"Android Development experience" how to ensure that Android and Server des encryption consistent

Reprint Please specify Source: http://blog.csdn.net/zhaokaiqiang1992

When our applications involve more sensitive data, we usually encrypt the data simply. In addition to the use of Post requests to enhance the security of data in data interactions with servers, we can encrypt data using common cryptographic algorithms. Today the main introduction is DES encryption algorithm.

First, des belongs to a symmetric encryption algorithm, so-called symmetry, that is, encryption and decryption using the same key, then in our actual application, refers to the server and the client for encryption and decryption, the use of the same key. In addition, there are asymmetric encryption algorithms, public key private key mechanism, this method can be used for authentication, this later to elaborate.

des is all called data Encryptionstandard, or data encryption standards, is a block algorithm using key encryption, the DES algorithm has three entry parameters : Key, data, Mode. where key is 7 bytes A total of 56 bits, is the working key of the DES algorithm ; Data is 8 bytes, 64 bits, which is to be encrypted or decrypted; mode is the way des works, there are two kinds: encryption or decryption.

Here is the code implementation of DES Encryption in Java or Android

Package Com.qust.rollcallstudent.utils;import Java.security.invalidalgorithmparameterexception;import Java.security.key;import Java.security.spec.algorithmparameterspec;import Java.util.locale;import Javax.crypto.cipher;import Javax.crypto.secretkeyfactory;import Javax.crypto.spec.deskeyspec;import javax.crypto.spec.ivparameterspec;/** * * @ClassName: Com.qust.rollcallstudent.utils.DESUtil * @Description: Des Cryptographic Decryption Toolkit * @author Zhaokaiqiang * @date 2014-11-13 PM 8:40:56 * */public class Desutil {public static final String ALGOR Ithm_des = "Des/cbc/pkcs5padding";/** * DES algorithm, encryption * * @param data * To encrypt String * @param key * Encrypt private key, length cannot be Less than 8-bit * @return encrypted byte array, generally combined with BASE64 encoding using * @throws invalidalgorithmparameterexception * @throws Exception */public static St Ring Encode (string key, string data) {if (data = = NULL) return null;try {deskeyspec DKs = new Deskeyspec (Key.getbytes ()); Secretkeyfactory keyfactory = secretkeyfactory.getinstance ("DES");//The length of key cannot be less than 8 bytes key Secretkey = KeyfActory.generatesecret (DKS); Cipher Cipher = cipher.getinstance (algorithm_des); Ivparameterspec IV = new Ivparameterspec ("12345678". GetBytes ()); Algorithmparameterspec Paramspec = Iv;cipher.init (Cipher.encrypt_mode, Secretkey, Paramspec); byte[] bytes = Cipher.dofinal (Data.getbytes ()); return byte2string (bytes);} catch (Exception e) {e.printstacktrace (); return data;}} /** * des algorithm, Decrypt * * @param data * To decrypt the string * @param key * Decrypts the private key, the length cannot be less than 8 bits * @return decrypted byte array * @throws Exception * Exception */public static string decode (string key, string data) {if (data = = NULL) return Null;try {Deske Yspec DKs = new Deskeyspec (Key.getbytes ()); Secretkeyfactory keyfactory = secretkeyfactory.getinstance ("DES");//The length of the key cannot be less than 8 bytes key Secretkey = Keyfactory.generatesecret (DKS); Cipher Cipher = cipher.getinstance (algorithm_des); Ivparameterspec IV = new Ivparameterspec ("12345678". GetBytes ()); Algorithmparameterspec Paramspec = Iv;cipher.init (Cipher.decrypt_mode, Secretkey, Paramspec); return newString (Cipher.dofinal (Byte2hex (Data.getbytes ())));} catch (Exception e) {e.printstacktrace (); return data;}} /** * Two-line spin string * * @param b * @return */private static string byte2string (byte[] b) {StringBuilder hs = new StringBuilder ( ); String stmp;for (int n = 0; b! = null && n < b.length; n++) {stmp = Integer.tohexstring (B[n] & 0XFF); if (St Mp.length () = = 1) hs.append (' 0 '); hs.append (STMP);} Return hs.tostring (). toUpperCase (Locale.china);} /** * Binary converted to 16 binary * * @param b * @return */private static byte[] Byte2hex (byte[] b) {if ((b.length% 2)! = 0) throw new Ill Egalargumentexception (); byte[] B2 = new Byte[b.length/2];for (int n = 0; n < b.length; n + = 2) {String item = new STR ING (b, n, 2); B2[N/2] = (byte) integer.parseint (item, 16);} return B2;}}

If you just want to use it, you don't have to look down, let's start with some details about the DES algorithm.

in the encryption and decryption method above, we are getting Cipher The instance, the string "des/cbc/pkcs5padding" is passed in, what do these three parameters mean?

In fact, these three parameters correspond to the "algorithm /mode/Fill ", that is, we want to use DES algorithm encryption, using the CBC mode, the filling mode using pkcs5padding.

In addition to CBC mode, there is the ECB mode, which refers to different encryption methods.

So what's the difference between CBC mode and ECB mode?

The ECB mode refers to the electronic cipher mode, which is the oldest and simplest mode, which divides the encrypted data into groups with the same size as the encryption key , and each group is encrypted with the same key, such as the DES algorithm, If the last packet length is not 64 bits, 64 bits should be padded. This pattern is characterized by:

1. Each key, clear text, ciphertext length must be 64 bits;

2. Data block Repeat order does not need to detect;

3. The same plaintext blocks ( using the same key) produce the same cipher blocks, which are susceptible to dictionary attacks;

4. An error will only have an effect on a ciphertext block;

The CBC mode refers to the cryptographic block chain pattern, which differs from the ECB mode by adding an initial vector. The following code is to get an initial vector,

Ivparameterspec IV = new ivparameterspec ("12345678". GetBytes ());

This pattern is characterized by:

1. Ciphertext length of 64 bits (8 bytes) per encryption ;

2. The CBC mode always produces the same ciphertext when the same key and initial vector are used in the same plaintext ;

3. The ciphertext block depends on the previous operation result, so the cipher block cannot be rearranged ;

4. Different initialization vectors can be used to avoid the same ciphertext generated by the same plaintext, to some extent against dictionary attacks ;

5. After an error occurs, the current and future ciphertext will be affected;

    

The pkcs5padding parameter is a description of the method of data completion when the number of bits is insufficient, or it can be called data filling.

Pkcs5padding This fill method, specifically, "filled numbers represent the total number of bytes filled"

For example, a difference of two bytes, is ##### #22, the difference is 5 bytes is # # #55555, so according to the last self can know the number and number of fills.

After introducing these details of DES, we can know that the consistency of encryption and decryption can be achieved on different platforms as long as the parameters are guaranteed to be consistent.

1. Encryption and decryption keys are consistent

2. When using CBC mode, ensure that the initial vectors are consistent

3. Use the same fill mode

"Android Development experience" how to ensure that Android and Server des encryption consistent