Asymmetric encryption algorithm-DH Algorithm

Source: Internet
Author: User

I. Overview

1. The main difference with symmetric encryption algorithms is that the encryption and decryption keys are different. One is public (Public Key) and the other is private (Private Key ). It mainly solves the Key Distribution Management Problem of symmetric encryption algorithms and improves the algorithm security.

2. the encryption and decryption efficiency of asymmetric encryption algorithms is relatively low. In algorithm design, asymmetric encryption algorithms have strict requirements on the length of encrypted data. For example, the RSA algorithm requires that the data to be encrypted must not exceed 53 bytes.

3. asymmetric encryption algorithms are mainly used to exchange keys of symmetric encryption algorithms instead of data exchanges.

4. Java 6 provides two algorithms: DH and RSA. Bouncy castle provides e1gamal algorithm support. In addition to the above three algorithms, there is also an ECC algorithm, and no relevant open-source components are currently supported.

 

Ii. Model Analysis

We still analyze the data sent by both parties as a model.

1. Party A (message sender, the same below) constructs a key pair (Public Key + Private Key), and Party A publishes the public key to Party B (Message Receiver, the same below)

2. Party B uses the public key sent by Party A as the parameter to construct the key pair (Public Key + Private Key), and publishes the constructed public key to Party

3. Party A uses "Party A's private key + Party B's public key" to construct a local key

4. Party B uses "Party B's private key + Party A's public key" to construct a local key

5. At this time, the newly constructed keys of both parties are the same. Then we can use the symmetric encryption algorithms such as AES and the key for secure data transmission. For the transfer process, refer to the AES algorithm.

