Design and implementation of RSA file encryption software based on JAVA (source code + paper)

Chapter 1 RSA Application Status and Analysis of Application in File Encryption
1.1 Introduction and Application Status of
RSA Algorithm RSA algorithm can be briefly described as follows:
<Key Generation>
Take prime numbers p, q, and let n=p×q.
Take the sum (p- 1) ×(q-1) is a relatively prime integer e.
Solve d from the equation d×e=1 (mod (p-1)×(q-1)), and the two-
tuple (e,n) is the public secret Key, the two-
tuple (d, n) is used as the private key.
<Encryption and decryption>
b=ae mod n, c=bd mod n. The
proof is given in the appendix a=c (mod n).
(For the specific RSA algorithm protocol, see http://www.di-mgt.com.au /rsa_alg.html, the letters in the mentioned algorithm are the same as those in the protocol document, so no further explanation will be given) The
RSA public key encryption algorithm has been widely recognized and applied since it was proposed in the 1970s. So far, various aspects of the electronic security field have formed relatively complete international standards. As the most important public key algorithm, RSA has numerous applications in various fields. In terms of hardware, RSA uses mature technology ICs in various consumer electronic products.
The application of RSA in software is mainly concentrated on the Internet. The core algorithms of encrypted connections, digital signatures and digital certificates widely use RSA. In daily applications, there is a well-known toolkit Open SSL (SSL, Security Socket Layer, which is a secure transmission protocol for data protection and identity verification on the Internet. Open SSL is an open source code that implements SSL and related encryption technologies. The software package was initiated and written by Eric Yang in Canada. For details, please refer to http://www.openssl.org/about/). Open SSL uses RSA to implement signature and key exchange, and has been widely used in various operating systems. In addition, the well-known IE browser naturally implements the SSL protocol, integrates the encryption function using RSA technology, combines MD5 and SHA1, and is mainly used for digital certificates and digital signatures. For users who are accustomed to online shopping and online banking, That said, RSA technology is used almost every day.
RSA even appears in enterprise-level business applications that require a high degree of security and stability. In today's enterprise-level business applications, I have to mention the most widely used platform j2ee. In fact, in the standard library of j2se, two sets of APIs are provided for security and encryption services: JCA and JCE. JCA (Java Cryptography Architecture) provides a basic encryption framework, such as certificates, digital signatures, message digests and key pair generators; JCA is composed of several classes and interfaces that implement basic encryption technology functions, the most important of which is java.security package. This package contains a set of core classes and interfaces. The digital signature methods in Java are concentrated in this package. JCE (Java Cryptography Extension) is extended on the basis of JCA. JCE is also composed of several software packages, the most important of which is the javax.crypto package, which provides the JCE encryption technology operation API. The Cipher class in javax.crypto is used for specific encryption and decryption. In the implementation of the above software package, various data encryption specifications using the RSA algorithm are integrated (for the introduction of RSA algorithm application specifications, please refer to: http://www.rsasecurity.com/rsalabs/node.asp?id=2146, these APIs are internal The supported algorithm is not only RSA, but RSA is the most commonly used in digital signatures and certificates), user programs can directly use the API provided in the java standard library to perform various operations on digital signatures and certificates.
It is still relatively rare for stand-alone applications to use RSA encryption, such as using RSA to encrypt any file.
1.2 Analysis of RSA applied to file encryption
1.2.1 The feasibility of using RSA for file encryption
Through the discussion in section 1.1, it is not difficult to see that the applications of RSA today are mostly digital signatures and certificates. The reason why it is only applied to the encryption and decryption of these short data is that RSA algorithm encryption is extremely slow, and the speed is about one thousandth of the speed of DES symmetric key encryption. Because of this, the idea of ​​applying RSA to ordinary file encryption has been ignored. Usually files are thought of as large data blocks, but in fact, in daily applications, some extremely important text materials are not too big, such as bank account numbers and passwords recorded in ordinary text for fear of forgetting, and should not be used by strangers Know important phone numbers, important small pictures of several kilobytes, etc.
Although the speed of RSA encryption operation is very slow, the PC performance is getting better and better today, and the time consumed by RSA encryption with a few hundred-bit keys for several kilobytes of data should be acceptable. The following combined with the debugging of the large number arithmetic program, theoretically simple analysis consumes time. Perform exponentiation and modulus operation on an integer on a PC with a common configuration. Because e of the public key is usually small, the exponent is taken as a small integer, such as C353, which modulates a 70-byte long integer (140-bit ten Hexadecimal, the large number unit is realized in a linear group, corresponding to the RSA algorithm, which is equivalent to about 560bit n), debug a function test, optimize the program according to the knowledge in elementary number theory, and finally configure it in one machine It takes about 45 milliseconds to test on a PC with AMD Athron2800+, 333MHZ FSB and 512MB physical memory. If at this speed, the same calculation is performed on 1KB of data byte by byte, the theoretically consumed time is 1024 times 45 milliseconds, or about 45 seconds. This time is not very long.
