Encryption and decryption on the mobile terminal

Table of contents

introduction

Algorithm classification

key introduction

Mode introduction

Algorithm introduction

summary

write at the end

---

introduction

Today I will share with you an article about mobile encryption and decryption. With the popularity of mobile devices, encryption technology has become more and more important in protecting user data.

This article will introduce you to the classification, advantages and disadvantages of Android encryption and decryption algorithms, as well as their applications, and help you understand and choose an encryption and decryption algorithm that suits you. We will also provide the key code of the algorithm for you to better understand and use, come and learn with me.

 Algorithm classification

       According to whether the encryption result can be decrypted, the algorithm can be divided into reversible encryption and irreversible encryption (one-way encryption). In this sense, one-way encryption can only be called an encryption algorithm rather than an encryption and decryption algorithm. For reversible encryption, it can be divided into symmetric encryption and asymmetric encryption according to the symmetry of the key. The specific classification structure is as follows:

• reversible encryption
• Symmetric encryption: DES, 3DES, AES, PBE
• Asymmetric encryption: RSA, DSA, ECC
• Irreversible encryption (one-way encryption): MD5, SHA, HMAC

key introduction

       Before introducing various encryption and decryption algorithms in detail, we need to give a brief introduction to the concept of "key" to facilitate our expansion of the following content.

       The key is a parameter in the encryption and decryption algorithm, and its length varies according to different algorithms, and the key length of the same algorithm may also have different requirements. In general, the length of the key is directly proportional to the security. When in use, put the plaintext (or ciphertext) together with the key into the corresponding encryption (or decryption container) to get the ciphertext (or plaintext) to realize encryption and decryption.

       At the beginning of the encryption algorithm, the form of the key is symmetric, which means that the key for encryption and decryption is the same. This is in line with our thinking habits. However, there is a problem here, that is, if the key is stolen during transmission or storage, it is easy for hackers to decrypt the ciphertext to obtain the correct plaintext. Although the key in the symmetric form is simple and efficient, it is not very secure.

       In view of the defects of symmetric key, a new key form, asymmetric key, is proposed. The encryption and decryption keys of the asymmetric key are no longer the same, but are divided into public key and private key. The public key is used for encryption and the private key is used for decryption. The private key is not disclosed and not transmitted, and is only held and retained by the two parties to the communication; the public key can be transmitted publicly, and there is no need to worry about losing it, because even if the public key is stolen, hackers still cannot decrypt the ciphertext into plaintext (this functionality is provided by the private key). It can be seen that the security of asymmetric keys is better than that of symmetric keys.

       Asymmetric keys also provide a function, digital signatures. The private key is used for signature and the public key for authentication to achieve the purpose of identity authentication.

       It should be noted that the above introduction to keys is based on reversible encryption, and there is no key concept for irreversible encryption.

Mode introduction

       Before introducing various encryption and decryption algorithms in detail, we need to give a brief introduction to the concept of "mode" to facilitate our expansion of the following content.

       For reversible encryption, the encryption mode can be selected during encryption. It can be understood that the encryption algorithm can have different working methods, and there are differences in efficiency and methods between different working methods. It should be noted that for the same data, the mode selected for encryption must be the same as the mode selected for decryption, otherwise the decryption will not get the correct result.

       There are four main modes of Android reversible encryption: ECB (electronic codebook mode), CBC (group connection mode), CFB (cipher feedback mode), OFB (output feedback mode).

       ECB (Electronic Codebook Mode):

       Its usage is that a plaintext block is encrypted into a ciphertext block, and the same plaintext block is always encrypted into the same ciphertext block. Directly use the encryption algorithm to encrypt each 64-bit plaintext group using the same 64-bit key. Each plaintext packet is processed independently of each other.

       Disadvantage: Under a given key k, the same plaintext group always produces the same ciphertext group, which will expose the data format of the plaintext group. Certain plaintext data formats will cause a large number of repetitions or long zero strings in the plaintext group, and some important data will often appear in the same position, especially the formatted header, job number, sending time, location and other characteristics. will be leaked into the ciphertext, allowing attackers to exploit these features.

       Pros: Individual messages encrypted with the same key, resulting in no error propagation. In effect, each packet can be viewed as a separate message encrypted with the same key. If there is an error in the data in the ciphertext, when decrypting, it will cause the corresponding entire plaintext block to be decrypted incorrectly, but it will not affect other plaintext. However, if bits of data are occasionally lost or added to the ciphertext, the entire ciphertext sequence will not be decrypted correctly. Unless there is a certain frame structure that can rearrange the boundaries of the group.

