File encryption and decryption
1. Protect private data from unauthorized access;
What is encryption
1. Protect private data from unauthorized access;
2. Used to hide real data and carry out safe data transmission;
3. Avoid data interception by third parties;
2. Used to hide real data and carry out safe data transmission;
3. Avoid data interception by third parties;
Ancient encryption method: replacement (reverse order, replacement)
History of encryption algorithms
Ancient encryption method: replacement (reverse order, replacement)
Modern encryption algorithms: encryption with passwords, encryption with two sets of passwords, and dynamic password encryption.
Modern encryption: symmetric encryption, asymmetric encryption
Modern encryption algorithms: encryption with passwords, encryption with two sets of passwords, and dynamic password encryption.
Modern encryption: symmetric encryption, asymmetric encryption
1. Can encrypt and decrypt with a password, if it can be symmetric encryption.
Symmetric encryption
1. Can encrypt and decrypt with a password, if it can be symmetric encryption.
2. Symmetric encryption has a password.
3. Commonly used encryption methods DES, AES
2. Symmetric encryption has a password.
3. Commonly used encryption methods DES, AES
DES encryption algorithm
Description
DES uses a password to perform XOR on data in a large number of cycles
Operation to generate encrypted data.
DES encrypts the data in sequence, one encryption is 8 bytes together
Therefore, the DES password must be 64bit, which is 8 bytes
DES encryption implementation
1. The data after DES encryption cannot directly generate a string;
2. Encryption: M plaintext, K 12345678, D encrypted data
D = DES(M, K) Use K password to encrypt M to generate D
3. Decryption: M = DES(D, K)
4. This type of encryption and decryption that can be performed with the same password is called symmetric encryption.
DES API
1. Cipher encryption/decryption engine for actual processing
2. cipher.init(int mode, Key key) Set encryption or decryption
3. Key needs to use SecretKeyFactory for password creation for DES
DESKeySpec is used to create the password object
4. Cipher update(byte[]) will return part of the processed data every time it is called. DES API doFinal can only return the last data, not complete.
5. DES encryption is recommended to use doFinal to complete.
DESede encryption method
For DES or DESede, if DESede is implemented, then: Cipher algorithm is adjusted to DESede, and the algorithm formulated by SecretKeyFactory is also adjusted to DESede, which needs to use DESedeKeySpec to generate the password, and the length of the password is 24 bytes.
AES encryption algorithm
Features
1. Fast
2. High strength
3. AES 128bit encryption is supported by default in Java
AES 256bit US military standard;
AES 256bit requires a US export license to be used.
DES, AES features-block encryption
Padding: When encrypting, block data is processed one by one according to a fixed length, and the block can be controlled by Cipher parameters
NoPadding: If the data is not a multiple of the block length, it will not be filled
Under normal circumstances, the padding will automatically add byte 0 to the end of the data.
Cipher algorithm commonly used in AES
1. AES 默认可以使用,有时也会出现BadPaddingException,不建议使用
2. AES/ECB/PKCS5Padding 另外一种AES 加密形式,建议使用
3. AES/CBC/PKCS5Padding 内部的算法模式不同。
4.算法及密码长度限制
算法/模式/填充 16字节加密后数据长度 不满16字节加密后长度
AES/CBC/NoPadding 16 不支持
AES/CBC/PKCS5Padding 32 16
AES/CBC/ISO10126Padding 32 16
AES/CFB/NoPadding 16 原始数据长度
AES/CFB/PKCS5Padding 32 16
AES/CFB/ISO10126Padding 32 16
AES/ECB/NoPadding 16 不支持
AES/ECB/PKCS5Padding 32 16
AES/ECB/ISO10126Padding 32 16
AES/OFB/NoPadding 16 原始数据长度
AES/OFB/PKCS5Padding 32 16
AES/OFB/ISO10126Padding 32 16
AES/PCBC/NoPadding 16 不支持
AES/PCBC/PKCS5Padding 32 16
AES/PCBC/ISO10126Padding 32 16
AES API
1. Cipher 加密/解密引擎
2. 创建密码生成器 KeyGenerator,设置密码生成的密码长度 128 bit和设备安全随机数 ,
如keyGenerator.init(128, new SecureRandom(password.getBytes()));
3.生成 SecretKey keyGenerator.generateKey()
4. 初始化 引擎 cipher.init(Cipher.ENCRYPT_MODE, secretKey)
5. 加密处理 cipher.doFinal(byte[] origData)
非对称加密算法
加密实现
1. M 明文 D 公钥 E 密钥 C 密文 n 公共模数 0x10001
2. C = M ^ E mod n
3. M = C ^ D mod n
4. 通常 E + n 作为 私钥隐秘保存
5. 通常 D + n 作为公钥,可以给任何人。
6. 通过 C ^ D mon => M
7. E 通过计算两个 1024bit 以上的整数(并且是素数),
公钥 D = (素数1 - 1) * (素数2 - 1) E 包含两个素数
D 安全性足够高
非对称加密的API
1. Cipher 可以进行加密,用的是 “RSA”, “DSA”
2. KeyPairGenerator 生成 公钥和私钥
3. cipher init 加密用 私钥, init 解密 用的是公钥初始化。
加密实现
1. M 明文 D 公钥 E 密钥 C 密文 n 公共模数 0x10001
2. C = M ^ E mod n
3. M = C ^ D mod n
4. 通常 E + n 作为 私钥隐秘保存
5. 通常 D + n 作为公钥,可以给任何人。
6. 通过 C ^ D mon => M
7. E 通过计算两个 1024bit 以上的整数(并且是素数),
公钥 D = (素数1 - 1) * (素数2 - 1) E 包含两个素数
D 安全性足够高
非对称加密的API
1. Cipher 可以进行加密,用的是 “RSA”, “DSA”
2. KeyPairGenerator 生成 公钥和私钥
3. cipher init 加密用 私钥, init 解密 用的是公钥初始化。
Base64、MD5编码
android.util.Base64类
encode(byte[],flag)
encodeToString(byte[],flag) 编码并转换成字符串
decode(byte[],flag) 解码
flags标识
Base64.DEFAULT 默认,如果字符串过长(超过76)时自动在中间加一个换行符,字符串最后也会加一个换行符。可能会导致和其他模块对接时结果不一致,建议使用Base64.NO_WRAP
Base64.NO_WRAP 不换行处理
Base64.NO_PADDING 结束位置省略“==”
it.sauronsoftware.base64.Base64类
第三方Base64编码、解码工具类
Base64.decode(byte[]);
Base64.encode(byte[])
MD5
java.security.MessageDigest
MD5加密: