法，在客户与电子商务的服务器进行沟通的过程中，客户会产生一个Session Key，然后客户用服务器端的公钥将Session Key进行加密，再传给服务器端，在双方都知道Session Key后，传输的数据都是以Session Key进行加密与解密的，但服务器端发给用户的公钥必需先向有关发证机关申请，以得到公证。 基于SSL3.0提供的安全保障，用户就可以自由订购商品并且给出信用卡号了，也可以在网上和合作伙伴交流商业信息并且让供应商把订单和收货单从网上发过来，这样可以节省大量的纸张，为公司节省大量的电话、传真费用。在过去，电子信息交换（Electric Data Interchange，EDI）、信息交易（information transaction）和金融交易（financial transaction）都是在专用网络上完成的，使用专用网的费用大大高于互联网。正是这样巨大的诱惑，才使人们开始发展因特网上的电子商务，但不要忘记数据加密。2、加密技术在VPN中的应用 现在，越多越多的公司走向国际化，一个公司可能在多个国家都有办事机构或销售中心，每一个机构都有自己的局域网LAN（Local Area Network），但在当今的网络社会人们的要求不仅如此，用户希望将这些LAN连结在一起组成一个公司的广域网，这个在现在已不是什么难事了。 事实上，很多公司都已经这样做了，但他们一般使用租用专用线路来连结这些局域网 ，他们考虑的就是网络的安全问题。现在具有加密/解密功能的路由器已到处都是，这就使人们通过互联网连接这些局域网成为可能，这就是我们通常所说的虚拟专用网（Virtual Private Network ，VPN）。当数据离开发送者所在的局域网时，该数据首先被用户湍连接到互联网上的路由器进行硬件加密，数据在互联网上是以加密的形式传送的，当达到目的LAN的路由器时，该路由器就会对数据进行解密，这样目的LAN中的用户就可以看到真正的信息了。The technique of encryptAlong with the technical development of network, the network safety also becomes the focus in the focus of the network society nowadays, almost no one not at discuss the safe problem of the network, virus, a procedure, mail bomb, the long range interception etc. the all theses let persons tremble with fear scared. Virus, black guest of rampant make body for today the people of the network society feel talk that the net color change, indecisive. But we are essential to know clearly, the safe problem of the all these everything we cant find out the solution once and all, having plenty of besides basically cant find out the exhaustive solution, such as the virus procedure, because any anti- virus procedures all only the ability then can develop out after new virus detection, returning to have no currently which ability an anti- virus software develop the software that the company dares to promise them and can check to kill all have already know of and unknown virus, so we cant have etc. network safety again the mind that get to the Internet, because probably the network cant have so on first, for the elephant pike and shields, the network and virus, black guests are a rightness of coexistence bodies forever. The computer of the modern encrypt technique be adapted the network the demand of the safety but should carry the output, it carried on the general electronic commerce activity to provide the safety for us guarantee, such as carry on documents deliver in the network, the E-mail come-and-go and carry on the contract text originally of sign etc. .Encrypt the technique in fact also is not what new-born thing, only applied in nowadays electronic commerce, the computer network still the history of the last few years. Underneath we the detailed introduction encrypts the technical and square aspect to face once, hope the ability as those to encrypt the technique to still have superficial knowledge of friend provide opportunities of a detailed understanding!One, the cause of encrypt Encrypt is a kind of method that used to protect data, it exist for a long time, the history that it produce is very long ago, it is to originate and trace back to in 2000 B.C. (a few century), although it is not now we speak of encrypt the technique (even not call encrypt), be a kind of concept for encrypt, definite bore as early as and several centuries ago. At that time the Egyptian used the special pictograph to be the information coding first of, changing along with time, the Babylon, Mesopotamia was second to start use some methods with Greece civilizations all to protect their written form information. Encrypt the technique to mainly be applied in the military realm in the near future, such as the American independent war, American civil war and two world wars. The coding machine that behave to know most widely is the machine of German Enigma, the German makes use of in the World War II it establishes to encrypt the information. Thus, because of the effort of the Alan Turing and Ultra plan and others they carried on to break the solution to the Germans password finally. At the beginning, the research of the calculator be for breaking the password of solve the German, the people did not thought of that the calculator give information revolution bring today. Along with the development of the calculator, which build up of the operation ability, past passwords allied become very simple, hence the people studied constantly again the new data encrypts the way, if make use of the output and private key and male keys of calculate way of ROSAs are output on this foundation.Two, the reason why we use encrypt Nowadays the network society the choice to encrypt is already essential to us, one we know is that going forward to communicate officially the piece to deliver in the Internet, the E-mail business come-and-go exist many insecurity factors, taking charge of to some archdukes especially to deliver with some secret documents on the network. And this kind of insecurity is the Internet existence foundation- TCP/ IP agreement proper, include some according to TCP/ IP of service; On the other hand, the Internet brought infinite business opportunities for numerous companys houses, the Internet connects the whole world at together, headed