Description of modern cryptography

modern cryptography

Modern cryptography includes three forms: hash function, symmetric cipher and asymmetric cipher

1. Hash function

Hash function, also see hash function, digest function or hash function, can convert messages of any length into fixed length values after operation. The common ones are MD5, SHA-1 and SHA256, which are mostly used in file verification and digital signature.

MD5 can generate a 128 bit (16 byte) hash value from the original text of any length

SHA-1 can generate a 160 bit (20 byte) hash value from the original text of any length

2. Symmetric password

The symmetric password applies the same encryption key and decryption key. Symmetric ciphers are divided into Sequence Ciphers (stream ciphers) and Block Ciphers (block ciphers). Stream cipher is to encrypt each element (a letter or a bit) in the information stream as the basic processing unit. Block cipher is to block the information stream first, and then encrypt each block separately.

For example, the original is 1234567890. Stream encryption is to encrypt 1, then 2, and then 3... And finally splice them into ciphertext; Block encryption is first divided into different blocks, such as 1234 into blocks, 5678 into blocks, 90XX(XX is the complement number) into blocks, then different blocks are encrypted respectively, and finally spliced into ciphertext. The classical cryptography encryption methods mentioned above belong to stream encryption.

3. Asymmetric password

The key security of symmetric password is extremely important. Encryptors and decryptors need to negotiate the key in advance and ensure the security of the key respectively. Once the key is leaked, even if the algorithm is secure, it can not guarantee the privacy of the original information.

In actual use, the remote advance negotiation key is not easy to realize. Even if the negotiation is good, it is easy to be obtained by others in the process of remote transmission. Therefore, the asymmetric key highlights its advantages at this time.

Asymmetric cryptography has two keys, public key and private key. The keys used for encryption and decryption are different. After encrypting the original text with the public key, it needs to be decrypted by the private key; After encrypting the original text with the private key (generally referred to as signature at this time), it needs to be decrypted by the public key (generally referred to as signature verification at this time). The public key can be made public. We use the public key to encrypt the information and then send it to the holder of the private key. The holder of the private key uses the private key to decrypt the information and obtain the original information. Because the private key is only held by a single person, there is no need to worry about being decrypted by others to obtain the original information.

There are two common encryption methods:

Symmetric encryption

● the encryption method of single key cryptosystem is adopted, and the same key can be used for encryption and decryption of information at the same time. This encryption method is called symmetric encryption, also known as single key encryption.
● examples

We now have an original 3 to send to B
 Set key as 108, 3 * 108 = 324, Send 324 as ciphertext to B
B After getting ciphertext 324, Use 324/108 = 3 Get the original text

1. Common encryption algorithms

Des: data encryption standard, that is, data encryption standard, is a block algorithm using key encryption. In 1977, it was determined as the federal data processing standard (FIPS) by the National Bureau of standards of the federal government of the United States and authorized to be used in unclassified government communications. Then the algorithm was widely spread internationally.
AES: Advanced Encryption Standard Also known as Rijndael encryption in cryptography, it is a block encryption standard adopted by the federal government of the United States. This standard is used to replace the original DES, which has been analyzed by many parties and widely used all over the world.
characteristic:
The encryption speed is fast, and large files can be encrypted
The ciphertext is reversible. Once the key file is leaked, it will lead to data exposure
After encryption, the corresponding character cannot be found in the coding table, resulting in garbled code
Generally used in combination with Base64

2. Encryption mode

ECB :
Electronic codebook The message to be encrypted is divided into several blocks according to the block size of the block password, and each block is encrypted independently

advantage : Data can be processed in parallel
 shortcoming : The same original text generates the same ciphertext, It can not protect data well and encrypt it at the same time. The original text is the same, and the encrypted ciphertext is the same

CBC :
Cipher block chaining Each plaintext block is XOR with the previous ciphertext block before encryption. In this method, each ciphertext block depends on all plaintext blocks in front of it

advantage : The ciphertext generated by the same original text is different
 shortcoming : Serial processing data.

3. Filling mode

When the length of data to be processed by block does not meet the requirements of block processing, fill the rule of full block length according to a certain method
NoPadding:

No filling.
stay DES Encryption algorithm, The length of the original text must be 8 byte Integer multiple of
 stay AES Encryption algorithm, The length of the original text must be 16 byte Integer multiple of

PKCS5Padding:

The size of the data block is 8 bits, Make up if not enough

Tips:

By default, Encryption mode and fill mode are : ECB/PKCS5Padding 
If used CBC pattern, In initialization Cipher Object time, Need to add parameters, 
Initialization vector IV : IvParameterSpec iv = new IvParameterSpec(key.getBytes());

