163 blogs的博客：PKCS 名词解释

(PKCS) A set of syntax standards for public key cryptography covering security functions, including methods for signing data, exchanging keys, requesting certificates, public key encryption and decryption, and other security functions.

注：Public Key Cryptography，不是说用Public key来做加密。而是指的一个统一的加密标准。

1. encrypt symmetric session key （看似没啥用，一般都是对方的公钥加密session key，然后传给对方，对方用私钥解密）

1. decrypt symmetric session key （看似没有，因为公钥是公开的，数据被窃取到，对方就可以用公钥进行解密操作）

3. encrypt message (这个message最好是session key，这样只有拥有私钥的才能解密)

A set of cryptographic keys used for public key cryptography. For each user, a CSP usually maintains two public/private key pairs: an exchange key pair and a digital signature key pair. Both key pairs are maintained from session to session.

A public/private key pair used to encrypt session keys so that they can be safely stored and exchanged with other users. Exchange key pairs are created by calling the CryptGenKey function.

注：他这里说是用来加密session key的，但它明明是个pair，怎么用pair加密session key呢。可以设想，它使用public 还是 private加密的呢？由于public key在大多数csp中都能导出，为了安全，我们应该做成用public key加密，这样private key无法导出，而且只能用private key进行解密。（反过来说，如果用private key加密，那么就得public key解密。这样我一旦导出public key，我就能解密信息了。除非public key也无法导出，那就随便了。嘿嘿）

The public/private key pair used for authenticating (digitally signing) messages. Signature key pairs are created by calling CryptGenKey.

MSDN也是说用public key加密session key，用private key 来解密。用private key 签名，用public key验签。见下面俩段内容。

Encryption that uses a pair of keys, one key to encrypt data and the other key to decrypt data. In contrast, symmetric encryption algorithms that use the same key for both encryption and decryption. In practice, public key cryptography is typically used to protect the session key used by a symmetric encryption algorithm. In this case, the public key is used to encrypt the session key, which in turn was used to encrypt some data, and the private key is used for decryption. In addition to protecting session keys, public key cryptography may also be used to digitally sign a message (using the private key) and validate the signature (using the public key).

以下是对称密钥，对称算法的解释，引自MSDN 2008。

symmetric algorithm

A cryptographic algorithm that typically uses a single key, often referred to as a session key, for encryption and decryption. Symmetric algorithms can be divided into two categories, stream algorithms and block algorithms

stream cipher

A cipher that serially encrypts data, one bit at a time.

block cipher

A cipher algorithm that encrypts data in discrete units (called blocks), rather than as a continuous stream of bits. The most common block size is 64 bits. For example, DES is a block cipher.

symmetric encryption

Encryption that uses a single key for both encryption and decryption. Symmetric encryption is preferred when encrypting large amounts of data. Some of the more common symmetric encryption algorithms are RC2, RC4, and Data Encryption Standard (DES).

symmetric key

A single key used for both encryption and decryption. Session keys are usually symmetric.

salt value

Random data that is sometimes included as part of a session key. When added to a session key, the plaintext salt data is placed in front of the encrypted key data. Salt values are added to increase the work required to mount a brute-force (dictionary) attack against data encrypted with a symmetric-key cipher. Salt values are generated by calling CryptGenRandom.