1. RSA encryption mechanism: the public key is used to encrypt data, and the private key is used to decrypt the data. The two are irreversible. The public key and the private key are generated at the same time, one-to-one correspondence. For example, A owns the public key and B owns the public key and private key. A encrypts the data through the public key and sends the ciphertext to B. B can decrypt the data through the private key and public key.
2. AES encryption is also called symmetric encryption: After A uses A password to encrypt data through AES, B uses the same password to decrypt the ciphertext.
Procedure:
1. use openssl to enter the key attributes (such as the company name and email address) in the terminal, and then enter the current address of the terminal, generate a total of seven public and private key files (for how to use the seven files, see the extended links in the appendix ).
2. assume that the Android client has the public key PublicKey and the server has the public key PublicKey and private key PrivateKey.
3. Android sends requests to the server: Android randomly generates Byte [] Random Passwords. assume that RandomKey = "123456" and uses the AES algorithm to encrypt Json data.
4. at the moment, the server does not know what the RandomKey of the client is. Therefore, you must transmit the Randomkey to the server at the same time. Otherwise, the server cannot decrypt the Json data through AES. However, if a request is sent directly, the Randomkey is exposed. Therefore, you must perform irreversible RSA encryption on the RandomKey.
5. Android uses Randomkey for AES-encrypted Json data and PublicKey for RSA-encrypted RandomKey for HTTP transmission to the server. Data Request completed.
6. the server receives AES-encrypted Json data and Rsa-encrypted RandomKey data.
7. the server uses the private key PrivateKey to decrypt the encrypted RandomKey. Obtain the original Randomkey generated by Android.
8. use the original RandomKey to perform AES symmetric decryption on the encrypted Json data. So far, the original Json data sent from Android has been obtained. Perform regular server business operations, and then perform AES-encrypted gouhou using the Android RandomKey, and then return Response.
9. after Android receives the Response data, it uses the previously generated RandomKey to directly perform AES decryption.
You can view the detailed flowchart.
Client-server-side HTTPS data transmission flowchart
Note:
1. in the actual development process, it is found that RSA and AES have different ciphertext generation standards, which will be incompatible with IOS. The public key required by IOS in the RSA algorithm is different from that in JAVA. For detailed solutions, see:
2. AES encryption cannot use keys larger than bytes, because keys larger than bytes are not supported in JDK or later versions.
Conclusion: from performance testing, the original data sent from the client to the decrypted data cannot exceed 300 ms (Iphone4 and Centos Java server transmission test ). This solution does not adopt the TOKEN method, and may be used later. Public key updates also need to be improved.
The above is a detailed description of the AES/RSA encryption mechanism. For more information, see other related articles in the first PHP community!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
