Preface
Hi, hello everyone, information security, as a more important subject in the current society, has covered all aspects of people’s lives, although sometimes we may not realize it, in fact, information security protection has silently protected our information security behind the scenes. Up. For example, when you browse a website on the Internet; when you are about to register or log in to a website and need to enter a password; when you buy goods on a shopping website to pay; when you withdraw money from a bank...
It can be said that information security is a key issue related to the interests of the country, city information, industry users, and people, especially data security, identity privacy and other information security is very important to everyone. At the beginning of the Internet, everyone’s security awareness was not so high. A lot of information was transmitted in plain text, and even in plain text in the database. This brought a lot of security problems, such as website hijacking, database dragging, personal password leaking, etc. , Has brought a very high threat to enterprises and society.
Today we will take you to start our safe journey together, and give you a detailed and in-depth explanation of the past and present of the encryption algorithm. This security tour will take you to learn more about some encryption algorithms and implementation methods commonly used in development (this example is implemented in Java language), hoping to enhance your understanding and understanding of encryption algorithms, and can Skilled application according to business scenarios. If you like this series of articles, you are welcome to like and share, thank you for your support here!
Basic concept
Cryptography has been in development for a long time. As early as the ancient Greek period, humans invented replacement cryptography. During World War II, the German military used the "Enigma" cryptographic machine, and cryptography played a very important role in the war. In 1997, the American National Bureau of Standards announced the implementation of the "American Data Encryption Standard (DES)", and private forces began to fully participate in the research and application of cryptography, using encryption algorithms such as DES, RSA, and SHA.
There are some basic concepts in cryptography. Before we officially start learning, let's first understand the related concepts in cryptography.
- Plain text : Refers to information or data that is not encrypted and can usually be directly identified, such as personal information, passwords, etc. Since the plaintext is not encrypted, it is easy to be identified and cracked. Therefore, encryption must be performed before the plaintext is transmitted.
- Ciphertext : After the plaintext is encrypted by an encryption algorithm according to certain rules, the plaintext will become a ciphertext, usually a bunch of unordered characters, and the ciphertext is complex and difficult to recognize and understand.
- Key : The encryption parameter used in the encryption algorithm. It is the parameter input in the algorithm for converting plaintext to ciphertext or ciphertext to plaintext. Keys are divided into symmetric keys and asymmetric keys.
- Encryption : The process of converting plain text into cipher text through an encryption algorithm.
- Symmetric encryption : Both parties in communication have a key at the same time, and encryption and decryption are all done by one key (that is, the encryption key is equal to the decryption key, and the encryption and decryption keys can be reversed from each other). The two parties jointly draft a key before communicating, which is not disclosed to third parties.
- Block encryption : The block cipher divides the plaintext into fixed-length groups, each group is encrypted with the same key and algorithm, and the output is also a fixed-length ciphertext.
- Decryption : The process of deciphering the ciphertext into plaintext through an encryption algorithm.
Encryption Algorithm
With the development of technology and at the same time to deal with the security of encryption algorithms, our encryption algorithms and security guarantee methods are constantly changing and upgrading. At present, the encryption algorithms commonly used in work are mainly divided into the following types:
- Message digest algorithm
- Symmetric encryption algorithm
- Asymmetric encryption algorithm
- National secret algorithm
Each algorithm also includes different implementations, and its algorithm complexity, security, and efficiency are different. In order to facilitate everyone to have an overall understanding of the encryption algorithm as a whole, I have drawn the following diagram, and the recommended collection and preservation are required.
Message digest algorithm
The message digest algorithm is also called a hash (Hash) algorithm or hash algorithm, which is a one-way encryption algorithm. In information security technology, it is often necessary to verify the integrity of a message. Hash function provides this service. It produces fixed-length output for input messages of different lengths. This fixed-length output is called the "hash" or "Message digest" of the original input message. A hash algorithm is not strictly an encryption algorithm because the result is irreversible. Since it is irreversible, it is of course not used for encryption, but mainly for digital signatures.
The message digest algorithm mainly includes the following three types:
- MD (Message Digest) message digest algorithm
- SHA (Secure Hash Algorithm) Secure Hash Algorithm
- HMAC (Keyed-Hashing for Message Authentication) message authentication code algorithm
Common message digest algorithms are : MD2, MD4, MD5, SHA-1, SHA-256, SHA-512, HMAC, etc.
The message digest algorithm has the following characteristics:
- Fast calculation speed
- Fixed output length
- Operation is irreversible: When the result of the operation is known, the original text cannot be obtained by inverse operation.
- Highly discrete: slight changes in input values will cause huge differences in the results of calculations.
- Weak collision: The hash value of different input values will have the same result with extremely low probability.
