1. Encryption and decryption
1. Encryption
The basic process of data encryption is to process the original document or data according to a certain algorithm to make it an unreadable piece of code, usually called "ciphertext". In this way, the purpose of protecting data from being stolen and read by illegal persons is achieved.
2. Decryption
The reverse process of encryption is decryption, which is the process of converting the encoded information into its original data.
2. Symmetric encryption and asymmetric encryption
The encryption algorithm is divided into symmetric encryption and asymmetric encryption. The encryption key of the symmetric encryption algorithm is the same as the decryption key, and the encryption key of the asymmetric encryption algorithm is different from the decryption key. In addition, there is a type of hash algorithm that does not require a key.
Common symmetric encryption algorithms mainly include AES, DES, etc. Common asymmetric algorithms mainly include RSA, DSA, etc., and hash algorithms mainly include SHA-1, MD5, etc.
2. Symmetric encryption
Symmetric encryption algorithm is an earlier encryption algorithm, also known as shared key encryption algorithm. In the symmetric encryption algorithm, only one key is used, and both the sending and receiving parties use this key to encrypt and decrypt the data, which requires both the encrypting and decrypting parties to know the encrypted key in advance.
2. Asymmetric encryption
Asymmetric encryption algorithm, also known as public key encryption algorithm. It needs two keys, one is called the public key (public key), that is, the public key, and the other is called the private key (private key), that is, the private key.
Because encryption and decryption use two different keys, this algorithm is called an asymmetric encryption algorithm.
If data is encrypted with a public key, it can only be decrypted with the corresponding private key.
How to use: Party A generates a pair of keys and discloses one of them as a public key to others. Party B who obtains the public key encrypts the confidential information with this key, and then sends it to Party A. Party A then Use another dedicated key (private key) saved by yourself to decrypt the encrypted information.
3. Common Data Encryption Algorithms
1. AES encryption algorithm
The AES encryption algorithm is an advanced encryption standard in cryptography. The encryption algorithm adopts a symmetric block cipher system. The minimum supported key length is 128, 192, and 256, and the block length is 128 bits. The algorithm should be easy to realize by various hardware and software. This encryption algorithm is the block encryption standard adopted by the US federal government, which has been analyzed by many parties and widely used all over the world.
2. DES encryption algorithm
The DES encryption algorithm is a block cipher, which uses 64 bits as a block to encrypt data. Its key length is 56 bits, and the same algorithm is used for encryption and decryption.
The DES encryption algorithm keeps the key secret, and the public algorithm includes encryption and decryption algorithms. In this way, only the person who has the same key as the sender can interpret the ciphertext data encrypted by the DES encryption algorithm. Therefore, deciphering the DES encryption algorithm is actually searching for the encoding of the key. For a key with a length of 56 bits, if the exhaustive method is used to search, the number of operations is 2 ^ 56 times.
3. RSA encryption algorithm
The RSA encryption algorithm is currently the most influential public key encryption algorithm, and is generally considered to be one of the best public key schemes currently available. RSA is the first algorithm that can be used for encryption and digital signature at the same time. It can resist all cryptographic attacks known so far, and has been recommended by ISO as a public key data encryption standard. The RSA encryption algorithm is based on a very simple fact of number theory: it is very easy to multiply two large prime numbers, but then it is extremely difficult to factorize their products, so the products can be exposed as encrypted key.
4. Base64 encryption algorithm
The Base64 encryption algorithm is one of the most common encoding methods used to transmit 8-bit byte codes on the network. Base64 encoding can be used to transmit longer identification information in the HTTP environment. For example, in the JAVAPERSISTENCE system HIBEMATE, Base64 is used to encode a longer unique identifier into a string for use as parameters in HTTP forms and HTTPGETURL. In other applications, it is often necessary to encode binary data into a form suitable for placement in URLs (including hidden form fields). At this time, using Base64 encoding is not only relatively short, but also unreadable, that is, the encoded data will not be directly seen by human eyes.
