Cryptography--java Encryption and decryption basics

Java Encryption and Decryption basics

Cryptography is a technological science that studies the coding and decoding of passwords. This paper studies the objective Law of password change, which is used to compile passwords to keep the secret of communication, called coding, which is used to decipher the password to obtain the communication information, which is called the deciphering of cryptography.

Common terminology of cryptography

plaintext: data to be encrypted.

ciphertext: The plaintext is encrypted after the data.

encryption: the process of converting plaintext to ciphertext.

encryption algorithm: convert plaintext to ciphertext conversion algorithm.

Encryption key: The key for the cryptographic operation through the cryptographic algorithm.

decryption: The process of converting ciphertext to inscriptions.

Decryption algorithm: convert ciphertext to plaintext conversion algorithm.

Decryption key : The key to decrypt the operation by decrypting the short hair.

Cryptography classification

1. By Time

A. Classical password: The character is the basic encryption unit.

B. Modern password: The information block is the basic encryption unit.

2 classification by algorithms of classified content

A. Restricted algorithms: The secrecy of the algorithm is based on the secrecy of the retention algorithm.

B. Key-based algorithms: the confidentiality of the algorithm is based on the confidentiality of the key.

3. Partitioning by Key System

A. Symmetric cryptography: Also called a single-key or private-key cryptosystem, the encryption process uses the same set of keys as the decryption process. The corresponding algorithm is symmetric encryption algorithm, such as DES, AES.

B. Asymmetric cryptography: Also known as a dual-key or public-key cryptography, the encryption process uses a different key than the decryption process. The corresponding algorithm is asymmetric encryption algorithm, such as RSA.

4. According to the clear-Text processing method Division

A. Stream password: Also known as a serial password, encrypt each time one or a byte of plaintext is encrypted. such as the RC4 algorithm.

B. Block password: Encrypt the plaintext into fixed-length groups, with the same key and algorithm for each set of encrypted output is also a fixed-length plaintext. When the last set of sizes does not meet the specified grouping size,

There are two modes of processing:

No fill mode, directly encrypt the remaining data, the size of the group after the encryption is related to the remaining data;

There is a fill pattern for data fills that do not meet the specified length groupings, and if the last set of data is exactly the same size as the specified grouping, a grouping of the specified size is added directly, and the last byte of the padding records the number of bytes populated.

Introduction to the working mode of block cipher

1. Electronic cipher-mode--ECB

The individual groupings of plaintext are encrypted using the same key, which is encrypted independently of each other and thus can be carried out in parallel. Also, because of the independent encryption of each packet, the same plaintext packets are encrypted with the same ciphertext. The pattern is easy to expose the statistical law and structural characteristics of clear text grouping. There is no protection against replacement attacks.
In fact, according to the implementation of the ECB, the process is only to group the plaintext, and then separately encrypted, the last string together in the process. This mode is not recommended when the message length exceeds a single grouping. adding random bits to each grouping, such as 96 bits in 128-bit groupings as valid plaintext and 32-bit random numbers, can slightly improve their security, but this undoubtedly results in the expansion of data during encryption.

Advantages:

1. Simple;

2. facilitates parallel computing;

3. The error will not be transmitted;

Disadvantages:

1. Cannot hide the clear text mode;

2. Possible active attacks on plaintext;

2. Password grouping link module-CBC

Requires an initialization vector IV, the first set of plaintext and initialization vector after the XOR operation, and then encrypt, after each set of plaintext is different from the previous set of ciphertext or operation after encryption. IV does not require secrecy, it can be transmitted in plaintext with ciphertext.

Advantages:

1. Not easy to actively attack, security better than the ECB, suitable for transmitting long-length messages, is the standard of SSL, IPSec.

Disadvantages:

1. Not conducive to parallel computing;

2. Error transfer;

3. Need to initialize Vector IV

3. Ciphertext feedback mode--CFB

An initialization vector IV is required, encrypted with the first block plaintext to produce the first set of ciphertext, and then encrypt the first set of ciphertext and then with the second set of plaintext to XOR the second set of ciphertext, one analogy until the encryption is complete.

Advantages:

1. The plaintext mode is hidden;

2. Block cipher into stream mode;

3. Can encrypt and transmit data less than packet in time;

Disadvantages:

1. Not conducive to parallel computing;

2. Error transmission: A clear text unit damage affects multiple units;

3. The only IV;

4. Output Feedback mode--OFB

Need an initialization vector IV, encrypted to get the first encrypted data, this encrypted data with the first packet plaintext to create the first set of ciphertext, and then the first encrypted data for the second encryption, the second encrypted data, the second encrypted data and the second set of plaintext with the XOR operation produced a second set of cipher text, An analogy until the encryption is complete.

Advantages:

1. The plaintext mode is hidden;

2. Block cipher into stream mode;

3. Can encrypt and transmit data less than packet in time;

Disadvantages:

1. Not conducive to parallel computing;

2. Active attacks on plaintext are possible;

3. Error transmission: A clear text unit damage affects multiple units;

5. Counter Mode--ctr

Using counters, the counter initial value is encrypted with the first set of plaintext, and the first set of ciphertext is generated,

The counter is incremented and then encrypted with the next set of plaintext to create the next set of ciphertext, and so on, until the encryption is complete

Advantages:

1. can be parallel computing;

2. Security is at least as good as CBC mode;

3. Encryption and solution only involves encryption of cryptographic algorithms;

Disadvantages:

1. No error propagation, not easy to ensure data integrity;

Introduction to the method of grouping password fills

PKCS5: The padding string consists of a sequence of bytes with a value of 5, each of which fills the length of the sequence of bytes. Explicitly defining the size of the Block is 8 bits

PKCS7: The padding string consists of a sequence of bytes with a value of 7, each of which fills the length of the sequence of bytes. The size of the block is indeterminate and can be between 1-255

ISO10126: The padding string consists of a sequence of bytes, the last byte of this byte sequence fills the length of the byte sequence, and the remaining bytes populate with random data.

Cryptography--java Encryption and decryption basics