In general, HTTP data exchange process, the data are transmitted in encrypted form, data encryption will become more common in the web portion of the current
Symmetric encryption
The method of using a single encryption key cryptography, the same key can be used simultaneously encrypting and decrypting information, which is called symmetric encryption encryption method, also known as a single key cryptography.
This encryption algorithm is also more common, the key benefit is not for data transmission, once a hacker to get your key, your data will be leaked, even said that the data transfer process can be manipulated in
the example:
micro-channel pay signature algorithm
raw data:
appid:wxd930ea5d5a258f4f
mch_id:10000100
device_info:1000
body:test
nonce_str:ibuaiVcKdpRxkhJA
wherein the sign signature is encrypted
and the encryption algorithm is:
1, according to the parameters in key = value form, and in accordance with the following parameter name ASCII lexicographical sort
stringA="appid=wxd930ea5d5a258f4f&body=test&device_info=1000&mch_id=10000100&nonce_str=ibuaiVcKdpRxkhJA";
here is data to be transmitted to the connection processing , which is the most basic confusion
2, second step: splicing API key:
stringSignTemp=stringA+"&key=192006250b4c09247ec02edce69f6a2d" //注:key为商户平台设置的密钥key sign=MD5(stringSignTemp).toUpperCase()="9A0A8659F005D6984697E2CA0A9CF3B7" //注:MD5签名方式
that is, a symmetric key kEY in the same manner as appended to data to be transmitted, then the data SHA256 or MD5 irreversible encryption algorithm and other processes encryption, the results obtained at this time is the signature data.
3, the last thing to do is to add the signature back to the data to be transmitted
<xml> <appid>wxd930ea5d5a258f4f</appid> <mch_id>10000100</mch_id> <device_info>1000</device_info> <body>test</body> <nonce_str>ibuaiVcKdpRxkhJA</nonce_str> <sign>9A0A8659F005D6984697E2CA0A9CF3B7</sign> </xml>
this time to the receiving party after acquiring the data, calculates the data except the name before the step of obtaining the signature by the same, then neither signature comparison, the same signature the data is valid, the signature different description data has been tampered with, direct return failure.
The advantage of this approach is that the algorithm is simple and effective, the downside is that once key compromise, the attacker can intercept or modify data in the gateway routing end, data destruction.
Of course, this is just micro-channel payment generated by a symmetric encryption key, encryption can also be a complete data transfer by standard algorithm, which is simple to understand, say not performed.
Of course, this micro-channel just pay for the symmetric encryption signature verification, data transmission between a transmission or plain
Asymmetric encryption
Asymmetric encryption algorithm requires two keys for encryption and decryption, both the secret key is a public key (public key, referred to as a public key) and a private key (private key, the private key for short).
The sender encrypts the data by the private key, public key and the recipient decrypts, of course, between a private key public key algorithm has certain specifications. Of course, this encryption method is relatively simple kind, the two sides carried out with my private key encryption, then you can use the public key to decrypt, both the asymmetric key, which is a better system of data transmission, but the design because the middle private-public key conversion process, so a large amount of data when the conversion will be relatively slow, so no need to general data encryption and decryption in this way.
Hybrid Encryption
Hybrid Encryption way is very high confidentiality of that, since both the front are symmetric or asymmetric key processing based on the case, once the fixed key has been compromised, then the data will be cracked (of course this case probability is very small), hybrid encryption is fully utilized in two different encryption methods were used in combination.
Example: Suppose A and B for data transmission:
A B sends data to
. 1, A generates a random number, the assumption is 123456, the first random number to a B asymmetric encryption;
2, B A ciphertext obtained after , the public key obtained by decryption into plain text, and then generates a random number himself ABCDEF is assumed, then the random number sent to a by asymmetric encryption;
. 3, B a ciphertext decryption give ABCDEF, and then with the previous 123456 randomly sort algorithm, the assumption is 123456ABCDEF, thus obtaining a synthetic key, we symmetric encryption data to be transmitted by the key, is sent to B;
. 4, B by the same sorting algorithm, symmetric encryption cipher key, then pass over the a decrypts the data to obtain the plaintext.
The advantage of this approach is obvious, the real key data transmission at every change, both sides confirmed that the actual data sorting algorithm, of course, this algorithm also can be further optimized, here is not to do too much in-depth understanding; in terms of efficiency, this algorithm is actually more embarrassing, although this part of the symmetric encryption efficiency is significantly higher than asymmetric encryption efficiency, but because more than the middle of the HTTP request, so the whole, but lower efficiency . This encryption method is suitable for those under very strict confidentiality of data when used, is not generally recommended because it takes more than one HTTP request resource is a bit big.