5. MD5 encryption algorithm
MD5 uses a hash function, and its typical application is to generate an information summary for a piece of information to prevent tampering. Strictly speaking, MD5 is not an encryption algorithm but a digest algorithm. No matter how long the input is, MD5 will output a string with a length of 128 bits (usually expressed as 32 characters in hexadecimal).
6. SHA1 encryption algorithm
SHA1 is a message digest algorithm as popular as MD5, however SHA1 is more secure than MD5. For messages shorter than 2^64 bits, SHA1 produces a 160-bit message digest. Based on the information digest characteristics of MD5 and SHA1 and irreversibility (generally speaking), it can be applied to scenarios such as checking file integrity and digital signatures.
4. Data encryption format
Common data encryption formats are: .pem .pfx .cer .keyetc. Here we will focus on .pemthe format files
.pemFile A text file in a human-readable format, the contents of which may represent certificates, secret keys, etc.
Since many cryptography-related standards define data structures by ASN.1, and then use Distinguished Encoding Rules (DER) to serialize these structures, the serialized results are binary files, such as certificates, keys, etc. Pure binary files are not easy to transfer over the network, and in many cases are not easy to display. Generally we encode binary files through Base64 or HEX. PEM encodes binary files using Base64.
PEM is to encode the binary data through Base64, and then -----BEGIN XXX-----add the header at the head and the footer at the end -----END XXX-----. The data between header and footer is binary data encoded by Base64. XXX is the data content type to encode, can be CERTIFICATE 、CERTIFICATE REQUEST、 PRIVATE KEY 、X509 CRL. We can infer the encoded data content type through the header and footer. Such as: RSA key
RSA public key file:
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAMcqPqejzpXzdAsnvv+/8FX9jkI7c1F9GqTnBBxfSPGqJhi/eQ5OyS98
TQ8sHy28XmNUPzEzA5HZ4i6tX9dfxXLv4mAykGZBmh+S1vv3Ztv53ECnYqL9hO1W
G1c6JLnV2CfJjaoVIfzbOpCQ7DIKFCCiAOYzVs2LYOiO8S2kXmozAgMBAAE=
-----END RSA PUBLIC KEY-----
RSA private key file:
-----BEGIN RSA PRIVATE KEY-----
MIICYAIBAAKBgQDHKj6no86V83QLJ77/v/BV/Y5CO3NRfRqk5wQcX0jxqiYYv3kO
TskvfE0PLB8tvF5jVD8xMwOR2eIurV/XX8Vy7+JgMpBmQZofktb792bb+dxAp2Ki
/YTtVhtXOiS51dgnyY2qFSH82zqQkOwyChQgogDmM1bNi2DojvEtpF5qMwIDAQAB
AoGAYonjL/wa1RP7wR0sIcssNM9bmCdj2diE2zu1S/hU1cRyTuJFGbAfWBAu7CfP
UUiWhpyDG2t7A6mCf8elYs3+a4oRFz1gri4CkbkWTRe14qocn7KPI5z0Vd2I7qoF
z7nsYs08bhcVSgPUfvPMBPEsfp3+e4DBWhMDdR7hL+R0XiECRQDuJATh2iDQ5s+0
j6TsMKBe/6EJB4SMeajxYKDhaQI0mveuTvAZgglW/ZTC6y0dkWtEjquix0/ocya1
WYiV6zf0KoucgwI9ANYZ8e8jrM5zfJfI0zm+RmouMo0xjCvOQTA8lONME994r0MA
2NQyAsW+aOH5z+HTntD1mmt8udPXQVbskQJEFN5FK0GBJK1FQE5iJmxwcUK3auIk
xGaY3mYYUwhvsApwb+7s7V9O0DeyhI41SuUGYGCcO8x5fSYyGyw4YuLU6WmdCF8C
PEInfiPgKBMaiBL2UJ309xjz8VbDSoZ2kpnu/ipFZZaVWcIgTt8yHL0xGoNIhz1G
ADqcyPwRa/HS/zN2oQJFAIKy9Pw5sY+cwpFyLqMIliQdVLw00HlnGtYy+5rVkkL6
xOlCHf2glAsX5TT8esu4MoTk3NIJt4uLsjUfluOI5UIJ3D5K
-----END RSA PRIVATE KEY-----