       CBC (packet connection mode):

       For the same plaintext, the encryption results are different. This increases the difficulty for code crackers to decipher. When the key is fixed, the linking technique of each plaintext group input is changed, so that the ciphertext group is not only related to the current plaintext group, but also related to the previous plaintext group through the feedback effect. This is a kind of obfuscation operation from the essence of cryptography.

       Advantages: It can conceal the data pattern of plaintext; to some extent, it can prevent data tampering, such as replay, embedding and deletion of plaintext groups.

       Disadvantages: Error propagation will occur. Any change in the ciphertext will involve some subsequent ciphertext groups. However, the error propagation in CBC mode is not large. A transmission error affects at most the reception results of two message groups, and the error propagation is the most lasts 2 groups

       CFB (Cipher Feedback Mode): The ciphertext feedback mode is used to enhance the correlation between ciphertexts. If the message to be encrypted must be processed by character bits, CFB can be used. Encrypt s bits of plaintext each time. (1<= s<=" original intrinsic length)

       Advantages: In addition to the advantages of CBC mode, CFB mode has its own unique advantage that it is especially suitable for the needs of user data formats.

       Disadvantages: First, it is sensitive to channel errors and will cause error propagation. Since CFB uses ciphertext feedback, if a ciphertext packet has one or more errors during transmission, it will cause decryption errors in the current packet and subsequent partial packets. Second, the rate of data encryption is reduced. But this mode is mostly used in the lower layers of the data network, and its data rate is not too high.

       OFB (Output Feedback Mode): It overcomes the error propagation problem caused by CBC and CFB modes, but it is difficult to detect ciphertext tampering

Algorithm introduction

one-way encryption

       As mentioned earlier, the result of one-way encryption cannot be decrypted. Therefore, the main purpose of one-way encryption is not encryption and decryption in the traditional sense, but the confidentiality and abstract extraction of plaintext data. One-way encryption mainly includes algorithms such as MD5, SHA, and HMAC.

• Features :

  1. Compressibility: For data of any length, the length is fixed after one-way encryption.
  2. Resistant to modification: Any modification to the original data, even if only one byte is modified, will result in a very different result.
  3. Weak collision resistance: Knowing the original data and its one-way encryption result, it is very difficult to find a data with the same result (ie forged data).
  4. Strong collision resistance: It is very difficult to find two different data that have the same one-way encryption result.
  5. Simple and efficient: One-way encryption of data is very fast.

  Note: The above characteristics are based on a specific one-way encryption algorithm, and there are differences between different one-way encryption algorithms

       We can see that one-way encryption has a high guarantee for the consistency of data encryption results, that is, it is almost impossible to forge a piece of data to obtain the same result after encrypting a piece of data. At the same time, because one-way encryption is faster and the length of the encryption result is fixed, the result of one-way encryption is often used as the first step in generating the key in reversible encryption, which we will talk about later.

• application:

  1. Data encryption, secure access authentication

            This is the most widespread use of one-way encryption. Specifically, it is the protection of user passwords. When we log in to a website or application, we often need to enter our own password or ask the client or browser to help us save the password. However, passwords cannot be authenticated or stored in clear text. This is because users often use one password for multiple websites or even banks. Once one of the websites leaks the user password, the user's other website information may also be stolen. Therefore, the general practice is to perform single-item encryption on the plaintext of the password when the user logs in to verify or save the password, and then compare the result with the one-way encryption result of the user password on the server side. If they are consistent, access is allowed, otherwise it is rejected. For example, in 2012, the function of remembering passwords of QQ is to encrypt the user's password with MD5 once, and then store it in the local database.

            Some readers may realize that since the encryption result of one-way encryption for the same plaintext will never change, if the user's password remains unchanged, hackers can log in to the corresponding website at will as long as they get the encrypted result. How can the security be guaranteed? Woolen cloth? It is indeed the case. This requires engineers to try not to disclose the choice of encryption algorithm when designing login or password storage strategies; on the other hand, some special means can also be used to process encrypted objects, such as adding "salt" to passwords. The idea of ​​adding salt will be reflected in the introduction to HMAC later.

  2. File integrity verification, digital signature

            Sometimes, we need to confirm whether a file or data has been tampered with. We use one-way encryption technology, which is mainly based on the compression, anti-modification, and simplicity and efficiency of one-way encryption. Here is an example for readers to understand. After we download a mirror image, we will find that the download page also provides a set of MD5 values. This set of MD5 values ​​is used to verify the consistency of the file. After we download the mirror image, we need to do an MD5 calibration on the mirror The obtained MD5 value is compared with the MD5 value provided on the download page to verify whether the image has been tampered with.

