Symmetric encryption
Symmetric encryption is better understood, a key encrypting plaintext by an arithmetic operation to obtain a ciphertext using the same key as the input of the decryption algorithm to decrypt the ciphertext to obtain the original, as shown below:
From here we can see that there are several factors symmetric encryption, respectively, plain text, the encryption algorithm, key, and the ciphertext decryption algorithm, i.e. the original plaintext data, the key together with the plaintext as inputs to the encryption algorithm, the plaintext is disrupted the rules, of course, it is also used as input together with the ciphertext and decryption algorithm. Ciphertext is the natural result of the encryption algorithm, which are well understood, the focus here is about the encryption and decryption algorithms and models.
classification
Symmetric encryption can be divided into stream cipher and block cipher , stream cipher that is, each time the data bit stream or a byte is encrypted, the encryption process of plaintext is called plaintext stream, a key stream generated by the key stream generator, ciphertext obtained by the encryption algorithm using a key stream stream encrypting plaintext stream; typical stream cipher algorithm RC4.
Packet encryption (also often called block encryption) are grouped plaintext, encrypt each encryption algorithm for each packet, and the packet encrypted plaintext is usually obtained as long as the ciphertext.
Packet Encryption
Because the commonly used encryption packet, so here is not a stream cipher, the block cipher used are DES, 3DES and AES, the commonly used packet size is 64bit (. 8 bytes) and a 128bit (16 bytes), such as DES is used 64bit the encrypted packet size (56bit in fact, actually, because it will set a 7bit error check every bit DES), the DES encryption as shown below:
3DES algorithm is well understood, is the DES encryption and decryption 3 combination; packet length AES algorithm is 128bit, is more recommended to use symmetric encryption algorithm, DES encryption and decryption process with almost, it is to change 64bit 128bit.
Block cipher mode
Block cipher encryption mode there is substantially ECB, CBC, OFB, and CFB, where they talk ECB and CBC mode.
ECB mode
As can be seen from the figure the ECB mode, all packets are executed in parallel, without disturbing each other, so if there is a set of encrypted encryption failure will not affect other packets, which is the advantage of the ECB mode, but it is a packet no interaction between, so if you add, delete or reorganize a group of several packets, decryption process would be executed properly, which leads to inconsistent decrypted plaintext beginning with the original sent, the recipient will interfere with the plaintext understanding; in addition to the same plaintext will get the same ciphertext, an attacker can use this as a clue to decipher.
CBC mode
The CBC mode is a clear packet with the previous packet ciphertext XOR (bitwise exclusive or) operation, i.e. a next plaintext block dependent on the encryption to a ciphertext before, a group a group buckle, so this model also it referred chain. Even if this mode is not necessarily the same as the plaintext same ciphertext calculated, which compensate for the disadvantages of the ECB mode. CBC mode encryption process is as follows:
Of course, the CBC mode is flawed, such as the need to introduce an initialization vector (the same length as the plaintext block vectors), there is calculated which is a serial, low efficiency natural than an ECB mode , more details about CBC can refer to the article " CBC mode of interpretation ."
Operation Code
Go to use the following code shows the language of the CBC mode symmetric encryption (DES algorithm as an example), to which a little short codes returned err is not processed directly using the "_" instead.
package main
import (
"crypto/des"
"fmt"
"crypto/cipher"
"encoding/hex"
"bytes"
)
func main() {
var key = "12345678"
var info = "Hello World!"
Enc_str := EncryptDES_CBC(info, key)
fmt.Println(Enc_str)
Dec_str := DecryptDES_CBC(Enc_str, key)
fmt.Println(Dec_str)
}
//CBC加密
func EncryptDES_CBC(src, key string) string {
data := []byte(src)
keyByte := []byte(key)
// 创建并返回一个使用DES算法的cipher.Block接口
block, _ := des.NewCipher(keyByte)
// 对最后一个明文分组进行字节填充
data = PKCS5Padding(data, block.BlockSize())
//暂时使用密钥作为向量(不建议这样使用),初始向量的长度与明文的长度一致,DES与3DES是字节,而AES一般是16字节
iv := keyByte
//获取CBC加密模式
mode := cipher.NewCBCEncrypter(block, iv)
// 创建一个切片,加密后的数据就写到这个切片中形成一个块
out := make([]byte, len(data))
mode.CryptBlocks(out, data)
return fmt.Sprintf("%X", out)
}
//CBC解密
func DecryptDES_CBC(src, key string) string {
keyByte := []byte(key)
data, _ := hex.DecodeString(src)
block, _ := des.NewCipher(keyByte)
iv := keyByte
mode := cipher.NewCBCDecrypter(block, iv)
plaintext := make([]byte, len(data))
mode.CryptBlocks(plaintext, data)
plaintext = PKCS5UnPadding(plaintext)
return string(plaintext)
}
//明文填充算法,因为最后一个明文分组如果不够字节需要进行填充,DES与3DES需填充满8字节,而AES需填充满16字节
func PKCS5Padding(ciphertext []byte, blockSize int) []byte {
padding := blockSize - len(ciphertext)%blockSize
padtext := bytes.Repeat([]byte{byte(padding)}, padding)
return append(ciphertext, padtext...)
}
//明文减码算法,与加密相反,解密过程中需要将填充上去的字节去掉
func PKCS5UnPadding(origData []byte) []byte {
length := len(origData)
unpadding := int(origData[length-1])
return origData[:(length - unpadding)]
}
Output:
C37551BB77F741D0B7C3165F4391A0BB
Hello World!
3DES algorithm only to the des.NewCipher des.NewTripleDESCipher can, but need to introduce the AES algorithm crypto / aes bag, and can des.NewCipher to aes.NewCipher code ideas are the same, may be described with reference to the API " Go Chinese language network . " About symmetric encryption knowledge is being talked about here.