This article is a summary after reading Hollis's article.
Encryption strategies are mainly divided into: 1. Digital digest; 2. Symmetric encryption; 3. Asymmetric encryption; 4. Digital signature; 5. Digital certificate, these 5 strategies
A digital summary
A digital digest, also known as a message digest, is a fixed-length value that uniquely corresponds to a message or text, and is generated by a one-way hash function that computes the message. If the message is changed during transmission, the receiver can know whether the message has been tampered by recalculating the received message using the same Hash, and comparing the newly generated digest with the original digest. The message digest can therefore verify the integrity of the message. The message digest uses a one-way Hash function to "digest" the content to be calculated into a fixed-length string, which is also called a digital fingerprint. This string has a fixed length, and different plaintexts are digested into ciphertexts, the results are always different (relative), and the digests of the same plaintext must be the same. In this way, this string of digests can become the "fingerprint" of whether the serious plaintext is the "real body".
MD5
MD5 is Message Digest Algorithm 5 (Message Digest Algorithm 5), which is an implementation of a digital digest algorithm to ensure the integrity and consistency of information transmission. The digest length is 128 bits. MD5 is improved from MD4, MD3, and MD2. It mainly enhances the complexity and irreversibility of the algorithm. This algorithm is widely used in the industry because of its universal, stable and fast characteristics. At present, mainstream programming languages are generally available. Implementation of MD5.
Implementation in java:
/**
* Encrypt the incoming src
* @param src: incoming string
* @return String: encrypted string
* @throws NoSuchAlgorithmException
*/
public static String md5(String src) throws NoSuchAlgorithmException{
// Process the string information using MD5
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] output = md.digest(src.getBytes());
//Convert MD5 result to string
//String s = new String(output); Output: �|��plL4�h��N{, garbled
//Use Base64 to process it without garbled
String s = Base64.encodeBase64String(output);
return s;
}
SHA:
The full name of SHA is Secure Hash Algorithm, that is, secure hash algorithm . In 1993, the Secure Hash Algorithm (SHA) was proposed by the National Institute of Standards and Technology (NIST) and published as the Federal Information Processing Standard (FIPS PUB 180), and a revised version, FIPS PUB 180-1, was released in 1995, usually Call it SHA-1. SHA-1 is based on the MD4 algorithm and is now recognized as one of the most secure hashing algorithms and is widely used. The length of the digest information generated by the SHA-1 algorithm is 160 bits. Because the generated digest information is longer, the operation process is more complicated. On the same hardware, SHA-1 runs slower than MD5, but it is also more secure. .
2. Symmetric encryption
Symmetric encryption algorithm is the encryption algorithm that should be earlier, and the technology is mature. In the symmetric encryption algorithm, the data sender processes the plaintext (original data) and the encryption key together with a special encryption algorithm to produce complex encrypted ciphertext for transmission. After the data receiver receives the ciphertext, if it wants to read the original text , the encrypted encrypted file needs to be decrypted using the key used for encryption and the inverse algorithm of the same algorithm to restore it to readable plaintext. In a symmetric encryption algorithm, only one key is used , and both sender and receiver use this key to encrypt and decrypt data, which requires that both the encryption and decryption parties must know the encryption key.
FROM
The DES algorithm is a symmetric encryption algorithm. The plaintext is grouped by 64 bits, and the key length is 64 bits. Check bit, so that each key has an odd number of 1), the grouped plaintext and the 56-bit key are replaced or exchanged to form the ciphertext. Due to the enhancement of computer computing power, the key length of the original DES cipher has become easy to be cracked by Poly, so the 3DES algorithm has evolved. 3DES is an encryption algorithm that transitions from DES to AES. It uses three 56-bit keys to encrypt data. Triple encryption, a more secure variant of DES.