Iii. Code Analysis

Package COM. CA. test; <br/> Import Java. security. key; <br/> Import Java. security. keyfactory; <br/> Import Java. security. keypair; <br/> Import Java. security. keypairgenerator; <br/> Import Java. security. privatekey; <br/> Import Java. security. publickey; <br/> Import Java. security. spec. pkcs8encodedkeyspec; <br/> Import Java. security. spec. x509encodedkeyspec; <br/> Import Java. util. hashmap; <br/> Import Java. util. m AP; <br/> Import javax. crypto. cipher; <br/> Import javax. crypto. keyagreement; <br/> Import javax. crypto. secretkey; <br/> Import javax. crypto. interfaces. dhprivatekey; <br/> Import javax. crypto. interfaces. dhpublickey; <br/> Import javax. crypto. spec. dhparameterspec; <br/> Import javax. crypto. spec. secretkeyspec; <br/> Import Org. apache. commons. codec. binary. base64; <br/>/** <br/> * asymmetric encryption algorithm DH algorithm component <br/> * asymmetric algorithm 1 Is used to transmit keys of symmetric encryption algorithms, therefore, we use the DH algorithm to simulate key transfer <br/> * symmetric encryption AES algorithm to continue data encryption and decryption <br/> * @ author kongqz <br/> **/ <br/> public class dhcoder {<br/> // asymmetric key algorithm <br/> Public static final string key_algorithm = "DH "; </P> <p> // local key algorithm, that is, symmetric encryption algorithm. Optional des, AES, desede <br/> Public static final string secret_algorithm = "AES"; </P> <p>/** <br/> * key length, the default key length of the DH algorithm is 1024 <br/> * The key length must be a multiple of 64, between 512 and 1024 bits <br/> **/<br/> Private Static final int key_size = 512; <br/> // Public Key <br/> Private Static final string public_key = "dhpublickey "; </P> <p> // Private Key <br/> Private Static final string private_key = "dhprivatekey "; </P> <p>/** <br/> * initialize Party A's key <br/> * @ return map of Party A's key <br/> **/<br/> Public static Map <string, object> initkey () throws exception {<br/> // instantiate the key generator <br/> keypairgenerator = keypairgenerator. getinstance (key_algorithm); <br/> // initialize the key generator <br/> keypairgenerator. initialize (key_size); <br/> // generate a key pair <br/> keypair = keypairgenerator. generatekeypair (); <br/> // Party A's public key <br/> dhpublickey publickey = (dhpublickey) keypair. getpublic (); <br/> // Party A's private key <br/> dhprivatekey privatekey = (dhprivatekey) keypair. getprivate (); <br/> // store the key in Map <br/> Map <string, Object> keymap = new hashmap <string, Object> (); <br/> keymap. put (public_key, publickey); <br/> keymap. put (private_key, privatekey); <br/> return keymap; </P> <p >}</P> <p>/** <br/> * initialize Party B's key <br/> * @ Param key Party A's key (this key is transmitted through a third party) <br/> * @ return map of Party B's key <br/> **/<br/> Public static Map <string, Object> initkey (byte [] key) throws exception {<br/> // parse Party A's public key <br/> // convert the public key material <br/> x509encodedkeyspec x509keyspec = new x509encodedkeyspec (key ); <br/> // instantiate the key factory <br/> keyfactory = keyfactory. getinstance (key_algorithm); <br/> // generate a public key <br/> publickey pubkey = keyfactory. generatepublic (x509keyspec); <br/> // construct Party B's key using Party A's public key <br/> dhparameterspec dhparamspec = (dhpublickey) pubkey ). getparams (); <br/> // instantiate the key generator <br/> keypairgenerator = keypairgenerator. getinstance (keyfactory. getalgorithm (); <br/> // initialize the key generator <br/> keypairgenerator. initialize (dhparamspec); <br/> // generate a key pair <br/> keypair = keypairgenerator. genkeypair (); <br/> // Party B's public key <br/> dhpublickey publickey = (dhpublickey) keypair. getpublic (); <br/> // Party B's private key <br/> dhprivatekey privatekey = (dhprivatekey) keypair. getprivate (); <br/> // store the key in Map <br/> Map <string, Object> keymap = new hashmap <string, Object> (); <br/> keymap. put (public_key, publickey); <br/> keymap. put (private_key, privatekey); <br/> return keymap; <br/>}< br/>/** <br/> * encryption <br/> * @ Param data to be encrypted <br/> * @ Param key <br /> * @ return byte [] encrypt data <br/> **/<br/> Public static byte [] encrypt (byte [] data, byte [] Key) throws exception {<br/> // generate a local key <br/> secretkey = new secretkeyspec (Key, secret_algorithm ); <br/> // data encryption <br/> cipher = cipher. getinstance (secretkey. getalgorithm (); <br/> cgorer. init (cipher. encrypt_mode, secretkey); <br/> return cipher. dofinal (data ); <br/>}< br/>/** <br/> * decrypt <br/> * @ Param data to be decrypted <br/> * @ Param key <br /> * @ return byte [] decrypt data <br/> **/<br/> Public static byte [] decrypt (byte [] data, byte [] Key) throws exception {<br/> // generate a local key <br/> secretkey = new secretkeyspec (Key, secret_algorithm ); <br/> // data decryption <br/> cipher = cipher. getinstance (secretkey. getalgorithm (); <br/> cgorer. init (cipher. decrypt_mode, secretkey); <br/> return cipher. dofinal (data ); <br/>}< br/>/** <br/> * build the key <br/> * @ Param publickey Public Key <br/> * @ Param privatekey Private Key <br /> * @ return byte [] local key <br/> **/<br/> Public static byte [] getsecretkey (byte [] publickey, byte [] privatekey) throws exception {<br/> // instantiate the key factory <br/> keyfactory = keyfactory. getinstance (key_algorithm); <br/> // initialize the Public Key <br/> // key material conversion <br/> x509encodedkeyspec x509keyspec = new x509encodedkeyspec (publickey ); <br/> // generate the Public Key <br/> publickey pubkey = keyfactory. generatepublic (x509keyspec); <br/> // initialize the private key <br/> // key material conversion <br/> pkcs8encodedkeyspec pkcs8keyspec = new pkcs8encodedkeyspec (privatekey ); <br/> // generate a private key <br/> privatekey prikey = keyfactory. generateprivate (pkcs8keyspec); <br/> // instantiate <br/> keyagreement keyagree = keyagreement. getinstance (keyfactory. getalgorithm (); <br/> // initialization <br/> keyagree. init (prikey); <br/> keyagree. dophase (pubkey, true); <br/> // generate a local key <br/> secretkey = keyagree. generatesecret (secret_algorithm); <br/> return secretkey. getencoded (); <br/>}< br/>/** <br/> * obtain the private key <br/> * @ Param keymap Key Map <br/> * @ return byte [] private Key <br/> **/<br/> Public static byte [] getprivatekey (Map <string, object> keymap) {<br/> key = (key) keymap. get (private_key); <br/> return key. getencoded (); <br/>}< br/>/** <br/> * obtain the Public Key <br/> * @ Param keymap Key Map <br/> * @ return byte [] Public Key <br/> **/<br/> Public static byte [] getpublickey (Map <string, object> keymap) throws exception {<br/> key = (key) keymap. get (public_key); <br/> return key. getencoded (); <br/>}< br/>/** <br/> * @ Param ARGs <br/> * @ throws exception <br/> */<br/> Public static void main (string [] ARGs) throws exception {<br/> // generate Party A's key pair <br/> Map <string, Object> keymap1 = dhcoder. initkey (); <br/> // Party A's public key <br/> byte [] publickey1 = dhcoder. getpublickey (keymap1); </P> <p> // Party A's private key <br/> byte [] privatekey1 = dhcoder. getprivatekey (keymap1); <br/> system. out. println ("Party A's public key:/N" + base64.encodebase64string (publickey1); <br/> system. out. println ("Party A's private key:/N" + base64.encodebase64string (privatekey1 )); </P> <p> // key pair generated by Party A's public key <br/> Map <string, Object> keymap2 = dhcoder. initkey (publickey1); <br/> byte [] publickey2 = dhcoder. getpublickey (keymap2); <br/> byte [] privatekey2 = dhcoder. getprivatekey (keymap2); <br/> system. out. println ("Party B's public key:/N" + base64.encodebase64string (publickey2); <br/> system. out. println ("Party B's private key:/N" + base64.encodebase64string (privatekey2); </P> <p> // assemble Party A's local encryption key, A combination of Party B's public key and Party A's private key <br/> byte [] key1 = dhcoder. getsecretkey (publickey2, privatekey1); <br/> system. out. println ("Party A's local key:/N" + base64.encodebase64string (key1); </P> <p> // assemble Party B's local encryption key, A combination of Party A's public key and Party B's private key <br/> byte [] key2 = dhcoder. getsecretkey (publickey1, privatekey2); <br/> system. out. println ("Party B's local key:/N" + base64.encodebase64string (key2); </P> <p> system. out. println ("===================== the key pair has been constructed, start Transmission of encrypted data ============== "); <br/> string STR =" password exchange algorithm "; <br/> system. out. println ("/n ============= Party A sends encrypted data to Party B ==================== "); <br/> system. out. println ("Original:" + Str); <br/> system. out. println ("============= use Party A's local key pair for Data Encryption ================== "); <br/> // Party A encrypts data <br/> byte [] code1 = dhcoder. encrypt (Str. getbytes (), key1); <br/> system. out. println ("encrypted data:" + base64.encodebase64string (code1); </P> <p> system. out. println ("============ use the local key of Party B to decrypt the data ================== "); <br/> // Party B decrypts data <br/> byte [] decode1 = dhcoder. decrypt (code1, key2); <br/> system. out. println ("Data decrypted by Party B:" + new string (decode1) + "/n"); </P> <p> system. out. println ("=========== reverse operation, party B sends data to Party A =====================/ n/n "); </P> <p> STR = "B sends data DH to Party A"; </P> <p> system. out. println ("Original:" + Str); </P> <p> // use Party B's local key to encrypt the data <br/> byte [] code2 = dhcoder. encrypt (Str. getbytes (), key2); <br/> system. out. println ("============= use Party B's local key pair for Data Encryption ================== "); <br/> system. out. println ("encrypted data:" + base64.encodebase64string (code2); </P> <p> system. out. println ("================ Party B transfers data to Party ==== "); <br/> system. out. println ("============ use the local key of Party A to decrypt the data ================== "); </P> <p> // Party A decrypts data using a local key <br/> byte [] decode2 = dhcoder. decrypt (code2, key1); </P> <p> system. out. println ("Data decrypted by Party A:" + new string (decode2); <br/>}</P> <p> console output result: <br/> Party A's public key: <br/> Upgrade + downgrade <br/> Upgrade/olspmvj/7zox503crcova5q + k2oyizsl5h2qgcnqi + da0/9zzx0go8y/j5b4 = <br/> private Key: <br/> signature + euykagibgaqyajb0haxhpodw <br/> Signature = <br/> Party B's public key: <br/> authorization + euykagibganeaajbaowqguur2jdr <br/> authorization/xijjoonnzx3rnao/+ v85tg3g = <br/> Party B's private key: <br/> encrypt + euykagibgaqyajb +/hgbyvlo <br/> encrypt/7 soxsr/6pfab1npaai1no0 = <br/> Party A's local key: <br/> + e068e5kswvlyrb5o1ryiy1vft6wcunbrxvlbyn ++/M = <br/> Party B's local key: <br/> + e068e5kswvlyrb5o1ryiy1vft6wcunbrxvlbyn ++/M = <br/>================== the key pair has been constructed, start Transmission of encrypted data ==================<br/>============== Party A sends encrypted data to Party B ==================< br/> original: password exchange algorithm <br/>============ use Party A's local key pair for Data Encryption ================ <br/> encrypted data: 1pumknkyfkauo6ktg5udta ==< br/>============= use Party B's local key to decrypt the data ================ <br/> data decrypted by Party B: password exchange algorithm </P> <p >============ reverse operation, party B sends data to Party A ====================</P> <p> original: party B sends data DH to Party A <br/>==================use Party B's local key pair for Data Encryption ============== ===< br/> encrypted data: vgldxmtgybae87nisohx + yvwyukax/qykywv + jewkby = <br/>============== Party B transfers data to Party ================< br/>=============== use Party A's local key to decrypt data ====== ============< br/> data decrypted by Party: B sends data DH to Party A <br/>

 

 

Iv. Summary

1. asymmetric encryption algorithms are mainly used to transmit keys with low performance. However, it is highly secure. The Data Length encrypted by asymmetric encryption algorithms is limited.

2. After using asymmetric encryption algorithms to calculate the local keys of both parties, you can select the symmetric encryption algorithms des/AEs/desede for data transmission.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.