Encryption mode and fill mode

AES/CBC/NoPadding (128)
AES/CBC/PKCS5Padding (128)
AES/ECB/NoPadding (128)
AES/ECB/PKCS5Padding (128)
DES/CBC/NoPadding (56)
DES/CBC/PKCS5Padding (56)
DES/ECB/NoPadding (56)
DES/ECB/PKCS5Padding (56)
DESede/CBC/NoPadding (168)
DESede/CBC/PKCS5Padding (168)
DESede/ECB/NoPadding (168)
DESede/ECB/PKCS5Padding (168)
RSA/ECB/PKCS1Padding (1024, 2048)
RSA/ECB/OAEPWithSHA-1AndMGF1Padding (1024, 2048)
RSA/ECB/OAEPWithSHA-256AndMGF1Padding (1024, 2048)

Message summary

Message Digest is also called digital digest
It is a fixed length value that uniquely corresponds to a message or text. It is generated by a one-way Hash encryption function acting on the message
The value generated by digital summary cannot be tampered with in order to ensure the security of files or values
characteristic:

No matter how long the input message is, the length of the calculated message summary is always fixed. For example, application MD5 The message of the algorithm digest has 128 bits,
use SHA-1 The message of the algorithm summary finally has 160 bits of output

As long as the input messages are different, the summary messages generated after summarizing them must also be different; But the same input must produce the same output
 Message digest is unidirectional and irreversible

Common algorithms:

- MD5
- SHA1
- SHA256
- SHA512

Summary:

MD5 algorithm : Summary result 16 bytes, 32 bytes after hexadecimal conversion
SHA1 algorithm : Summary result 20 bytes, 40 bytes after hexadecimal conversion
SHA256 algorithm : Summary result 32 bytes, 64 bytes after hexadecimal conversion
SHA512 algorithm : Summary result 64 bytes, 128 bytes after hexadecimal conversion

Asymmetric encryption

Introduction:

1.Asymmetric encryption algorithm is also called modern encryption algorithm.

2.Asymmetric encryption is the cornerstone of computer communication security, which ensures that the encrypted data will not be cracked.

3.Unlike symmetric encryption algorithm, asymmetric encryption algorithm requires two keys: public key(publickey) And private secrets(privatekey)

4.Public key and private key are a pair

5.If the data is encrypted with a public key, it can only be decrypted with the corresponding private key.

6. If the data is encrypted with a private key, it can only be decrypted with the corresponding public key.

7.Because encryption and decryption use two different keys, this algorithm is called asymmetric encryption algorithm.

Example:

Generate the key pair first, Public key is(5,14), Private key is(11,14)
Now? A Hope to send the original 2 to B
A Encrypt data using public key. 2 The 5th power of mod 14 = 4 , Send ciphertext 4 to B
B Decrypt data using private key. 4 The 11th power of mod14 = 2, Get original 2

characteristic:

Encryption and decryption use different keys
 If private key encryption is used, Only public key decryption can be used
 If using public key encryption, Decryption can only be performed using the private key
 Slow data processing, Because of the high level of security

Common algorithms:

RSA
ECC

Introduction to Base64 algorithm

Base64 is one of the most common readability coding algorithms for transmitting 8Bit byte code on the network
Readability coding algorithm is not to protect the security of data, but to readability
Readability coding does not change the information content, but only the expression of the information content
The so-called Base64 means that 64 characters are used in the encoding process: uppercase A to Z, lowercase a to Z, digits 0 to 9, "+" and "/"
Base58 is a coding method used in Bitcoin, which is mainly used to generate the wallet address of Bitcoin
Compared with Base64, Base58 does not use the number "0", capital "O", capital "I", lowercase "I", and "+" and "/" symbols

Base64 algorithm principle

base64 is a group of three bytes, one byte is 8 bits, a total of 24 bits. Then, convert the three bytes into four groups of 6 bits in each group,

3 * 8 = 4 * 6 = 24, each group has 6 bits, and the missing 2 bits will be supplemented with 0 in the high order. The advantage of this is that the base takes the last 6 bits, and the high 2 bits are removed, so the value of Base64 can be controlled in 0-63 bits, so it is called base64111 111 = 32 + 16 + 8 + 4 + 2 + 1

As shown in the figure:

base64 composition principle

1. a lowercase letter a - z = 26 Letters
2. Capitalize A - Z = 26 Letters
3. Number 0 - 9 = 10 Number
4. + / = 2 Symbols

be careful:

base64 There's one = No mapping found in the table = No. this place needs attention. The equal sign is very special,
because base64 It is a group of three bytes. If we don't have enough bits, we will use the equal sign to make up

Tips:

This article is compiled from the cryptography document of Shang Silicon Valley Ma Weiqi. Because the original text is too long, it is split and sorted

Tags: Java Spring

Posted by lostincoding on Mon, 23 May 2022 12:52:46 +0300