Java Encryption Series (i) Encryption basics

Common terms for passwords

plaintext : information to encrypt

ciphertext : plaintext after being encrypted

Encryption : The process of converting plaintext into ciphertext

encryption Algorithm : conversion algorithm of plaintext to ciphertext

Encryption keys : Keys for cryptographic operations using cryptographic algorithms

decryption : The process of converting ciphertext to plaintext

decryption Algorithm : An algorithm for converting ciphertext to plaintext

decryption key: The key used to decrypt the operation by decrypting the algorithm

cryptanalysis : The interception of ciphertext attempts to infer the original plaintext or key process by analyzing the captured cipher text

Active attack : The attacker illegally invades the password system, using forgery, modification, deletion and other means to inject false messages to the system to deceive (the ciphertext has destructive effect)

Passive attacks : interception of ciphertext and analysis and attack on a security system (no destructive effect on ciphertext)

cipher System : consists of five parts, plaintext space, ciphertext space, key space, encryption algorithm and decryption algorithm.

Password Protocol : Also known as security protocol, refers to a cryptographic communication protocol based on the exchange of information, in order to provide a secure service in the network environment

Password system : Refers to the system used for encryption and decryption

kerckhoffs principle : The security of data is based on secret key rather than algorithm secrecy. That is, the security of the system depends on the key, the key is confidential, the algorithm is exposed . This is the basic principle of modern cryptography design.

Classification of passwords

by password system

symmetric encryption (single-key password, private key password) refers to the same encryption key as the decryption key

Asymmetric Encryption (dual-key password, public key password ) means that the encryption key is different from the decryption key, the key is divided into the public key, the private key

By clear Text Processing method

block password : refers to the encryption of the clear text into fixed-length groups, with the same secret key and algorithm for each block encryption, output is a fixed length of ciphertext. More for network encryption

Stream Password : Also called serial password. Encrypt one or one byte of plaintext at a time

hash function : is not used to complete the data encryption and decryption, is used to verify the integrity of the data.

Features: Unlimited length, hash value easy to calculate, hash operation process irreversible

Correlation algorithm: Message digest algorithm MD5, sha--Secure Hash algorithm, mac--message authentication code algorithm

Digital Signature : primarily for processing of messages stored as a digital form

OSI Security system OSI (open System Interconnection) Open communication System network communication

7. Application Layer

6. Presentation Layer

5. Session Layer

4. Transport Layer

3. Network layer

2. Data Link Layer

1. Physical Layer

Security mechanisms

Encryption mechanism

Digital signature mechanism

Access control mechanism

Data integrity mechanisms

Authentication mechanism

Business flow fill mechanism

Routing control mechanism

Justice mechanism

Security services

Certification (identification)

Access Control Services

Data Privacy Services

Data integrity Services

Denial-of-service

TCP/IP Security system

7. Application Layer

4. Application Layer 6. Presentation Layer Application layer security

5. Session Layer

3. Transport Layer 4. Transport Layer Transport Layer Security

2. Network layer 3. Network layer security

1. Network interface layer 2. Data Link layer network interface layer Security

1. Physical Layer

Security Services Security Mechanisms

Authentication (identification service) authentication mechanism

Digital signature mechanism

Access Control Service access control mechanism

Routing control mechanism

Encryption mechanism of data privacy service

Business flow fill mechanism

Data integrity Service data integrity mechanism

Denial-of- service justice mechanism

Java Security Components

The JCA (Java Cryptography Architecture ) Java Cryptographic Architecture provides a basic cryptographic framework, such as Message digest, digital signature

The JCE (Java Cryptography Extension ) Java encryption extension package is extended on a jca basis, such as DES, AES, and RSA algorithms via JCE

JSSE (Java Secure Socket Extension) Java Secure Sockets extension Package provides SSL-based encryption, primarily for network transport

JAAS (Java Authentication and authentication service)Java Authentication and security services based on the Java platform, such as permissions

Java Encryption Series (i) Encryption basics