• safety:

         The security of one-way encryption mainly depends on the length of the encryption result. For the same encryption algorithm, the security is proportional to the length of the encryption result. One-way encryption is possible to be cracked, mainly including brute force cracking, dictionary cracking and social engineering cracking. However, the cost of cracking is very high and it takes a long time. If it is not extremely important data, there is almost no need to crack it.

• Algorithm classification:

  1. MD5: MD5 is the most widely used one-way encryption algorithm, which has applications in data encryption, security access authentication, and file integrity verification. The output of MD5 encryption is a 128-bit hexadecimal number string. The Android SDK provides an interface for using MD5, which can be called directly when using it. Examples are as follows:

      MessageDigest md5 = MessageDigest.getInstance("MD5"); //获得MD5加密实例 
      md5.update(stringToEncrypt.getBytes());  
      byte[] encrypted = md5.digest();//加密返回值为byte[]数组 

  2. SHA: SHA is actually a collective name for a group of encryption algorithms, including SHA-1, SHA-256, SHA-384, and SHA-512. Among them, SHA-1 is the most widely used, and the HASH hash function used in HTTPS mostly uses SHA-1. Compared with MD5, the SHA family has higher security. So far, no one has been able to decipher its encryption results, but its encryption speed is slower than MD5, and security is exchanged for speed. On the other hand, SHA has a certain length limit on the encrypted data. The specific comparison of each SHA algorithm is as follows:

     For the SHA algorithm, the Android SDK also provides a corresponding interface, which is convenient for developers to use. Similar to MD5, taking SHA-1 as an example:

      MessageDigest sha = MessageDigest.getInstance("SHA-1"); //获得SHA-1加密实例 
      sha.update(stringToEncrypt.getBytes());  
      byte[] encrypted = sha.digest();//加密返回值为byte[]数组

  3. HMAC: HMAC is different from the traditional one-way encryption algorithm above. Its encryption form is the same as reversible encryption. The encryption process requires a key and a message as input, and generates a message digest as output. Defining HMAC requires an encryption hash function (denoted as H, which can be MD5 or SHA-1) and a key K. We use B to denote the number of bytes in the data block. (The word length of the split data block of the hash function mentioned above is B=64), and L is used to represent the output data bytes of the hash function (L=16 in MD5, L=20 in SHA-1). The length of the authentication key can be any positive integer value less than or equal to the word length of the data block. If the key length used in the application is larger than B, first use the hash function H to act on it, and then use the L-length string output by H as the key actually used in HMAC. In general, the recommended minimum key K length is L bytes.

     The HMAC code combined with SHA-1 is implemented as follows:

      SecretKeySpec secret = new SecretKeySpec(key.getBytes(), type);//key为开发者自己设定的密钥字符串
      Mac mac = Mac.getInstance("HmacSHA1");//SHA-1的HMAC
      mac.init(secret);
      byte[] digest = mac.doFinal(stringToEncrypt.getBytes());//加密返回值为byte[]数组

Symmetric encryption

       The symmetric encryption algorithm was applied earlier and the technology is relatively mature. In the symmetric encryption algorithm, the data sender processes the plaintext (original data) and the encryption key together with a special encryption algorithm to make it complex. The encrypted ciphertext is sent out. After the recipient receives the ciphertext, if he wants to interpret the original text, he needs to use the encrypted key and the inverse algorithm of the same algorithm to decrypt the ciphertext to restore it to readable plaintext. In the symmetric encryption algorithm, only one key is used, and both the sender and receiver use this key to encrypt and decrypt the data, which requires the decryption party to know the encryption key in advance. The characteristics of the symmetric encryption algorithm are that the algorithm is open and the amount of calculation is small. The disadvantage is that both parties to the transaction use the same key, so the security cannot be guaranteed.

• Features :

  1. The key is small (generally less than 256bit), the larger the key, the stronger the encryption, but the slower the encryption and decryption
  2. Advantages: open algorithm, small amount of calculation, fast encryption speed, high encryption efficiency, suitable for encryption of large amounts of data
  3. Disadvantages: key distribution and management, low security
  4. Four algorithms DES, 3DES, AES, PBE

• Algorithm :

  1. DES: The DES algorithm is a block encryption mechanism that divides the plaintext into N groups, then encrypts each group to form its own ciphertext, and finally combines all the group ciphertexts to form the final ciphertext. To change a 64-bit plaintext input block into a 64-bit ciphertext output block, the key it uses is also 64 bits.

