Symmetric encryption AES SM4, asymmetric encryption RSA SM2, hash digest SHA SM3: How are the strings generated by these algorithms turned into certificates?
Directory Navigation
Encryption
Key
A string, or more precisely a binary string. For human readability, it's usually encoded with BASE64.
Encryption algorithms use this string to encrypt data, ensuring that the original content (plaintext) is not leaked.
Algorithm
Algorithm types
If the same key is used for encryption and decryption, it is a symmetric encryption algorithm. For example, AES, SM4, etc.
If encryption and decryption use different keys, then it is an asymmetric encryption algorithm, such as RSA, SM2, etc. The keys are divided into private keys and public keys, where the public key can be disclosed and obtained by any user. The private key must be strictly kept confidential. The public key can be calculated from the private key, but the private key cannot be calculated from the public key.
If this encryption algorithm is one-way, it's a hash digest algorithm, such as SHA, SM3, etc. Any change to the original content will lead to a change in the digest result. It's impossible to calculate the original data from the digest.
Algorithm Comparison Table
| Algorithm categories | Core definition | Mainstream Representative Algorithms | Core usage scenarios | Core advantages | Core disadvantage | An inviolable red line of security |
|---|---|---|---|---|---|---|
| Symmetric encryption algorithm | Encryption, decryption useThe same keyThe core is block cipher / stream cipher, with a fixed key length, an open algorithm, and security dependent on key secrecy | [International Standards] AES-128/192/256, ChaCha20 [Domestic Standards] SM4-128 [Deprecated] DES/3DES | 1. Bulk data / file / disk encryption 2. Database sensitive field encryption 3. TLS/SSH/VPN session data encryption 4. High-speed internal network data transmission encryption | 1. Extremely fast encryption/decryption speeds, full performance. 2. Low resource utilization, suitable for embedded/low-power devices. 3. Comprehensive hardware acceleration support (AES-NI / domestic crypto chips). 4. Simple implementation, excellent compatibility. | 1. Key distribution is difficult and cannot be securely transmitted over public networks. 2. Lacks identity authentication capabilities, unable to prove data origin. 3. Once a key is leaked, encryption becomes completely ineffective. 4. Does not support non-repudiation, unable to prevent denial. | 1. ECB mode is prohibited in the production environment. 2. Hardcoding keys and committing keys to code repositories are prohibited. 3. Weak/fixed keys are prohibited; keys must be rotated regularly. 4. Passwords must not be used as direct replacements for standard keys. |
| Asymmetric encryption algorithm (public-key cryptography) | Encryption, decryption useA pair of highly correlated keysPublic keys can be distributed publicly, private keys must be kept absolutely confidential; it is impossible to derive the private key from the public key. | [International Mainstream] RSA, ECC (secp256r1/secp384r1), Ed25519 [Chinese Cryptographic Standard] SM2 | 1. Identity authentication, digital signature / verification 2. Key negotiation (e.g., symmetric key transmission during TLS handshake) 3. Digital certificate systems, HTTPS/SSL communication 4. Mutual authentication, code signing, blockchain, electronic seals | 1. Completely solves the difficult problem of key distribution over public networks. 2. Supports identity authentication and non-repudiation, preventing denial. 3. Public keys can be fully disclosed and do not require confidential transmission. 4. Private keys are held only by the owner, and identity is traceable. | 1. Encryption and decryption speed is extremely slow, with performance far below that of symmetric algorithms. 2. High resource utilization, not suitable for large-volume data encryption. 3. Longer key lengths, resulting in greater storage/transmission overhead. 4. Complex implementation, with extremely high requirements for parameter compliance. | 1. Private key = lifeline; absolutely forbidden to leak or store in plain text. 2. Forbidden to use weak key lengths (RSA < 2048 bits, SM2 < 256 bits). 3. Raw public keys must be authenticated through a CA certificate system to prevent man-in-the-middle attacks. 4. Forbidden to encrypt large amounts of data with public keys; only use for small data / key transfer. |
| Hashing Algorithm | 将Raw data of arbitrary lengthunidirectional mappingFixed-length unique hash valueNo key, irreversible, original data cannot be inferred from the hash value | [International Mainstream] SHA-256/SHA-384/SHA-512 (SHA-2 Series), SHA-3 Series [Chinese National Standard] SM3 [Cracked and Obsolete] MD5, SHA-1 | 1. Data integrity verification, file tamper-proofing verification 2. Digital signature pairing (hash first, then sign) 3. Salted password hash storage (server-side prohibits plaintext password storage) 4. Certificate fingerprint, interface anti-replay, blockchain block hash | 1. One-way and irreversible; the original text cannot be inferred from the hash value. 2. Fixed-length output; regardless of the original text length, the result length is unified. 3. Fast calculation speed and extremely low resource utilization. 4. Accurately verifies whether data has been tampered with, even with a 1-byte change. | 1. No encryption capabilities, can only perform integrity checks. 2. Cannot solve identity authentication problems, and has no trust endorsement when used alone. 3. Weak algorithms have the risk of hash collisions and can be forged. 4. Cannot be directly used for data encryption and transmission. | 1. MD5, SHA-1, and other broken weak algorithms are absolutely forbidden in production environments. 2. Passwords must be salted and hashed for storage; direct storage of raw hash values is prohibited. 3. Hash values must not be used directly as encryption keys. 4. Tamper-proof scenarios must be combined with signature/certificate systems; hashing alone cannot prevent forgery. |
Algorithm length
The number after the algorithm, such as AES-128, indicates a 128-bit (16-byte) key, while AES-256 uses a 32-byte key. SM4, on the other hand, is fixed at 128 bits (16-byte length).