for the Internet to mean to head for the world, this good matter that are to long for day and night to numerous companys houses doubtless, especially for in small business enterprise. For solving this antinomies, for the sake of the ability is in the safety of foundation up greatly open this door that lead to the world, we had to choose the data to encrypt and according to encrypt the technical numeral signature. Encrypt in the function on the network is to preventfrom useful or the privatization information be intercept on the network and steal. A simple example is a password to deliver, the calculator password is extremely important, many safe protection system is according to password of, the password reveal overall breakup that comes up to speak to mean its safe system in a certain meaning. While carrying on register through a network, the password key-in is deliver with the form of the clear statement server, but network ascend of eavesdrop is an extremely easy affair, so the very probably black guest will steal the password of the customer, if the customer is customer of Root or customer of Administrators, that result will be extremely serious. Return the like fruit your company at carry on a certain invitation to bid items bid to work, the staff member gives out the invitation to bid unit to the mark book of their unit in the way of E-mail, if have another rival to steal the mark book of your company from the network at this time, knowing the object that your company bid from it, that result will how, believe need not say cleverness more of you are also understand. Such example is really too many, the project that solves the above-mentioned hard nut to crack is to encrypt, encrypt behind of password was even acquire by the black guest also is not readable, encrypt behind of mark book have no private key of consignee and also cant untie, mark disorderly code that the book become a lot of to have no actual meaning. In fine regardless is unit or personal come up to say in a certain meaning that ages that encrypt to also become the network society to carry on the document or the mail SSLs nowadays symbolize! Numerical signature be according to encrypt the technical, its function be use whether certain customer is true or not. Apply is still an E-mail at most, such as be the customer to receive an E-mail, mail top the mark has the addressers name and the mailbox addresses, the many people may think in brief the addresser is a letter up explanatory that person, but forge an E-mail actually for an usually person to say that is an extremely easy matter. In this kind of case, will use the numeral signature of encrypt the technique foundation, use it the confirmation sends letter the reliability of the Human body. The similar numeral signature is technical to still have an attestation of a kind of body technique, some stations order to provide into the station FTP and the WWW service, certainly this service that customer usually get in touch with is an anonymous service, the power of the customer wants to be subjected to the restrict, but this service that also have is not anonymous, such as the some company provide the customer to cooperate the not anonymous FTP of colleague for the sake of the information exchanges service, or develop the group their web page of Web carries the customer up of server of WWW up, the problem of now be, customer how make sure that just the person of the server who visit the customer be the customer think of that person, an attestation of body the technique is a good solution. Need to be emphasize here that 1:00 be, the document encrypt in fact not used for E-mail or the document on the networks deliver only, also can apply the document protection of the static state in fact, can clip to carry on encrypt to the disk, the document or the document in the hard drive such as the software of PIP, in order to prevent the others steal among them of information.Three, two kinds of encrypt methodThe Encrypt technique is usually divided into the two major types: Symmetry type and not symmetry type. The symmetry type encrypt is to encrypt and decrypt to use the same of key of encrypt, usually call it as the Session Key this kind of encrypts the technique currently drive extensive adoption, encrypt such as the DES that American government adopt the standard is a kind of symmetry type of typical model to encrypt the method, its the length of Session Key is a 56 Bites. The not symmetry type encrypt is to encrypt and decrypt use of is not the same of key of encrypt, usually have two encrypt keys, be called male key and private key, they two must form couples the usage, otherwise cant open to encrypt the document. “Male key here means and can announce outward of, private key then cant, only the ability is know by a person of holder. Its superior sex right here, because the symmetry type encrypts the method if deliver to encrypt the document on the network very difficult tell the other party the key of encrypt, use in spite of what methods all was probably do not eavesdrop. Rather than the symmetry type encrypt the method contain two