MD algorithm
The MD algorithm is designed by Ronald Levist, one of the inventors of the famous asymmetric algorithm RSA. The MD series includes MD2, MD4 and the most typical MD5. The full name of MD5 is Message-Digest Algorithm 5 (the fifth edition of information-digest algorithm), which is developed from MD2 and MD4.
SHA algorithm
SHA algorithm, namely Secure Hash Algorithm (Secure Hash Algorithm) is a data encryption algorithm with the same origin as MD5. After years of development and improvement by encryption experts, the algorithm has become increasingly perfect, and now it has become the most secure hash recognized. One of the algorithms and is widely used.
SHA is actually a collective name for a series of algorithms, including: SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512.
HMAC algorithm
HMAC is a key-related message authentication code. The HMAC operation uses a hash algorithm, takes a key and a message as input, and generates a message digest as output.
When we use MD or SHA message digest algorithm, we can guarantee the integrity of data. However, in the network transmission scenario, it is not enough for the message sender to send only the original data and data summary information. Hackers can disguise the original data and data summary information to achieve the purpose of the attack. The HMAC algorithm generates a message summary through the key and data. It is more difficult for hackers to forge data and message digests without knowing the key.
Symmetric encryption algorithm
Symmetric encryption algorithm is an earlier encryption algorithm with relatively mature technology. In the symmetric encryption algorithm, the data sender processes the plaintext and the encryption key together with a specific encryption algorithm to turn it into a complex and incomprehensible encrypted ciphertext and then sends it to the receiver. After receiving the ciphertext message, if the receiver wants to interpret the original text, it needs to decrypt the ciphertext with the same key and the same algorithm used when encrypting the message, so that it can be restored to a readable plaintext. In the symmetric encryption algorithm, there is only one key used by both parties, and both parties need to use this key to encrypt and decrypt data, which requires the decryption party to obtain the encryption key in advance.
Common symmetric encryption algorithms are : DES, 3DES (TripleDES) and AES.
DES algorithm
The full name of the DES algorithm is Data Encryption Standard, which is a data encryption algorithm. It was successfully researched and publicly released by IBM in 1975. There are three entry parameters for the DES algorithm: Key, Data, and Mode. Key is 8 bytes, a total of 64 bits, which is the working key of the DES algorithm; Data is also 8 bytes and 64 bits, which is the data to be encrypted or decrypted; Mode is the working mode of DES, there are two : Encrypt or decrypt.
3DES algorithm
3DES (or Triple DES) is a general term for the Triple Data Encryption Algorithm (TDEA) block cipher. It is equivalent to applying the DES encryption algorithm three times to each data block. Due to the enhancement of computer computing power, the key length of the original DES cipher becomes easy to be cracked by brute force; 3DES is designed to provide a relatively simple method, that is, to avoid similar attacks by increasing the key length of DES. It is not to design a completely new block cipher algorithm.
AES algorithm
AES (Advanced Encryption Standard), the advanced encryption standard was released by the National Institute of Standards and Technology in 2001. AES is a symmetric block cipher algorithm designed to replace DES as a widely used standard.
The AES algorithm is one of the most common symmetric encryption algorithms (this encryption algorithm is used for WeChat applet encrypted transmission). According to the password length used, the AES algorithm has three most common encryption schemes to adapt to different scenarios. It is AES-128, AES-192 and AES-256.
Asymmetric encryption algorithm
Asymmetric encryption requires two keys: a public key and a private key. The public key and the private key are a pair. If the public key is used to encrypt data, the corresponding private key can only be used to decrypt it. If the data is encrypted with the private key, it can only be decrypted with the corresponding public key. Because encryption and decryption use different keys, it is called asymmetric encryption.
The asymmetric encryption algorithm is better than the symmetric encryption algorithm for the confidentiality of the key, which eliminates the hidden danger of users needing to exchange keys. However, the encryption and decryption speed is much slower than symmetric encryption, and in some extreme cases, it can even be 1000 times slower than symmetric encryption.
Common asymmetric encryption algorithms are : RSA, DSA and ECC.
RSA algorithm
The RSA encryption algorithm is currently the most influential public key encryption algorithm, and is generally considered to be one of the best public key solutions. RSA is the first algorithm that can be used for both encryption and digital signature. It can resist all cryptographic attacks known so far and has been recommended by ISO as a public key data encryption standard. The RSA encryption algorithm is based on a very simple fact of number theory: it is easy to multiply two large prime numbers, but it is extremely difficult to factor the product at that time, so the product can be disclosed as an encryption key.