AES
AES skirt length is Advanced Encryption Standard, which is an advanced encryption standard. This algorithm is a symmetric encryption standard adopted by the US federal government. This standard is used to replace the original DES algorithm and has been widely used all over the world. It has become a symmetric encryption algorithm. One of the most popular algorithms in . As a new generation of data encryption standard, AES algorithm brings together the advantages of strong security, high performance, high efficiency, ease of use and flexibility. It is designed with three key lengths: 128,192,256 bits, which is stronger and more secure than DES algorithm. .
3. Asymmetric encryption
Asymmetric encryption algorithm, also known as public key encryption algorithm, requires two keys, one is called the public key, which is the public key, and the other is called the private key, which is the private key. . The public key and the private key need to be used in pairs. If the data is encrypted with the public key, it can only be decrypted with the corresponding private key, and if the data is encrypted with the private key, it can only be decrypted with the paired public key. decrypt. Because encryption and decryption use two different keys, all such algorithms are called asymmetric encryption algorithms. The basic process of asymmetric encryption algorithm to realize the exchange of confidential information is: Party A generates a pair of secret keys and discloses one of them as a public key to others, and Party B who obtains the public key uses the secret key to encrypt the confidential information before Send it to Party A, Party A is using another private key saved by itself to decrypt the encrypted information.
RSA
The RSA asymmetric encryption algorithm was developed in 1997 by Ron Rivest, AdiShamirh and LenAdleman, and RSA takes its name from the names of the three who developed them. RSA is currently the most influential asymmetric encryption algorithm. It can resist all cryptographic attacks known so far and has been recommended by ISO as a public key data encryption standard. The RSA algorithm is based on a very simple fact of number theory: multiplying two large prime numbers is easy, but conversely it is very difficult to factor the product, so the product can be made public as an encryption key.
4. Digital Signature
Signature authentication is a comprehensive application of asymmetric encryption technology and digital digest technology. It refers to encrypting the digest information of the communication content with the sender's private key, and then transmitting the ciphertext together with the original text to the recipient of the information. Decrypt the encrypted digest information through the sender's public key, and then use the same digest algorithm as the sender to generate a digest string for the received content in the same way, and compare it with the decrypted digest string. The content of the communication is complete and has not been tampered with by a third party during the transmission process, otherwise the content of the communication has been modified by a third party.
Everyone has their own private key and is kept secret from the outside world, and the information encrypted by the private key can only be decrypted by the corresponding public key. Therefore, the private key can represent the identity of the holder of the private key, and the identity of the holder of the private key can be verified by the public key corresponding to the private key. With digital signatures, it can be confirmed that the message was signed and sent by the sender of the message, because other people can't fake the signature of the sender of the message at all, they do not have the private key of the sender of the message. Different content has different digest information. Through the digital digest algorithm, the integrity of the transmission content can be ensured. If the transmission content is tampered with in the middle, the value of the corresponding digital signature will also change.
Only the sender of the information can generate a digital signature string that cannot be forged by others. This string can verify and authenticate the integrity of the content sent by the sender and the identity of the sender.
After the communication body is digested by the corresponding digest algorithm, it is encrypted with the private key of the message sender to generate a digital signature.
5. Digital certificate
Each of us has many forms of identity certificates, such as ID cards, driver's licenses, etc. These certificates are all stamped and authenticated by the corresponding issuing agencies. They are highly credible and difficult to forge, and with the development of science and technology, they can be Seriously through fingerprints, retina, etc. Digital certificate (Digital Certificate), also known as electronic certificate, is similar to the ID card in daily life, and is also a form of identity authentication, which is used to identify the identity of users in the network. A digital certificate integrates a variety of cryptographic encryption algorithms. The certificate itself has public key information, which can complete the corresponding encryption and decryption operations. At the same time, it also has a digital signature of its own information, which can identify the issuing authority of the certificate and the content of the certificate. completeness. Since the certificate itself contains the user's authentication information, it can be used as the basis for user identification.
This article is based on the article on the Hollis WeChat public account, and it is also a way for me to record good articles after reading them for fear of forgetting them. Interested friends can go to the WeChat public account to search for "Hollis"; there are many good articles on it.