 Objective
 Nonencrypted grab packets
 Packet capture after encryption
 Basic requirements and concepts
 AES algorithm
 AES Fundamentals and Algorithmic flow
 AES Algorithm Flow
 RSA algorithm
 Fundamentals and flow of RSA algorithms
 RSA algorithm Implementation process
 AES and RSA combined data encryption scheme
 Android End Aesrsa Combined practice
 Basic requirements
 Basic process
 Android side
 Serverside
 Java Version Example
 More references
Objective
Recently, the login module for the company app was maintained, as testers grabbed the company's clear login information with the Fiddler capture tool. Although the HTTP request was made using HTTPS, the plaintext content was caught by fiddler. Therefore, the previously unencrypted logon information needs to be encrypted. Search online for an article on the Aes+rsa encryption scheme, as shown in the link below, according to this program successfully solved the encryption problem, here to record.
 Secure authentication scheme for open interfaces (AES+RSA)
Nonencrypted grab packets
The first thing to look at is unencrypted, the plaintext information obtained by the Fiddler grab is shown in 1:
 Figure 1 The request body captured by Fiddler when unencrypted
 Figure 2 The request header captured by Fiddler when unencrypted
With Figure 1, you can clearly see that all HTTP request information is transparent. If there is really a person to steal the user's information, it will cause much loss.
Packet capture after encryption
 Figure 4 after encryption, the request body captured by the fiddler packet
 Figure 5 after encryption, the Fiddler grab packet gets the request header
Figure 4, you can see all the request body through the AES encryption, and then use Base64 to encode and decode the converted request body, even if it is a conscientious to steal, it is difficult to crack in the effective time.
First look at a diagram to see the implementation of the need for the use of a number of commonly used encryption and decryption nouns
 Figure 6 Adding and decrypting common nouns
Basic requirements and concepts
With the wide application of Internet network, the information security problem is becoming more and more prominent, and the information security technology with data encryption technology has been greatly developed. Current data encryption technology can be divided into private key encryption ( symmetric encryption ) system and public key cryptography (asymmetric encryption ) system according to the encryption key type.
Symmetric encryption algorithm is a more traditional encryption system, the communication between the two sides in the process of encryption and decryption using their shared single key, given its simple algorithm and the advantages of fast encryption, is still one of the mainstream cipher system. The most common symmetric cipher algorithm is the Data Encryption Standard (des) algorithm, but due to the short length of Des key, it is not suitable for the security of data encryption in today's distributed open Network. Finally, a new symmetric advanced Data Encryption Standard AES based on the Rijndael algorithm replaces the data Encryption Standard DES. Asymmetric encryption because of the different encryption/decryption key (public key encryption, private key decryption), Key management is simple, also has been widely used. RSA is the most famous publickey cryptography algorithm for asymmetric encryption systems.
AES algorithm AES basic principle and algorithm flow
The National Institute of Standards and Technology (NIST) selects the Rijndael algorithm as the Advanced Encryption Standard (AES) from a number of block ciphers by selecting the triRounds candidate algorithm. The Rijndael password is an iterative block cipher, the packet length and password length are variable, and the packet length and password length can be specified independently of 128bit, 192bit, or 256bit. AES's cryptographic algorithm data processing unit is byte, 128 bits of bits information is divided into 16 bytes, in order to copy into a 4*4 matrix, called State, all the transformations of AES are based on the state matrix transformation.
A nr is used to denote the number of rounds of encryption for a data packet (the relationship between the number of encryption wheels and the key length is shown in table 1). In each iteration of the wheel function, there are fourstep transformations, namely the byte substitution operation (Bytesub ()), the row transform (Shiftrows ()), the column blending (Mixcolumns ()), and the addition transformation of the wheel key AddRoundKey () [3], The function is to realize the validity of encryption by repeating the simple nonlinear transformation and the mixed function transformation, and the nonlinear diffusion of the byte substitution operation is achieved, and the different keys are introduced in each iteration.
