Android Security Encryption: Asymmetric encryption detailed _android

Android security encryption feature article index

1. Android Secure encryption: Symmetric encryption
   
2. Android Secure encryption: Asymmetric encryption
   
3. Android Secure encryption: Message digest Digest
   
4. Android Security Encryption: Digital signatures and digital certificates
   
5. Android Secure encryption: HTTPS programming

The above learning all content, symmetric encryption, asymmetric encryption, message digest, digital signature and other knowledge is to understand the work of digital certificates as a preliminary knowledge. Digital certificate is the ultimate weapon in cryptography, is the crystallization of the wisdom of human thousands of years history, only after understanding the working principle of digital certificate, can we understand the secure communication mechanism of HTTPS protocol. It will eventually be handy in the SSL development process.

In addition, the two knowledge points of symmetric encryption and message digest can be used separately.

Knowledge Point Series:

Digital certificates use all the knowledge you have learned

1. Symmetric encryption and asymmetric encryption are used to achieve the secret key exchange, after which the two parties use the secret key for symmetric encrypted communication.
2. Message digest and asymmetric encryption to achieve digital signature, the root certificate authority to sign the target certificate, at the time of verification, the root certificate with the public key to verify it. If the checksum succeeds, the certificate is trusted.
3. The Keytool tool can create certificates, then submit them to the root certification authority for direct use of self-signed certificates, as well as output the RFC format information for certificates.
4. Digital signature technology realizes the guarantee of identity authentication and data integrity.
5. The encryption technology guarantees the confidentiality of the data, the message digest algorithm guarantees the integrity of the data, the high efficiency of symmetric encryption guarantees the reliability of the processing, and the digital signature technology guarantees the non-repudiation of the operation.

Through the above content of learning, we should be able to grasp the following knowledge points:

1. Basics: Bit bits, bytes, characters, character encodings, incoming transformations, IO
2. Know how to use symmetric encryption to solve problems in actual development
3. Know symmetric encryption, asymmetric encryption, message digest, digital signature, digital certificate is to solve the problem of what happened
4. Understanding the SSL communication process
5. How to request HTTPS interface in actual development
   

1. Introduce

Unlike symmetric encryption algorithms, an asymmetric encryption algorithm requires two keys: the public key (PublicKey) and the private key (Privatekey). The public key and the private key are a pair, if the data is encrypted with the public key, only the corresponding private key can be decrypted, if the data is encrypted with the private key, then only the corresponding public key can be decrypted. Because encryption and decryption use two different keys, this algorithm is called an asymmetric encryption algorithm.

Simple to understand: encryption and decryption are different keys.

2. Common algorithms

RSA, Elgamal, knapsack algorithm, Rabin, D-h, ECC (elliptic curve encryption algorithm) and so on, which Alipay use is the RSA algorithm

3. RSA algorithm principle

Decomposition, Euler function, modulo inverse element
The principle is very complex, just need to know that the internal is based on decomposition decomposition and modulo operation can

4. Use steps

1, Get Cipher object
Cipher Cipher = cipher.getinstance ("RSA");
2, generate public and private key
KeyPair KeyPair = keypairgenerator.getinstance ("RSA") by secret key pair generator Keypairgenerator. Generatekeypair ();
Use the public key for encryption, the private key to decrypt (can also be used in turn)
publickey PublicKey = Keypair.getpublic ();
Privatekey Privatekey = Keypair.getprivate ();
3, using public key initialization cipher
Cipher.init (Cipher.encrypt_mode, publickey);
4, perform cryptographic operations
byte[] result = Cipher.dofinal (Content.getbytes ());
Initializes the cipher with the private key
Cipher.init (Cipher.decrypt_mode, privatekey);
Perform decryption operation
byte[] Deresult = cipher.dofinal (result);

5. Note the point

The length of a one-time encrypted data cannot be greater than 117 bytes
private static final int encrypt_block_max = 117;
The one-time decrypted data length cannot be greater than 128 bytes
private static final int decrypt_block_max = 128;

6. Batch Operation

/**
* Batch Operation
*
@param content data to be processed
* @param cipher cipher (depending on the cipher, the operation may be encrypted or decrypted)
* @param BlockSize The block size per operation, in bytes
* @return Returns the result of processing completed
* @throws Exception/
public
 static byte[] Dofinalwithbatch (byte[] content, Cipher Cipher, int blockSize) throwseption {
 int offset = 0;//operation start offset
 int le n = content.length;//Data total length
 byte[] tmp;//temporary save operation result
 bytearrayoutputstream BAOs = new Bytearrayoutputstream (); c14/>//if remaining data while
 (Len-offset > 0) {
 if (len-offset >= blockSize) {
 //remaining data is greater than or equal to a blocksize
   
    tmp = cipher.dofinal (content, offset, blockSize);
 } else {
  //remaining data is less than one blocksize
  tmp = cipher.dofinal (content, offset, len-offset);
  }
 Saves the temporary result to the memory buffer
 baos.write (TMP);
 Offset = offset + blockSize;
 }
 Baos.close ();
 return Baos.tobytearray ();
 }

   

7. Asymmetric encryption use

Identity Certification

If an encrypted message can be solved with a public key, the information must be encrypted with A's private key, which can be used to determine if the user is a.

Stranger Communication

A and B two people do not know each other, a their own public key to B,b also send their own public key to A, the two sides can encrypt information through the other's public key communications. C Although also can get a, B's public key, but he can't solve the ciphertext.

Secret key exchange

A first obtains B's public key, then a generates a random secret key, for example 13245768, after a uses the B's public key to encrypt the secret key, obtains the encrypted secret key, for example DXS#FD@DK, then sends the cipher text to b,b with own private key to decrypt obtains 123456, after both sides uses 13245768 Secret key communication as symmetric encryption. C even intercept encrypted secret key DXS#FD@DK, oneself also cannot solve, so a, B two people can communicate by symmetric encryption.

8. Summary

Asymmetric encryption is not normally used alone. He is not to replace symmetric encryption, the asymmetric encryption speed is much slower than symmetric encryption, in extreme cases, 1000 times times slower, so generally will not be used to encrypt large amounts of data, usually we will often use symmetric and asymmetric encryption of two technologies together, For example, asymmetric encryption is used to encrypt the secret key in the encryption (that is, the secret key exchange).