encrypt keys, and male key in which is can publicly of, also know for the not afraid other people, the consignee decrypt as long as use own private key then with, thus nicely avoided the key of encrypt deliver the safety problem.Four, the management of the key of encrypt The key of encrypt requests to keep secret since this involve the key of encrypt of management problem, if dont manage well, the key is possible revealed unconsciously, is not to have the key of encrypt, any keep secret also just opposite, sometimes effect. To manage the good key , we still need to notice following few aspects:1, the usage of the key wants to notice the time limited efficacy and number of timeless If the customer can use the same key and other people to exchange the information once and with a run, so key also together other any passwords are similar to exist the certain safety, although say that the private key of the customer is wrong the outside is public of, also can hardly guarantee the confidentiality of the private key long-term, the very difficult assurance was not reveal for long time. If someone knew the key of the customer accidentally, so customer ever and each news that another person exchange no longer are to keep secret of. Use another information that a particular key encrypt more many, provide to eavesdrop of material also more many, come up to speak from a certain meaning also more insecurity.Therefore, emphasize generally only used for a dialogue key an information in or have a conversation once medium, or build up a kind of replace the mechanism of the key of 密 to let up the possibility of the key revelation on time.2, the management of encrypt Suppose to have 100 persons in some organization, if they arbitrarily two peoples can carry on the secret dialogue, need so and altogether how many keys ?Everybody need know how many keys ?Perhaps very easy get an answer, if of any two person wants the different key , then need 4950 keys altogether, and everybody should remember 99 keys. If the number of the organization is 1000 and 10000 people or more, this kind of way obviously and too stupid, the management key will be a terrible affair. The Kerberos provided a kind of solve this better project, it is to be invent by the MIT of, make management of keep secret the key and distribute to become very easy, but this kind of method still exists the certain weakness. In order to can provide a practical solution on Internet, the Kerberos built up a safety of, the key of the dependability distributes the center( the Key Distribution Center, KDC), each customer as long as know a different from KDC carry on the key of the conversation all rightly, but do not need to know 100 up to thousandth key. Suppose the customer A wants to carry on the secret correspondence with the customer B, then the customer A first and the KDC correspondence, use to only have the customer AN and KDCs to know of key of carry on encrypt, the customer A tell the KDC that he thinks to carry on the correspondence with the customer B, the KDC will choose a dialogue key random for the conversation between the customer AN and the customer B, and born label, this label is carry on by the KDC and key of between the customer B to encrypt, and at the customer A start and the customer B dialogue, the customer A will hand over to the customer B this label. The function of this label is to let the customer a make sure is the customer B with his confabulation, not the one who pretend to be. Because this label is from only the key that the customer B and KDCs know carry on encrypt of, so the one who even pretends to be gets the label that the customer A send out to also impossibly carry on decrypt, only the customer B then can carry on decrypt enough after receive, the person who thus made sure to have a conversation with the customer AN is customer B. When born label and random conversation passwords of KDC, would they use only have the customer AN and KDCs know of key carries on encrypt, then pass the customer A to the label and the conversation key, the result for encrypt can insure to only have the customer AN and can get this information, only have the customer AN and can make use of this conversation key and the customer B to carry on converse. Manage together, the KDC will encrypt the key that the conversation password use to only have KDC and the customer Bs to know, and give the customer B the conversation key. The customer A will start an and the conversation of the customer B, counteract to get of the conversation that the conversation key encrypts the oneself and the customer B, still want the KDC passes it of the label passes the customer B with the body of the assurance customer B, then of the customer AN and the customer B can use the conversation key carries on the safety of conversation, and for the sake of the assurance safety, this conversation key is a time, the thus black guest is more difficult to carried on to break to solve. At the same time because the key is a sex to be is automatic by the system to produce of, then the customer need not record so many keys, convenience t