Chapter 2 asymmetric encryption algorithms-DH and asymmetric encryption algorithms-dh

Source: Internet
Author: User
Tags asymmetric encryption

Chapter 2 asymmetric encryption algorithms-DH and asymmetric encryption algorithms-dh

Note: In this section, refer to "advanced encryption algorithms-asymmetric encryption algorithms" in Chapter 2nd of Java encryption and decryption art (version 8th"

11.1 asymmetric encryption algorithms

Features:

  • Both the sender and receiver have a key pair (Public Key + Private Key), in which the public key is propagated and the private key is saved by itself, and does not need to be propagated.
  • The non-propagation feature of the private key solves the difficulty of key propagation in symmetric encryption algorithms (this difficulty can be solved by offline transmission)
  • Encryption is highly secure and only used for some e-commerce websites. The encryption and decryption speed is far lower than symmetric encryption.
  • In general, asymmetric encryption is used to solve the problem of low encryption and decryption speed of asymmetric encryption algorithms (encryption and decryption of symmetric encryption keys using public and private keys) + symmetric encryption (data encryption and decryption.

Common algorithms:

  • DH (cornerstone of asymmetric encryption)
  • RSA (Classic asymmetric encryption, in addition to asymmetric encryption, can also be used for digital signatures, RSA--155 (512-bit key) has been cracked)
  • ElGamal (Common asymmetric encryption algorithms)

11.2. DH (used only for key distribution and cannot encrypt or decrypt data)

Implementation Method:

  • JDK (Key Length: 512 ~ An integer multiple of 64 in 1024)

Concepts:

  • Key pair: Public Key + Private Key
  • Local key: symmetric encryption key

Entire Process:

1) both parties initialize their respective key pairs

Party A builds a key pair keyPair1 --> Party B uses the Public Key publicKey1 in Party A's key pair to build its own key pair keyPair2

2) both parties construct their respective local keys

Party A uses its private key privateKey1 + Party B's public key publicKey2 to build its own local key key1

Party B uses its private key privateKey2 + Party A's public key publicKey1 to build its own local key key2

At last, we will find that key1 = key2. These two local keys will be the keys used for symmetric encryption.

3) The sender (either Party A or Party B) uses the local key + symmetric encryption algorithm to encrypt and transmit the encrypted data to the receiver.

4) The recipient uses the local key + symmetric encryption algorithm to decrypt the decrypted data.