Algorithm Patterns
The same algorithm may have different modes, such as AES-128-CTR, AES-128-CBC, AES-256-GCM, AES-192-CCM; SM4-128-CBC, SM4-128-CTR.
Comparison of Common Patterns
Table
| Mode | Full name | Features | Typical scenario |
|---|---|---|---|
| European Central Bank | Electronic Password Book | The simplest, but least secure (same plaintext = same ciphertext) | Almost eliminated |
| CBC | Password group link | Padding, Serial, Legacy TLS | Legacy systems, compatibility scenarios |
| Click-through rate | Counter | Parallel, non-padded, stream cipher | VPN, Disk, High Performance |
| GCM | Galois counter | CTR + Certification(AEAD), most secure | HTTPS/TLS 1.3, SSH, IPsec |
| CCM | Counter - Password Blockchain | With certification, suitable for low power consumption | Bluetooth, IoT, 802.15.4 |
Algorithm implementation
Some algorithms place their provider or implementer at the end, such asaes128-ctr@openssh.comThis indicates that the AES-128 algorithm in CTR mode is implemented by OpenSSH.
Certificate
Who does the key belong to? Is it valid? Is it forged?
Certification Authority (CA)
For key security, keys need to be packaged and certified to prove their ownership, validity, and include new strings from an issuing authority, which is a certificate. This issuing authority is the CA.
If authentication is private, such as services within a local area network, you can build your own CA, distribute certificates, and enforce recognition.
If the certificate is publicly available—such as for public internet services—it must be issued by a widely recognized CA, such as DigiCert or CFCA.
Visa application CSR (Certificate Signing Request)
To obtain a CA-signed certificate, you must package the application information into a CSR and submit it to the CA. Since this information is in plain text, it can theoretically be submitted to multiple CAs for review.
CSR files contain:
- YoursPublic key
- Subject Information (Domain Name / Organization / City / Country, etc.)
- When generating a block of data to be signed, the following is used:Local private keySign your own CSR to prove the requester holds the corresponding private key.
A piece of data within it can be decrypted using the public key in the CSR, thereby proving that the CSR initiator indeed possesses the private key corresponding to this public key.
Certificate obtained
Its content, in addition to the applicant's information, includes important additional content from the CA:
- Certificate Number: Unique
- Issuer Information: Country, Province, City, Organization, Common Name (CA Name), representing “Who issued this certificate”
- Signature Algorithm: Algorithm used by the CA when issuing, for example
sha256WithRSAEncryption、sm3WithSM2Encryption - Expiration date:
The CA will encrypt the certificate content above with its private key (digital signature). The user verifies the signature with the public key issued by the issuing structure, proving that the certificate was issued by a legitimate CA institution, that the content is authentic, and that it has not expired.
Two-way certificate
It's the client and server, each sending their own certificate to authenticate with the other, and then starting official communication after confirming identities.
The certificates from both parties can be issued by different CA authorities, especially for internet services. However, in a local area network environment, to simplify things, most organizations build their own CA, with most certificates issued by the same CA.
Others
Key protection
When generating asymmetric keys, primarily the private key, it can be protected with AES, and the password needs to be entered the next time the private key is used. This prevents the plaintext private key from being leaked.
But if the user is a backend service, such as a database or HTTPS service, it's impossible for the backend to manually enter a password when the user accesses it to use the private key for authentication. In this case, you can:
1. Remove this protection password. At this point, the private key is in plaintext. Protect the plaintext key file through access control.
2. Modify the backend service to import the password into the service. When decrypting the private key, provide the password for normal use. Of course, this password then becomes an object to be protected. If security still doesn't allow this, then this password should not be saved locally but rather stored in a Key Management System (KMS). After this password is encrypted by KMS, it is saved locally. When using it, such as during service startup, send the encrypted password to KMS for decryption first, obtain the plaintext password, and store it only in memory for subsequent use of the private key.
Summary
Asymmetric encryption is mainly used for identity authentication, and the key length is generally longer, 2048 or even 4096. For the secure and trustworthy public key information, certificates and corresponding recognized issuing authorities have emerged.
Symmetric encryption is mainly used for secure data transmission, and performance requirements cannot be significantly reduced. Key lengths of 128, 192, or 256 bits are generally sufficient. This key is dynamically negotiated by both parties when they connect. During this process, encrypting it with the other party's public key before transmission ensures security during the negotiation.
A hash is used to verify that a piece of text has not been tampered with.