In fact, from a simple point of view, since RSA is feasible for digital signatures, it can be used for ordinary files of the same size. For a larger file, if it is divided into segments of the same size as the digital signature (here we assume that the digital signature is shorter, and the encryption is completed without segmentation), and the separated segments are encrypted one by one, then the time required is only based on the file The size increases linearly. Usually the digital signature is tens of bytes, and the encryption operation does not require a long wait. This means that for files with a size of several hundred bytes or one or two kilobytes, if RSA encryption is performed, it will not be very long work. Of course, if the file is larger, encryption becomes very lengthy. For example, according to the 45 millisecond large number calculation program described above, it takes about 1 day to encrypt a 1M byte file. Therefore, if you want to encrypt a file with a long key RSA with a few hundred bits or more on an ordinary PC, the file cannot be too large. Generally, the acceptable upper limit is a few KB. If you want to encrypt a large file in a short time, you need to shorten the key length to reduce the amount of calculation, which will bring security risks.
Chapter 3 of this article will test specific time consumption data based on the actual debugged software. For example, the software tested and implemented on a PC configured with AMD Athron 2800+, FSB 333MHZ and physical memory 512MB, it takes 55 seconds to encrypt a 1KB file with 560bit n byte by byte. Usually, the size of a text file that records important data such as bank account passwords is less than a hundred bytes, and encryption only takes a few seconds. So for small files, RSA encryption with longer keys is completely feasible.
1.2.2 The significance of using RSA for file encryption
As described in section 1.2.1, RSA can be used for small file encryption. For example, bank account numbers and passwords recorded in ordinary text for fear of forgetting, important phone numbers that should not be known by strangers, and important small pictures of several kilobytes. A feasible method is not necessarily necessary. This section discusses what kind of file is suitable for asymmetric key encryption, that is, the meaning of RSA encrypted files.
For the maintenance of the small text and binary data with important information described above, ①If it is not encrypted, it will not be safely stored on the computer, especially the public computer connected to the Internet or in the computer room. ② It is very cumbersome to maintain a few small files with the help of a powerful large-scale multi-user data protection program, like a sledgehammer. ③If symmetric key encryption is used, that is, the encryption and decryption keys are the same, which is only suitable for some cases. In some cases, using a symmetric key to encrypt files is not convenient for communication. For example, for some reason, Zhang San needs to leave some of his files with Li Si on a public computer, and does not want others to see the content. If symmetric key encryption is used, Zhang San and Li Si can arrange a password in advance. But if Zhang San wants to leave another secret file to Wang Wu on the same public computer, and he does not want others to see it, he must agree on another password with Wang Wu. If you need to leave ten files on this public computer for different people, you have to memorize the password agreed upon with ten people. This is not convenient for communication, because for Zhang San, you have to maintain too many keys by yourself. Asymmetric key (public key method) just solves this problem. As long as everyone is on this computer or a place that this computer can access and leaves their own public key, everything becomes easier to solve. The files that Zhang San wants to leave to Li Si are encrypted with Li Si's public key, and the files to be left to Wang Wu are encrypted with Wang Wu's public key. As long as Li Si and Wang Wu decrypt the files left to them with their own private keys, they can get the files left to them. Obviously, the asymmetric key system is more suitable for multi-user communication, and the direct application of this encryption method to file encryption makes our communication in public places more flexible and convenient.
A more practical situation is that we want to send important confidential information to someone through public forums or emails on the Internet. For example, send a bank account and password to someone. To ensure security in this situation, it is more difficult on today's Internet. ① If you use public forums to leave messages directly to designated users, forum administrators and server administrators usually have a way to see the data. ②If you send mail, although the transmission process is encrypted, the password is maintained by the mail server after all, so the system administrator usually has a way to see the content. The key to the problem is that all our data, including keys, is stored on the server. In this case, we need to use the public key method and maintain the private key ourselves. RSA file encryption can solve these problems flexibly. For example, we can encrypt any file with someone’s public key into a piece of text that can be copied and pasted, and then paste it on the public Internet. The other party only needs to copy and save the text that needs to be decrypted into a text file. You can decrypt it with your own private key. We can encrypt our private key through DES and save it on our mobile disk. When using it, we only need to decrypt it and read it, and it will be cleared from the current operating environment immediately after use. In this way, we maintain our own private key and use a simple and open way to safely transmit any small data, including all binary files.
Therefore, in the case of using small files for data exchange, a better solution is to use a small application to encrypt these files with asymmetric keys. In order to be suitable for the aforementioned situation of communicating important and confidential information with a certain person in a public BBS, the data generated by encryption should be text, which can be copied and pasted easily.
In summary, there are two important meanings for encrypting files using the method described above: ① Using asymmetric keys to encrypt any file, so that the application of asymmetric keys is not limited to the Internet. ② The asymmetrically encrypted data is transformed into text, so that we can safely transfer any file in almost any way, such as using xml in an environment with only http.