Table 1 is a comparison of three different types of AES encryption key grouping size and corresponding number of encryption wheels. When encryption begins, each byte of the input grouping is loaded into the matrix state as in table 2. If you enter Abcdefghijklmnop, the input block is mapped to the state matrix in table 2.
Table 1:
Key
AES Type 
Length 
Group Length 
number of encryption wheels 
AES128 
4 words 
4 words 
10 
AES192 
6 words 
4 words 
12 
AES256 
8 words 
4 words 
14 
Table 2:
A 
E 
I 
M 
B 
F 
J 
N 
C 
G 
K 
O 
D 
H 
L 
P 

1, byte substitution operation (Bytesub ())
BYTE substitution operations are a reversible nonlinear byte substitution operation that is performed on each byte in the packet, and the operation of the byte follows a substitution table, i.e. s box. The S box consists of two steps, the multiplication inversion on the finite field GF (28) and the affine transformation on GF (2).

2, Line transform Shiftrows ()
The line transformation is a kind of linear transformation, the purpose is to make the password information to achieve full confusion, improve the nonlinear degree. Row transforms each line of the state in bytes to the right, moving the number of bytes according to the number of rows to determine, the No. 0 line does not shift, the first line of the loop to the right one byte, the second line to move two, and so on.
+3, Row Mixed transformation Mixcolumns ()
Column transformation is to take a column from the state, expressed as a polynomial form, multiply it by a fixed polynomial a (x), and then the resulting results are modulo operation, the modulus is x4+1. where a (x) ={03}x3+{02}x2+{01}x+{02},
This polynomial is coprime with x4+1 and therefore reversible. The arithmetic expression for a column blending transformation is: s ' (x) = A (x) s (x), where S (x) represents the column polynomial of the state.
 4, Wheel key Add transform AddRoundKey ()
In this operation, the wheel key is simply different or into the state, the wheel key is derived from the key table, its length is equal to the length of the data block NB.
AES algorithm flow for the sender, it first creates an AES private key and encrypts the private key with a password. The AES key encrypted with the password is then sent over the Internet to the receiving party. The sender decrypts the private key and encrypts the plaintext with this private key, and the ciphertext and encrypted AES keys are sent over the Internet to the receiver. The receiving party then uses the password to decrypt the encryption key to obtain the AES key, and finally decrypts the received ciphertext into plaintext with the decrypted key. Figure 7 is the implementation process for this process.
 Figure 7 AES Algorithm flow
The basic principle and flow of RSA algorithm
RSA is the acronym for the initials of three people who invented the RSA Cryptography system in 1977, they are: Ron Rivest, Adi Shamir and Leonard Adleman. It is the first publickey cryptographic algorithm that has applications in many cryptographic protocols, such as SSL and S/MIME. RSA algorithm is a public key system based on factorization of large prime numbers. In simple terms, it is two large prime numbers, one as the public key and the other as the private key, such as one that encrypts with the other. The key length varies from 40 to 2048 bits, and the longer the key, the better the encryption effect, but the greater the cost of encryption and decryption. The RSA algorithm can be simply described as follows:
Public key: n = pq, (p, q are two different and large prime numbers, p and q must be kept secret)
Multiply (p1) and (q1) to get φ (n)
Choose an integer e (1 <e <φ (n)) and φ (n) are prime
Secret key: d = e1modφ (n), that is, calculate a number d such that it satisfies the formula de = 1 modφ (n)
Encryption: c = mc (mod n)
Decryption: m = cd (mod n), m is plaintext, and c is ciphertext.
RSA algorithm Implementation process
First, the receiver creates the RSA key pair, which is a public key and a private key, the public key is sent to the sender, and the private key is saved to the receiving party. After receiving this public key, the sender encrypts the plaintext with the public key, then transmits the ciphertext to the receiver through the network. After receiving them, the receiver decrypts the ciphertext received with the RSA private key, and finally obtains the plaintext. Figure 8 is the implementation process for the entire process.
