加密方式

对称加密

在对称加密算法中，加密、解密时需要的密钥是相同的，也就是说，使用“小鸡炖蘑菇”这句话既可以对信息加密，也可以用来解密加密后的字符串，因此在使用对称加密是，密钥一定不能被人知晓，对称加密不具备前向安全性；当然因为加解密逻辑简单，所以对称加密性能高速度快。

[root@JumpServer ~]# openssl speed aes
Doing aes-128 cbc for 3s on 16 size blocks: 19905551 aes-128 cbc's in 2.96s
Doing aes-128 cbc for 3s on 64 size blocks: 5527716 aes-128 cbc's in 2.97s
Doing aes-128 cbc for 3s on 256 size blocks: 1403847 aes-128 cbc's in 2.95s
Doing aes-128 cbc for 3s on 1024 size blocks: 356786 aes-128 cbc's in 2.97s
Doing aes-128 cbc for 3s on 8192 size blocks: 44622 aes-128 cbc's in 2.97s
Doing aes-192 cbc for 3s on 16 size blocks: 16907744 aes-192 cbc's in 2.97s
Doing aes-192 cbc for 3s on 64 size blocks: 4576864 aes-192 cbc's in 2.95s
Doing aes-192 cbc for 3s on 256 size blocks: 1175446 aes-192 cbc's in 2.97s
Doing aes-192 cbc for 3s on 1024 size blocks: 295352 aes-192 cbc's in 2.97s
Doing aes-192 cbc for 3s on 8192 size blocks: 36745 aes-192 cbc's in 2.95s
Doing aes-256 cbc for 3s on 16 size blocks: 14730699 aes-256 cbc's in 2.98s
Doing aes-256 cbc for 3s on 64 size blocks: 3957665 aes-256 cbc's in 2.97s
Doing aes-256 cbc for 3s on 256 size blocks: 998590 aes-256 cbc's in 2.95s
Doing aes-256 cbc for 3s on 1024 size blocks: 253385 aes-256 cbc's in 2.97s
Doing aes-256 cbc for 3s on 8192 size blocks: 31612 aes-256 cbc's in 2.96s
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-128 cbc     107597.57k   119115.77k   121825.37k   123013.09k   123078.59k
aes-192 cbc      91085.49k    99294.68k   101317.90k   101831.80k   102039.00k
aes-256 cbc      79091.00k    85283.02k    86657.30k    87362.37k    87488.35k

非对称加密

在非对称加密中，加密和解密的密钥是不同的，公钥加密的内容只有私钥才能解开，私钥加密的内容只有公钥才能解开。原理是大数求对数难度相当高，因为非对称加密比较复杂，性能远低于对称加密。

[root@JumpServer ~]# openssl speed rsa
Doing 512 bit private rsa's for 10s: 176715 512 bit private RSA's in 9.83s
Doing 512 bit public rsa's for 10s: 3049621 512 bit public RSA's in 9.86s
Doing 1024 bit private rsa's for 10s: 80712 1024 bit private RSA's in 9.87s
Doing 1024 bit public rsa's for 10s: 1299532 1024 bit public RSA's in 9.87s
Doing 2048 bit private rsa's for 10s: 11920 2048 bit private RSA's in 9.74s
Doing 2048 bit public rsa's for 10s: 433963 2048 bit public RSA's in 9.87s
Doing 4096 bit private rsa's for 10s: 1890 4096 bit private RSA's in 9.84s
Doing 4096 bit public rsa's for 10s: 124375 4096 bit public RSA's in 9.85s
                  sign    verify    sign/s verify/s
rsa  512 bits 0.000056s 0.000003s  17977.1 309292.2
rsa 1024 bits 0.000122s 0.000008s   8177.5 131664.8
rsa 2048 bits 0.000817s 0.000023s   1223.8  43967.9
rsa 4096 bits 0.005206s 0.000079s    192.1  12626.9

综上，https握手交互密钥阶段会使用非对称加密，而传输数据时使用对称加解密。