AES/RSA encryption mechanism

Source: Internet
Author: User
When the server communicates with the terminal device over HTTP, it is often captured by the network, decompilation (AndroidAPK decompilation tool), and other technologies to obtain the HTTP communication interface address and parameters. To ensure information security, we use AES + RSA to encrypt and decrypt interface parameters. 1. about the RSA encryption mechanism: the public key is used to encrypt the data, and the private key is used to decrypt the data... during # wiki/1546.html "target =" _ blank "> HTTP communication between servers and terminal devices, packets are often captured and decompiled over the network (Android APK decompilation tool) obtain the HTTP communication interface address and parameters. To ensure information security, we use AES + RSA to encrypt and decrypt interface parameters.

1. RSA encryption mechanism: the public key is used to encrypt data, and the private key is used to decrypt the data. The two are irreversible. The public key and the private key are generated at the same time, one-to-one correspondence. For example, A owns the public key and B owns the public key and private key. A encrypts the data through the public key and sends the ciphertext to B. B can decrypt the data through the private key and public key.

2. AES encryption is also called symmetric encryption: After A uses A password to encrypt data through AES, B uses the same password to decrypt the ciphertext.

Procedure:

1. use openssl to enter the key attributes (such as the company name and email address) in the terminal, and then enter the current address of the terminal, generate a total of seven public and private key files (for how to use the seven files, see the extended links in the appendix ).

2. assume that the Android client has the public key PublicKey and the server has the public key PublicKey and private key PrivateKey.

3. Android sends requests to the server: Android randomly generates Byte [] Random Passwords. assume that RandomKey = "123456" and uses the AES algorithm to encrypt Json data.

4. at the moment, the server does not know what the RandomKey of the client is. Therefore, you must transmit the Randomkey to the server at the same time. Otherwise, the server cannot decrypt the Json data through AES. However, if a request is sent directly, the Randomkey is exposed. Therefore, you must perform irreversible RSA encryption on the RandomKey.

5. Android uses Randomkey for AES-encrypted Json data and PublicKey for RSA-encrypted RandomKey for HTTP transmission to the server. Data Request completed.

6. the server receives AES-encrypted Json data and Rsa-encrypted RandomKey data.

7. the server uses the private key PrivateKey to decrypt the encrypted RandomKey. Obtain the original Randomkey generated by Android.

8. use the original RandomKey to perform AES symmetric decryption on the encrypted Json data. So far, the original Json data sent from Android has been obtained. Perform regular server business operations, and then perform AES-encrypted gouhou using the Android RandomKey, and then return Response.

9. after Android receives the Response data, it uses the previously generated RandomKey to directly perform AES decryption.

You can view the detailed flowchart.

Client-server-side HTTPS data transmission flowchart

Note:

1. in the actual development process, it is found that RSA and AES have different ciphertext generation standards, which will be incompatible with IOS. The public key required by IOS in the RSA algorithm is different from that in JAVA. For detailed solutions, see:

2. AES encryption cannot use keys larger than bytes, because keys larger than bytes are not supported in JDK or later versions.

Conclusion: from performance testing, the original data sent from the client to the decrypted data cannot exceed 300 ms (Iphone4 and Centos Java server transmission test ). This solution does not adopt the TOKEN method, and may be used later. Public key updates also need to be improved.

The above is a detailed description of the AES/RSA encryption mechanism. For more information, see other related articles in the first PHP community!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.