Abstract: This article first analyzes the reasons for database data encryption, briefly introduces the DES algorithm, Java password system, and Java password extension, finally, the methods and steps for using the DES encryption algorithm to protect database data are described.
Keywords e-commerce Java encryption DES algorithm
Java is a language that is very suitable for network programming. Its basic structure is very similar to that of C ++, But it discards pointer and other content in C/C ++, at the same time, it absorbs the smalltalk and C ++ object-oriented programming ideas. It is simple, robust, portable, and dynamic. These features make Java a standard for cross-platform application development and are widely used around the world.
Why database data needs to be encrypted
In e-commerce websites, database information is crucial, especially the real-time transaction of goods, so that some important information has to be stored in the database or other places that are easy to leak or insecure (of course, there is no absolute security), such as digital product information, bank card accounts, etc. Once a hacker-like network master successfully intrude into our system, if our database information is not encrypted, then all our things are delivered, which not only harms the interests of the merchants, but also causes losses to the customers and further affects China's e-commerce mileage, therefore, encryption of some important information in the database plays an important role.
Java password system and Java password Extension
Java cryptographic systems (JCA) and Java cryptographic extensions (JCE) are designed to provide Java with encryption function APIs unrelated to implementation. They use the factory method to create class routines, and then delegate the actual encryption function to the underlying engine specified by the provider, the engine provides a service provider interface for classes to encrypt/decrypt data in Java, which is implemented using its built-in JCE (Java encryption extension. Java Development Tool Set 1.1 introduces a new type of flexible application programming interface based on suppliers to implement encryption functions including digital signatures and information summarization. The Java cryptographic architecture supports vendor interoperability and hardware and software implementation.
Java cryptographic structure design follows two principles:
(1) independence and reliability of algorithms.
(2) Independence and interaction.
The independence of algorithms is obtained by defining the cryptographic service class. Users only need to understand the concepts of cryptographic algorithms, rather than concerned about how to implement these concepts. The independence and interaction are achieved through the cryptographic service provider. The cryptographic service provider is one or more packages that implement one or more cryptographic services. Software developers package various algorithms into a provisioner based on certain interfaces. Users can install different provisors. Install and configure the provisioner. You can put the zip and jar files containing the provisioner under classpath, and then edit the Java Security Attribute file to define a provisioner. When the Java Runtime Environment is Sun, a default provider sun is provided.
The following describes the DES algorithm and how to use the DES algorithm to encrypt and decrypt class files.
DES algorithm Introduction
Des (Data Encryption Standard) is the most widely used group symmetric encryption algorithm. The DES algorithm has three entry parameters: Key, data, and mode. Among them, the key is 8 bytes in 64-bit, which is the key of the DES algorithm; data is also 8 bytes in 64-bit, which is the data to be encrypted or decrypted; the mode is des, which can be encrypted or decrypted.
The work flow of the DES algorithm is as follows: if the mode is the encryption mode, data is encrypted using the key, and the data password (64-bit) is generated as the output result of DES; for example, if mode is the decryption mode, the key is used to decrypt the encrypted data, and the restored data plaintext (64-bit) is used as the des output result. When writing and reading data, use the same key. When writing data, the key performs DES encryption on the core data and then stores the data in the database. When the data needs to be retrieved from the database, decrypt the password data with the same key, and then reproduce the key data in the plaintext format. This ensures the security and reliability of the core data stored in the database.
Steps for Using DES algorithm Encryption
(1) generate a security key. You must have a key before encrypting or decrypting any data. The key is a piece of data published along with the encrypted application. The key code is as follows.
[Generate a key code]
// Generate a trusted random number Source
Securerandom sr = new securerandom ();
// Generate a keygenerator object for the selected DES algorithm
Keygenerator kg = keygenerator. getinstance ("des ");
Kg. INIT (SR );
// Generate the key
Secret Key key = kg. generatekey ();
// Save the key data as a file for future use, where key filename is the saved file name
Fileutil. writefile (keyfilename, key. getencoded ());
(2) encrypt data. After obtaining the key, you can use it to encrypt data. As shown below.
[Encrypt raw data with a key]
// Generate a trusted random number Source
Securerandom sr = new securerandom ();
// Obtain key data from key filename of the key file
Byte rawkeydata [] = fileutil. readfile (Key filename );
// Create an eyspec object from the original key data
Deskeyspec DKS = new deskeyspec (rawkeydata );
// Create a key factory and use it to convert the keyspec into a secret key object
Secretkeyfactory key factory = secretkeyfactory. getinstance ("des ");
Secret Key key = keyfactory. generatesecret (DKS );
// The cipher object actually completes the encryption operation
Cipher cipher = cipher. getinstance ("des ");
// Use the key to initialize the cipher object
Cipher. INIT (Cipher. encrypt_mode, key, Sr );
// Obtain the STR data to be encrypted
Byte data [] = Str. getbytes ();
// Perform the encryption operation
Byte encryptedclassdata [] = cipher. dofinal (data );
// Save it to the database
(3) decrypt data. The procedure is as follows.
[Decrypt data with a key]
// Generate a trusted random number Source
Securerandom sr = new securerandom ();
// Obtain the original key data from the key file
Byte rawkeydata [] = util. readfile (keyfilename );
// Create a receiveyspec object
Deskeyspec DKS = new deskeyspec (rawkeydata );
// Create a key factory and use it to convert the keyspec object into a secret key object
Secretkeyfactory key factory = secretkeyfactory. getinstance ("des ");
Secretkey key = keyfactory. generatesecret (DKS );
// The cipher object actually completes the decryption operation
Cipher cipher = cipher. getinstance ("des ");
// Use the key to initialize the cipher object
Cipher. INIT (Cipher. decrypt_mode, key, Sr );
// Obtain the encrypted data STR from the database
Byte encrypted data [] = Str. getbytes ();
// Perform the decryption operation
Byte decrypteddata [] = cipher. dofinal (encrypteddata );
// Display the decrypted data to the customer.
We need to start using data encryption in the new system, if not in the current system. I think this is a big project, that is why I say that data encryption is used in the new system, rather than adding data encryption to the old system. The best way is to start with the providers of the databases you use most often: Oracle, IBM, and Microsoft. Then let's look at what a large number of third-party vendors and other Internet security experts can provide. No matter where you start, it is best to start today to avoid making yourself the headlines of tomorrow's newspaper.