Java AES Encryption

Symmetric encryption algorithm

Definition: In the symmetric encryption algorithm, the sender of the data sends the plaintext (raw data) and the encryption key (Mi Yue) together with a special encryption algorithm, which makes it into a complex cipher cipher. After receiving the ciphertext, if you want to interpret the original text, it is necessary to decrypt the ciphertext by using the encryption key and the inverse algorithm of the same algorithm, so that it can be restored to readable plaintext. In the symmetric encryption algorithm, only one key is used, both parties use this key to encrypt and decrypt the data, which requires the decryption party must know the encryption key beforehand.

Advantages: The algorithm is open, the computational amount is small, the encryption speed is fast, and the encryption efficiency is high.

Disadvantages:

(1) Both sides of the transaction use the same key, the security is not guaranteed.

(2) Every pair of users use symmetric encryption algorithm each time, need to use the other people do not know the unique key, which will make the two sides have the number of keys have a geometric growth, key management becomes the burden of users. Symmetric encryption algorithm is difficult to use in distributed network system, mainly because of difficulty in key management and high cost of use.

AES Five encryption modes

Code-based mode (ECB)

Divides the entire plaintext into segments of the same segment and encrypts each small segment.

Excellent: Easy to operate, easy to implement, group independent, easy to parallel, error will not be transmitted. -Simple, parallel, non-transmitting error.

Lack: Can not conceal the clear text structure information, difficult to resist the statistical analysis attack. --active attack on plaintext is possible.

Cipher Packet Chaining mode (CBC)

First, the plaintext is divided into small pieces, and then each small segment with the initial block or the ciphertext section of the previous paragraph is different or operation, and then encrypted with the key.

Advantages : Can conceal the plaintext structure information, ensure that the same ciphertext can be different plaintext, so it is not easy to actively attack, security better than the ECB, suitable for transmitting long-length messages, SSL and IPSec standards.

Disadvantages : (1) not conducive to parallel computing, (2) Transmission error-The previous error is followed by a complete fault; (3) The first plaintext block needs to be different from an initialization vector IV, and the selection of the initialization vector IV is more complex.

Output feedback mode (OFB)

The output of the cryptographic algorithm (that is, the password key instead of ciphertext) feeds back into the input of the cryptographic algorithm, and the OFB pattern is not encrypted directly by the cipher algorithm, but by XOR the output of the plaintext packet and cipher algorithm to create the ciphertext grouping.

Advantages : It hides the plaintext mode, combines packet encryption and stream cipher (block cipher into stream mode), and can encrypt and transmit data less than packet in time.

disadvantage : It is not conducive to parallel computing; it is necessary to generate a secret key stream, and an active attack on plaintext is possible.

Counter Mode (CTR)

The full flow pattern. The instantaneous value is connected with the counter and then encrypted to produce a key block of the key stream, followed by an XOR operation.

Advantages: Do not divulge clear text, only need to implement cryptographic functions, no padding, parallel computing.

Disadvantage: the need for instantaneous value IV is difficult to guarantee the uniqueness of IV.

Password feedback mode (Cipher FeedBack (CFB))

Unlike the ECB and CBC modes, which can only encrypt block data, the CFB can convert block Cipher to stream cipher Cipher.

The fill mode of AES

Implementation of AES in Java

1 /**2 3 * AES Encrypted string4 5      *6 7      * @paramcontent8 9 * strings that need to be encryptedTen  One      * @paramPassword A  - * Password required for encryption -  the      * @returnCiphertext -  -      */ -  +      Public Static byte[] Encrypt (string content, string password) { -  +         Try { A  at               //the Keygenerator class is the key generator provided by Java -  -Keygenerator KGen = keygenerator.getinstance ("AES"); -  　　　　　　　　 
 　　　　　　　　　　 
 　　　　　　　　　　  generate a key based on the user's password  -  　　　　　　　　 //using the user password as a random number to initialize the -  　　　　　　　　 // encryption Okay, SecureRandom is generating a sequence of safe random numbers, password.getbytes () is a seed, as long as the seed is the same, the sequence is the same, so the decryption as long as there is password on the line
The SecureRandom class is a strongly encrypted random number generator (RNG) that is available in Java.  inKgen.init (128,NewSecureRandom (Password.getbytes ()));//128-bit key producer -  　　　　　　　　 //Generate a key *Secretkey Secretkey =Kgen.generatekey (); $ Panax Notoginseng               //Returns the key in the basic encoding format, or null if the key does not support encoding -  the               byte[] Encodeformat = secretkey.getencoded (); +  A               //Convert to AES private key the  +Secretkeyspec key =NewSecretkeyspec (Encodeformat, "AES"); -  $  　　　　　　　　 //Create a cryptographic device. The cipher class provides password functionality for encryption and decryption $  -Cipher Cipher = cipher.getinstance ("AES"); -  the              byte[] bytecontent = Content.getbytes ("Utf-8"); - Wuyi  　　　　　　　　 //initializes the cipher to cryptographic mode. The Decrypt_mode is used to initialize Cipher as a constant for decryption mode. Initialize this Cipher with a key.  the  - Cipher.init (Cipher.encrypt_mode, key); WuEncrypt or decrypt data by one-part operation, or end a multipart operation. Data will be encrypted or decrypted -              byte[] result = Cipher.dofinal (bytecontent);//Encrypt About  $              returnresult; -  -   -  A}Catch(Exception e) { +  the e.printstacktrace (); -  $} the         return NULL; the  the}

Decrypt

1Keygenerator KGen = keygenerator.getinstance ("AES");//Create a key producer of AES2Kgen.init (128,NewSecureRandom (Password.getbytes ()));3Secretkey Secretkey = Kgen.generatekey ();//generate a key based on the user's password4             byte[] Encodeformat = secretkey.getencoded ();//returns the key in the basic encoding format5Secretkeyspec key =NewSecretkeyspec (Encodeformat, "AES");//Convert to AES private key6Cipher Cipher = cipher.getinstance ("AES");//Create a password device7Cipher.init (Cipher.decrypt_mode, key);//ciphers initialized to decryption mode8             byte[] result =cipher.dofinal (content); 9             returnResult//plaintext

Java AES Encryption