Asymmetric Key Algorithm; Ssh Operating Process - H3C S5600 SERIES Operation Manual

and decryption are performed using a string of characters called a key, which controls the
transformation between plain text and cipher text, for example, changing the plain text into cipher text or
cipher text into plain text.
Figure 1-1 Encryption and decryption
Key-based algorithm is usually classified into symmetric key algorithm and asymmetric key algorithm.

Asymmetric Key Algorithm

Asymmetric key algorithm means that a key pair exists at both ends. The key pair consists of a private
key and a public key. The public key is effective for both ends, while the private key is effective only for
the local end. Normally you cannot use the private key through the public key.
Asymmetric key algorithm encrypts data using the public key and decrypts the data using the private
key, thus ensuring data security.
You can also use the asymmetric key algorithm for data signature. For example, user 1 adds his
signature to the data using the private key, and then sends the data to user 2. User 2 verifies the
signature using the public key of user 1. If the signature is correct, this means that the data originates
from user 1.
Both Revest-Shamir-Adleman Algorithm (RSA) and Digital Signature Algorithm (DSA) are asymmetric
key algorithms. RSA is used for data encryption and signature, whereas DSA is used for adding
signature.
Currently, SSH supports both RSA and DSA.

SSH Operating Process

The session establishment between an SSH client and the SSH server involves the following five
stages:
Table 1-1 Stages in establishing a session between the SSH client and server
Version negotiation
Key and algorithm negotiation
Stages Description
SSH1 and SSH2 are supported. The two parties negotiate
a version to use.
SSH supports multiple algorithms. The two parties
negotiate an algorithm for communication.
1-2