  • Introduction:

    The DES algorithm works like this: 　

    If the Mode is encryption, use the Key to encrypt the data Data, and generate the password form of Data (64 bits) as the output result of DES; if the Mode is decryption, use the Key to decrypt the data Data in the password form and restore it to Data The plaintext (64 bits) of is the output of DES.

           At both ends of the communication network, the two parties agree on a consistent Key, and use the Key to encrypt the core data with DES at the source of the communication, and then transmit it to the end of the communication network in the form of a password in the public communication network (such as the telephone network), and the data arrives After the destination, the encrypted data is decrypted with the same Key, and the core data in clear form is reproduced. In this way, the security and reliability of core data (such as PIN, MAC, etc.) transmitted in the public communication network are guaranteed.

  • Supported modes: ECB, CBC, CFB, OFB

  • Advantages and disadvantages:

    (1) The encryption and decryption speed of the DES algorithm is relatively fast, the key is relatively short, and the encryption efficiency is high. However, both parties in the communication must keep the secret of the key, and the DES key needs to be replaced frequently for safety.

    (2) It is simple to generate a key, but the security depends entirely on the key, and the key must be highly confidential, so it is difficult to achieve one-time encryption

  • Application: DES algorithm is widely used in POS, ATM, magnetic card and smart card (IC card), gas station, highway toll station and other fields, so as to realize the confidentiality of key data, such as encrypted transmission of credit card holder's PIN, The two-way authentication between IC card and POS, the MAC verification of financial transaction data packets, etc., all use the DES algorithm.

  • Algorithm implementation: Android SDK provides DES interface, we can directly call the implementation. There are three entry parameters of the DES algorithm: Key, Data, and Mode. Among them, Key is 8 bytes and 64 bits in total, which is the working key of the DES algorithm; Data is also 8 bytes and 64 bits, which is the data to be encrypted or decrypted; Mode is the working mode of DES, and there are two types: Encrypt or decrypt.

      加密：
      DESKeySpec dks = new DESKeySpec(key);//创建DESKeySpec对象，其中key为64位的密钥  
      		SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");//DES密钥工厂实例	
      		SecretKey securekey = keyFactory.generateSecret(dks);
      Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");//密钥容器的实例。传入的参数依次为加密算法，加密模式，填充模式（可选NOPadding,PKCS5Padding,PKCS7Padding）
      cipher.init(Cipher.ENCRYPT_MODE, securekey);//初始化密钥容器。加密时第一个参数必须是Cipher.ENCRYPT_MODE
      byte[] encryptResult=cipher.doFinal(stringToEncrypt.getBytes());
    
      解密：
      DESKeySpec dks = new DESKeySpec(key);//key必须与加密时保持一致  
      		SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
      		SecretKey securekey = keyFactory.generateSecret(dks);
      Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");//传入的参数必须与加密时保持一致
      cipher.init(Cipher.DECRYPT_MODE, securekey);//解密时第一个参数必须是Cipher.DECRYPT_MODE
      byte[] decryptResult=cipher.doFinal(encryptResult.getBytes());

  2. 3DES: 3DES algorithm is developed on the basis of DES. In some scenarios with high security requirements, the 64-bit key security of DES cannot meet the requirements, so people adopt a "simple violence" method-triple data encryption to encrypt data, so that , the probability of cracking is much smaller. The key length of 3DES is 168 bits. Since the use of 3DES is very similar to DES, except that the length of the key has changed, it will not be introduced here. Interested readers can try to use the corresponding interface.

  3.AES：

  • Introduction: As a new generation of data encryption standard, AES encryption algorithm brings together the advantages of strong security, high performance, high efficiency, ease of use and flexibility. AES is designed with three key lengths: 128, 192, and 256 bits. It is the most secure encryption algorithm currently available.

  • Support mode: CFB/OFB/ECB/CBC

  • Advantages and disadvantages: AES is superior to other symmetric encryption algorithms in all aspects, and the disadvantage is only the limitation of symmetric encryption.

  • Application: AES is widely used, and DES is the mainstream algorithm used in symmetric encryption, and there is a tendency to gradually replace DES.