DSA algorithm
DSA is based on the integer finite field discrete logarithm problem , and its security is similar to that of RSA. An important feature of DSA is that the two prime numbers are public . In this way, when using someone else's p and q, even if you don't know the private key, you can confirm whether they are randomly generated, or you have manipulated them. The RSA algorithm cannot do it. DSA is just an algorithm. The difference from RSA is that it cannot be used for encryption and decryption, nor can it be used for key exchange. It is only used for signatures. It is much faster than RSA.
Simply put, this is a more advanced verification method used as a digital signature. There are not only public and private keys, but also digital signatures . The private key is encrypted to generate a digital signature, and the public key verifies the data and signature. If the data and the signature do not match, the verification fails. The role of digital signature is to verify that data is not modified during transmission. Digital signature is an upgrade of one-way encryption.
ECC algorithm
Elliptic Encryption Algorithm (ECC) is a public key encryption algorithm proposed by Koblitz and Miller in 1985. Its mathematical basis is to use rational points on the elliptic curve to form the computational difficulty of the elliptic discrete logarithm on the Abel additive group. Public-key cryptosystems are generally divided into three categories according to the difficult problems they are based on: large integer factorization problems, discrete logarithm problems, and elliptic curves. Sometimes the elliptic curve is also classified as discrete logarithm. The elliptic curve cryptosystem is the one that provides the highest encryption strength for each bit among the public key systems currently known.
The elliptic curve algorithm is used to generate the public key of the Bitcoin wallet. The public key can be calculated from the private key through elliptic curve multiplication. This is an irreversible process.
The difference between symmetric encryption algorithm and asymmetric encryption algorithm
- Symmetric encryption algorithm
The key used for encryption and decryption is the same. This encryption method has a very fast encryption speed and is suitable for occasions where data is often sent. The disadvantage is that the transmission of the key is troublesome, and once the key is leaked, there will be more serious security problems.
- Asymmetric encryption algorithm
The keys used for encryption and decryption are different. This encryption method is constructed with mathematically difficult problems. Usually, the speed of encryption and decryption is relatively slow, which is suitable for occasions when data is sent occasionally. The advantage is that the key transmission is convenient. Common asymmetric encryption algorithms are RSA, ECC, and Eigamal. In practice, the AES key is generally encrypted by RSA, transmitted to the receiver, and the receiver decrypts to obtain the AES key, and then the sender and receiver use the AES key for encryption and decryption.
Like https, a symmetric key is negotiated with an asymmetric key, and then the symmetric key is used to encrypt business data.
National secret algorithm
The national secret is the domestic cryptographic algorithm recognized by the National Cryptographic Bureau, that is, the commercial cryptographic.
The National Cryptographic Algorithm is a series of algorithms formulated by the National Cryptographic Bureau. Including symmetric encryption algorithm, elliptic curve asymmetric encryption algorithm, hash algorithm. Specifically including SM1, SM2, SM3, SM4, etc.
SM1 algorithm
SM1 is symmetric encryption. Its encryption strength is equivalent to AES. The algorithm is not public. When calling the algorithm, it needs to be called through the interface of the encryption chip.
Using this algorithm, a series of security products such as chips, smart IC cards, smart password keys, encryption cards, and encryption machines have been developed, which are widely used in various application fields of e-government, e-commerce and national economy (including national government affairs, police affairs, etc.) And other important areas).
SM2 algorithm
SM2 is asymmetric encryption based on ECC. The algorithm has been published. Since the algorithm is based on ECC, its signature speed and secret key generation speed are faster than RSA. ECC 256-bit (SM2 uses a kind of ECC 256-bit) security strength is higher than RSA 2048-bit, but the calculation speed is faster than RSA.
SM3 algorithm
SM3 message digest, you can use MD5 as a comparative understanding. The algorithm has been published, and the digest length of the verification result is 256 bits.
SM4 algorithm
SM4 Wireless LAN standard packet data algorithm. Symmetric encryption, the key length and block length are both 128 bits.
Since the packet size of SM1 and SM4 encryption and decryption is 128bit, when the message is encrypted and decrypted, if the message length is too long, it needs to be grouped, and if the message length is insufficient, it needs to be filled.
to sum up
Where you see or cannot see, security is ubiquitous in our lives. Security matters are of no size. At the same time, security is also the most concerned issue for everyone. Through the above introduction, I believe that everyone has an overall view of the encryption algorithm. The understanding, then follow me next to further study the commonly used encryption algorithms and have a deeper understanding.
It is not easy to create. If you like this article, please like and forward it. Your attention is the driving force for us to move forward_
Welcome everyone to follow the "I am a developer FTD" official account, WeChat account: ForTheDevelopers
Also welcome everyone to add my personal WeChat exchange, WeChat ID: ForTheDeveloper
Pay attention to development, pay more attention to developers!