Do not want to balabala a lot of mobile applications to disclose user data problems, so directly on dry, consistent style, only text!
For mobile applications of data encryption, strictly speaking, there is no good way, one is the mobile device computing power is not enough to support the more complex encryption and decryption algorithm, the other is the fact that most of the information leakage is from mobile devices and malicious devices in the intranet, and the current solution for the information leakage of the intranet basically no solution, after all, thousand anti-thief, difficult to prevent, so clearly PC end has a very good solution mom eggs is not portable to the mobile side. (Please disregard the applications developed for these special purposes, this article is about common applications)
In fact, for the mobile end of the application analysis, the mobile side actually do most of the work is called interface, and then some of the interface to do the more insane transmission is plaintext data, there is nothing to say, although the system is very safe, but I do not need to touch the system, I just intercept the transmission of data on the line, In fact, most of the information leaks from the mobile end are so.
Is there a good solution to this? Yes, that is to develop a super complex encryption algorithm, and then the transmission of data encryption, the principle is not complicated, so this article does not introduce too much, only provide a universal encryption algorithm: Subtraction substitution method
Subtraction substitution method, in fact, is very simple, the use of key-vaule corresponding algorithm, that is, each user has a pair of keys, divided into public and private keys, the server and the client are saved with the public key and the private key, the specific generation of the words are not required, here only one example: 40-character Key pair, That is, both the public and private keys are 40 character lengths. In the communication process, the client will transfer the data packet processing, processing into a continuous string, and then take the string to the private key subtraction operation, note, because the private key only 40 characters, so the length is certainly not enough, then the cycle bar, first from the beginning to the tail, and then from the tail minus the head or start again can be arbitrary, Of course, the process of doing subtraction may produce overflow, which requires such a file record overflow situation, of course, this is not a problem, plus the overflow file is, and then add the public key, packaging to the TCP/IP protocol package then sent to the server, the server received the full data after decryption, Service-side data sent to the client is the same, the same encryption process, the client is the same decryption process, the difference is that the server is not a unified key pair, but the user's key pair, which is why the inclusion of the public key in the packet reason
The above is a simple encryption process, the advantage is that the data packet encryption is relatively strong, the likelihood of being untied is very small, the disadvantage is that the resource consumption is high. Of course, the brain hole open how I can only have a solution, the advantages and disadvantages of the above approach, put forward another solution: VPN packet tunnel session scheme!
VPN this thing is a good thing ah, is simply the 21st century Chinese program ape necessary tools, and this goods comes with encryption algorithm, although this algorithm security is not good, but always better than bare Ben, and this encryption algorithm does not need us to design, can directly take to use (this is probably our vast number of programs ape favorite thing to do); , the VPN has a problem, that is, the goods are built IP address and IP address between the channel, and to authorize, so good at the PC, but to the mobile side is a hassle, because we can not let the entire mobile device network resources to an application. However, the network resources, although shared, but in a moment, in fact, is exclusive, but because the time is very short, it creates the illusion of sharing, which also provides me with the possibility of retrofitting VPN technology: I can remove the authentication link, remove all unnecessary links, only the packet encryption and peer-to-peer channel capabilities, This is not OK pull! Of course, this is not going to work, and it can be expected that although I only need the ability to point to point channels, it takes time to build a point-to-point channel, so I make the point-to-point channel an open channel so that any IP address can be connected.
So a weird VPN is built: No authentication required, anyone can connect! This is not enough, but also to change, we know that the network, although in our view is continuous, but is actually a single packet, so we can change the VPN based on the IP address of the packet? Seems feasible! If you can do the only VPN channel when needed to quickly set up, and then send out the packet after the disconnection, so perfect! May I? OK! We can do this:
Now there is a VPN server, open, then the client to send data, and then to the server to say hello: dude, notice, I want to send data, you give me a channel, and then the server and the client set up a VPN channel, at this time, the data transfer is ready to complete, then the client transmits data as usual, Because of having a VPN, this is the VPN, nature, the data has been encrypted, and then the client data sent out, and to the service side to say hello: my friend, I passed the data, you break it, then the server think this session has been completed, will disconnect this channel.
As a result, the mobile data encryption algorithm is completed.
Well, I admit that I didn't write well, and I don't have a picture to show that I don't seem to understand, but who's going to tell me what happened?
Simple mobile app data encryption scheme