1 package com. util. dh; 2 3 import java. io. unsupportedEncodingException; 4 import java. security. invalidAlgorithmParameterException; 5 import java. security. invalidKeyException; 6 import java. security. key; 7 import java. security. keyFactory; 8 import java. security. keyPair; 9 import java. security. keyPairGenerator; 10 import java. security. noSuchAlgorithmException; 11 import java. security. privateKey; 12 I Mport java. security. publicKey; 13 import java. security. spec. invalidKeySpecException; 14 import java. security. spec. PKCS8EncodedKeySpec; 15 import java. security. spec. x509EncodedKeySpec; 16 17 import javax. crypto. badPaddingException; 18 import javax. crypto. cipher; 19 import javax. crypto. illegalBlockSizeException; 20 import javax. crypto. keyAgreement; 21 import javax. crypto. noSuchPaddingException; 22 I Mport javax. crypto. interfaces. DHPublicKey; 23 import javax. crypto. spec. DHParameterSpec; 24 import javax. crypto. spec. secretKeySpec; 25 26 import org. apache. commons. codec. binary. base64; 27 28/** 29 * JDK-based DH algorithm, working mode using ECB 30 */31 public class DHJDK {32 private static final String ENCODING = "UTF-8 "; 33 private static final String FDC_KEY_ALGORITHM = "DH"; // asymmetric encryption key algorithm 34 private static final String DC_KEY_ALGORITHM = "AES"; // Algorithm for generating local keys (symmetric encryption key algorithm) 35 private static final String CIPHER_ALGORITHM = "AES/ECB/pkcspad5ding "; // encryption/decryption algorithm format: algorithm/working mode/filling mode Note: ECB does not use the IV parameter 36 private static final int FDC_KEY_SIZE = 512; // asymmetric key length (512 ~ 64 integer times between 1024) 37 38/** 39 * generate Party A's key pair 40 */41 public static KeyPair initKey () throws NoSuchAlgorithmException {42 KeyPairGenerator keyPairGenerator = KeyPairGenerator. getInstance (FDC_KEY_ALGORITHM); // key pair generator 43 keyPairGenerator. initialize (FDC_KEY_SIZE); // specify the key length 44 KeyPair keyPair = keyPairGenerator. generateKeyPair (); // generate key pair 45 return keyPair; 46} 47 48/*** generate Party B key pair 50 * @ param key party a public key 51 */5 2 public static KeyPair initKey (byte [] key) throws NoSuchAlgorithmException, 53 InvalidKeySpecException, 54 InvalidAlgorithmParameterException {55 KeyFactory keyFactory = KeyFactory. getInstance (FDC_KEY_ALGORITHM); // key factory 56 PublicKey publicKey = keyFactory. generatePublic (new X509EncodedKeySpec (key); // restore Party A's public key 57 DHParameterSpec dHParameterSpec = (DHPublicKey) publicKey ). getParams (); 58 59 KeyPairGen Erator keyPairGenerator = KeyPairGenerator. getInstance (keyFactory. getAlgorithm (); // Party B key pair generator 60 keyPairGenerator. initialize (dHParameterSpec); // use Party A's public key parameter to initialize Party B's key pair generator 61 KeyPair keyPair = keyPairGenerator. generateKeyPair (); // generate key pair 62 return keyPair; 63} 64 65/** 66 * DH encrypted 67 * @ param data with encrypted data 68 * @ param keyByte local key, the getSecretKey (byte [] publicKey, byte [] privateKey) generates 69 */70 public static byte [] Encrypt (String data, byte [] keyByte) throws exceptions, 71 NoSuchPaddingException, 72 InvalidKeyException, 73 IllegalBlockSizeException, 74 BadPaddingException, 75 keys {76 Key key = new SecretKeySpec (keyByte, DC_KEY_ALGORITHM); // generate the local key 77 78 Cipher cipher = Cipher. getInstance (CIPHER_ALGORITHM); 79 cipher. init (Cipher. ENCRYPT_MODE, key); // sets the encryption mode and initializes key 80 r Eturn cipher. doFinal (data. getBytes (ENCODING); 81} 82 83/** 84 * DH decryption 85 * @ param data the data to be decrypted is a byte array 86 * @ param keyByte local key, getSecretKey (byte [] publicKey, byte [] privateKey) generates 87 */88 public static byte [] decrypt (byte [] data, byte [] keyByte) throws NoSuchAlgorithmException, 89 NoSuchPaddingException, 90 InvalidKeyException, 91 IllegalBlockSizeException, 92 BadPaddingException {93 Key key = new SecretKeySpec (keyByte, DC_KEY_ALGORITHM); // generate a local key 94 Cipher cipher = Cipher. getInstance (CIPHER_ALGORITHM); 95 cipher. init (Cipher. DECRYPT_MODE, key); 96 return cipher. doFinal (data); 97} 98 99/** 100 * build a local key (symmetric encryption key) based on the private key and the public key of the other party) 101 * @ param publicKey public Key 102 * @ param privateKey Private Key 103 */104 public static byte [] getSecretKey (byte [] publicKey, byte [] privateKey) throws NoSuchAlgorithmException, 10 5 InvalidKeySpecException, 106 InvalidKeyException {107 KeyFactory keyFactory = KeyFactory. getInstance (FDC_KEY_ALGORITHM); // The Key factory 108 PublicKey pubkey = keyFactory. generatePublic (new X509EncodedKeySpec (publicKey); // restore public key 109 PrivateKey prikey = keyFactory. generatePrivate (new PKCS8EncodedKeySpec (privateKey); // restore the private key 110 111 KeyAgreement keyAgreement = KeyAgreement. getInstance (keyFactory. getAlgorithm (); 1 12 keyAgreement. init (prikey); 113 keyAgreement. doPhase (pubkey, true); 114 return keyAgreement. generateSecret (DC_KEY_ALGORITHM ). getEncoded (); // generate a local key (symmetric encryption key) 115} 116 117/** 118 * obtain the public Key 119 */120 public static byte [] getPublicKey (KeyPair keyPair) {121 return keyPair. getPublic (). getEncoded (); 122} 123 124/** 125 * Get private key 126 */127 public static byte [] getPrivateKey (KeyPair keyPair) {128 return keyPair. getPriv Ate (). getEncoded (); 129} 130 131/** 132 * test 133 */134 public static void main (String [] args) throws NoSuchAlgorithmException, 135 InvalidKeySpecException, 136 conflict, 137 InvalidKeyException, 138 NoSuchPaddingException, 139 IllegalBlockSizeException, 140 BadPaddingException, 141 UnsupportedEncodingException {142 byte [] pubKey1; // party a public key 143 byte [] priKey1; // Party A Private Key 144 byte [] ke Y1; // Party A's local key 145 byte [] pubKey2; // Party B's public key 146 byte [] priKey2; // Party B's private key 147 byte [] key2; // Party B's local key 148 149/********************** test whether the above six keys can be correctly generated, and whether key1 and key2 are equal *********************/150 KeyPair keyPair1 = DHJDK. initKey (); // generate Party A's key pair 151 pubKey1 = DHJDK. getPublicKey (keyPair1); 152 priKey1 = DHJDK. getPrivateKey (keyPair1); 153 154 KeyPair keyPair2 = DHJDK. initKey (pubKey1); // generate Party B's key pair based on Party A's public key 155 pubKey2 = DHJDK. getPublicK Ey (keyPair2); 156 priKey2 = DHJDK. getPrivateKey (keyPair2); 157 158 key1 = DHJDK. getSecretKey (pubKey2, priKey1); // use the public key of the other party and the private key to build the local key 159 key2 = DHJDK. getSecretKey (pubKey1, priKey2); // use the public key of the other party and the private key to build the local key 160 161 System. out. println ("Party A's public key pubKey1 -->" + Base64.encodeBase64String (pubKey1) + "@ pubKey1.length -->" + pubKey1.length); 162 System. out. println ("Party A's private key priKey1 -->" + Base64.encodeBase64String (priKey1) + "@ priKey1.le Ngth --> "+ priKey1.length); 163 System. out. println ("Party B's public key pubKey2 -->" + Base64.encodeBase64String (pubKey2) + "@ pubKey2.length -->" + pubKey2.length); 164 System. out. println ("Party B's private key priKey2 -->" + Base64.encodeBase64String (priKey2) + "@ priKey2.length -->" + priKey2.length); 165 System. out. println ("Party A's key key1 -->" + Base64.encodeBase64String (key1); 166 System. out. println ("Party B's key key2 -->" + Base64.encodeBase64String (key2); 167 168/ * ******************* Test whether party A uses a local key to encrypt data and send it to Party B, party B uses the local key to decrypt data *******************/169 System. out. println ("Party A --> Party B"); 170 String data = "Find a good girl! "; 171 byte [] encodeStr = DHJDK. encrypt (data, key1); 172 System. out. println ("data encrypted by Party A -->" + Base64.encodeBase64String (encodeStr); 173 byte [] decodeStr = DHJDK. decrypt (encodeStr, key2); 174 System. out. println ("Data decrypted by Party B -->" + new String (decodeStr, "UTF-8 ")); 175 176/********************* test that Party B uses the local key to encrypt data and send it to Party, party A uses the local key to decrypt data *******************/177 System. out. println ("Party B --> Party A"); 178 String data2 = "Find a good girl! "; 179 byte [] encodeStr2 = DHJDK. encrypt (data2, key2); 180 System. out. println ("data encrypted by Party B -->" + Base64.encodeBase64String (encodeStr2); 181 byte [] decodeStr2 = DHJDK. decrypt (encodeStr, key1); 182 System. out. println ("Data decrypted by Party A -->" + new String (decodeStr2, "UTF-8"); 183} 184}View Code

Note:

  • The byte [] array can be compared by comparing the elements in the two arrays in sequence. Of course, the two Arrays can also be base64-encoded (CC) or hexadecimal conversion (BC/CC) into a string for comparison
  • During the test, check whether key1 and key2 are equal, and If Party A sends encrypted data, Party B receives and decrypts the data, or Party B sends encrypted data. Party A receives and decrypts the data.

Q: When I set the asymmetric key to 512, the length of the public key is 228 bits, and the length of the private key is 213 BITs, which is far from 512, so how is 512 calculated? (If you want to know, explain it to me)

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.