  • Code:

     加密：
      SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();//获得密钥实例
      cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");//密钥容器的实例。传入的参数依次为加密算法，加密模式，填充模式（可选NOPadding,PKCS5Padding,PKCS7Padding）
      cipher.init(Cipher.ENCRYPT_MODE, secretKey);//使用加密模式初始化 密钥容器
      byte[] encryptResult = cipher.doFinal(stringToEncrypt.getBytes());
    
      解密：
      SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();//密钥必须与加密时保持一致
      Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");//传入的参数必须与加密时保持一致
     			cipher.init(Cipher.DECRYPT_MODE, secretKey);//解密时必须是Cipher.DECRYPT_MODE
      byte[] decryptResult=cipher.doFinal(encryptResult.getBytes());

  4. PBE: The PBE algorithm is not used in many scenarios, and we don’t have to stick to its use and implementation, but it provides an encryption idea that is worth learning and reference-adding “salt” to disrupt.

  • "Add salt" introduction: As we said earlier, a major security flaw of symmetric encryption is that the same key is used for encryption and decryption. The invariance of this key has caused great problems to the secure transmission and storage of the key. . So is there any way to solve this problem? One way to do this is to "salt" the key. The "salt" here can be a random number, user ID, location geographic information, and so on. The most important function of "salt" is to disturb the key, making it impossible for hackers to determine the real key. As long as the communication parties agree on the form of "salt" and do not disclose it, the security of encryption can be guaranteed. We understand the idea of ​​​​adding "salt" through the way of adding salt to PBE:

    PBE encryption first replaces the concept of a key with a password. When encrypting, PBE does not use the password to directly encrypt, but uses the KDF function in the algorithm to scramble the password through the "salt" to generate a quasi-key, and then uses a hash function to iterate multiple times to generate the final key. After the key is generated, PBE uses a symmetric encryption algorithm to encrypt the data.

    The specific implementation can be like this:

  1. The two parties in the message transfer agree on a password. Here, Party A constructs the password. 2. After Party A constructs the password, it announces it to Party B. 3. The password constructor (Party A) constructs the salt used for this message transmission. In fact, both parties can agree on a data , such as the hard disk number, today’s date, etc. It is not necessary to write a security algorithm to calculate it, as long as the two parties agree. 4. Party A uses passwords and salts to encrypt data. 5. Party A sends salt and encrypted data to message receivers (Party B) 6. Party B decrypts the data with the received password and salt (it can be the agreed data)

    我们可以看到，对密钥加“盐”实际上是一种混淆扰乱的手段。但我们还可以从PBE的加盐思想中抽取出一种更简单的理解，“盐”就是密钥的一部分，只不过这一部分密钥是通信双方在通信之前就协商好的不被外界所知道的，通信过程中，双方只需传输另一部分非盐密钥即可，即使非盐密钥被截获，黑客也无法拿到整个密钥破解密文。

asymmetric encryption

        The asymmetric encryption algorithm requires two keys for encryption and decryption, which are the public key and the private key. It should be noted that the public key and the private key must be a pair. If the public key is used to encrypt data, then Decryption is only possible with the corresponding private key and vice versa. The emergence of asymmetric encryption algorithm is to solve the encryption and decryption with only one key. As long as this key is lost or made public, the encrypted data is easy to be attacked. At the same time, it is precisely because of the emergence of asymmetric encryption algorithms that there are subsequent digital signatures, digital certificates, and so on.

• Features : The strength of the algorithm is complex, and the security depends on the algorithm and the key. However, due to the complexity of the algorithm, the speed of encryption and decryption is not as fast as that of symmetric encryption and decryption.

• Use : There are two main uses of asymmetric encryption: encryption and decryption and digital signature verification.

  Public key encryption, private key decryption; private key signature, public key verification

  Mainly talk about digital signatures:

  Digital signatures are implemented using public key algorithms. Digital signatures are different from common data encryption algorithms, and their implementation processes are different from the keys used. The digital signature uses the key pair of the sender, the sender uses its own private key to encrypt, and the receiver uses the sender's public key to decrypt. Digital signatures are used to verify that a message was indeed sent by a user, regardless of whether anyone on the network sees the message. Data encryption uses the receiver's key pair, the sender uses the receiver's public key to encrypt, and the receiver uses its own private key to decrypt. Encryption is a many-to-one relationship: anyone who knows the receiver's public key can send encrypted information to the receiver, and only someone with the receiver's private key can decrypt the message. A user usually has two key pairs, one is used to encrypt and decrypt the digital signature, and the other is used to encrypt and decrypt the private key.

• Algorithm :

  1. RSA: RSA is an enterprise-level application standard, and many third-party encryption software use RSA 2048bit encryption

  • Advantages: simple password assignment, high security

  • shortcoming:

    1. Slow speed, the fastest RSA is several times slower than DES, and the speed of RSA is about 1000 times slower than the symmetric encryption algorithm corresponding to the same security level

    2. Generally speaking, it is only used for a small amount of data encryption

    3. It is very troublesome to generate a key, which is limited by the prime number generation technology, so it is difficult to achieve a one-time pad.

    In fact, these shortcomings are limitations of asymmetric encryption itself.

  • Algorithm implementation:

      KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");//产生RSA密钥对产生器
      kpg.initialize(2048);//密钥对产生器初始化，参数为密钥长度，可选长度 512 1024 2048
      KeyPair kp = kpg.genKeyPair();//得到密钥对
      PublicKey publicKey = kp.getPublic();//公钥
      PrivateKey privateKey = kp.getPrivate();//私钥
    		
      加密：
      BigInteger e = publicKey.getPublicExponent();//获取参数
      	BigInteger n = publicKey.getModulus();//获取参数
      BigInteger m = new BigInteger(stringToEncrypt.getBytes());
      BigInteger c = m.modPow(e, n);//计算密文C
    
      解密：
      BigInteger c = new BigInteger(stringToDecrypt);
      BigInteger d = privateKey.getPrivateExponent();//获取参数
      BigInteger n = privateKey.getModulus();//获取参数
      BigInteger m = c.modPow(d, n);//计算解密结果m

  2. DSA: It is generally used for digital signature and authentication. In DSA digital signature and authentication, the sender uses his own private key to sign a file or message, and the recipient uses the sender's public key to verify the signature after receiving the message. authenticity. DSA is just an algorithm. The difference from RSA is that it cannot be used for encryption and decryption, nor can it be used for key exchange. It is only used for signing. It is much faster than RSA.

  • Advantages: The security is similar to RSA, and the key generation speed is much faster than RSA

  • Disadvantage: If DSA is used as the encryption algorithm for digital signatures, only SHA1 can be used as the message hash (that is, message digest) algorithm. And if RSA is used as the digital signature encryption algorithm, there are many choices for the message digest algorithm

  • Algorithm implementation: Since DSA is mainly used for digital signature authentication and not for encryption and decryption work, the specific implementation of encryption and decryption codes will not be written here.

  3. ECC: ECC is an efficient asymmetric encryption algorithm that is often used on mobile devices.

  • Advantages: Compared with RSA, ECC has the following advantages:

    (1) Under the same key length, the security performance is higher. For example, 160-bit ECC has the same security strength as 1024-bit RSA and DSA.

    (2) The amount of calculation is small and the processing speed is fast. In terms of the processing speed of the private key (decryption and signature), ECC is much faster than RSA and DSA.

    (3) Small storage space The key size and system parameters of ECC are much smaller than those of RSA and DSA, so the storage space occupied is much smaller.

    (4) Low bandwidth requirements make ECC have a wide range of application prospects.

  • Algorithm implementation: ECC and RSA have similar characteristics, and their code implementations are also very similar, except that there is a difference when generating the key pair generator, and there is no difference in other places, so no code implementation is written here. Readers in need can refer to the implementation of RSA above.

summary

       At this point, our introduction to the three types of algorithms is over. It can be seen that different algorithms have different characteristics, and developers need to consider various factors such as usage scenarios, requirements, and costs when choosing to use them. For one-way encryption and reversible encryption, it is easy for developers to distinguish and choose; but for symmetric encryption and asymmetric encryption, the choice may not be very easy to decide. Here, we provide an idea, which is also widely accepted and used - because Symmetric encryption is fast but relatively low in security, and asymmetric encryption is high in security but relatively slow in speed—we use symmetric encryption to encrypt a large amount of data plaintext, and then use asymmetric encryption to encrypt the symmetric encryption key, so that both issues of speed and security.

---

Thank you for reading. If there are any deficiencies, please advise, learn and make progress together. If you like it, please recommend it; if you have new ideas, welcome to put forward.

write at the end

This post ends here, and finally, I hope that friends who read this post can gain something.

It's all here, remember to support Sanlian.

---

 How to download the full version of the document:

These materials should be the most comprehensive and complete preparation warehouse for friends who are engaged in [software testing]. This warehouse has also accompanied me through the most difficult journey, and I hope it can help you too! All of the above can be shared.

Interact with me in the comment area or privately ❤ me [Software Testing and Learning] to get it, no thanks for taking it away.