 Figure 8 RSA algorithm implementation process
AES and RSA combined data encryption scheme
RSA algorithm is the representative of public key system, and its security is based on the law of composite with large prime factor and its factor decomposition difficulty. Rijndael algorithm as a new generation of advanced encryption standards, the runtime does not require the computer has very high processing power and large memory, the operation can be easily protected against time and space attacks, in different operating environments can always maintain good performance. This makes AES a safe, efficient, performance, convenient, flexible set in one, it should be the preferred network data encryption. Compared with the length of the AES key is only 256 bits, the software and hardware can be used to achieve highspeed processing, and the RSA algorithm needs to be large integer of the exponentiation and modulus, such as multiword word processing, processing speed is significantly slower than aes[5]; so the AES algorithm and decryption processing efficiency is significantly higher than the RSA algorithm. In terms of key management, because the AES algorithm requires the secret allocation of the key before communication, the decrypted private key must be transmitted over the network to the encrypted data receiver, while RSA uses public key encryption, private key decryption (or private key encryption, public key decryption), encryption and decryption process does not need the network to transmit the secret key , so RSA algorithm Key management is obviously superior to AES algorithm.
From the above, because the RSA and decryption slow, not suitable for a large number of data file encryption, so in the network completely with the public password system to transmit confidential information is not necessary, is not very realistic. AES encryption is fast, but how to securely manage the AES key during network transmission is an important step to ensure the security of AES encryption. In this way, if we encrypt the transmitted data using AES symmetric cryptosystem and use the RSA asymmetric cryptosystem to transmit AES key, we can combine the advantages of AES and RSA and avoid their shortcomings to implement a new data encryption scheme. Encryption and decryption implementation process (9).
 Figure 9 AESRSA combined data encryption scheme flow
The process is to first create an RSA key pair by the receiver, and the receiver sends the RSA public key to the sender over the Internet while saving the RSA private key. The sender creates an AES key, encrypts the plaintext data to be transmitted with the AES key, encrypts the AES key with the accepted RSA public key, and finally transmits the AES key encrypted with the RSA public key to the receiver via the Internet with ciphertext. When the receiving party receives the encrypted AES key and ciphertext, it first invokes the RSA private key saved by the receiver and decrypts the encrypted AES key with the private key to obtain the AES key. Finally, the AES key is used to decrypt the text to get the plaintext.
Android End Aes+rsa combined with practical basic requirements
 Ensure the security of transmitted data
 Ensure the integrity of your data
 Ability to verify the identity of the client
Basic process Android Side
1. The server (server) generates its own RSA key pair, and provides an interface for the Android client to obtain the RSA public key (rsaPublicKey)
2. The client generates an AES key (aesKey)
3. The client uses its own AES key (aesKey) to encrypt the request plaintext data (data) converted into json format to obtain the encrypted request data encryptedData
4. The client provides the interface provided by the server to obtain the RSA public key (rsaPublicKey).
5. The client uses the obtained RSA public key (rsaPublicKey) to encrypt the AES key (aesKey) to obtain the encryptedAesKey
6. The client takes encryptedAesKey as the HTTP request header parameter, and transmits the encrypted request data encryptedData as the request body to the server.
Serverside
1. The server responds to the client's http request and reads the http request header. Obtain the encrypted AES key (encryptAesKey) transmitted by the client, read the HTTP request body, and obtain the encrypted request data (encryptData) transmitted by the client.
2. The server uses its own RSA private key (rsaPrivateKey) to perform RSA decryption on the encrypted AES key (encryptAesKey) to obtain the AES key (aesKey).
3. Use the decrypted AES key (aesKey) to perform encrypted AES decryption on the encrypted request data (encryptData) to obtain the decrypted request data (data), which is in json format
4. JSON parse the decrypted request data (data), and then perform related response operations.
Basically as shown in the process:
Because the company code design too much content, it is not good to stick here. You can refer to the following GitHub above the link to learn, I realized the way is also reference to the following code, the specific process or to work with the server personnel together out of the scheme, AES and RSA encryption, attention
Java Version Example
Aes+rsa Doubleencrypted Java example
More references


About the AES256 algorithm Javaside encryption, the iOS side decryption problem can not be decrypted solution
http://my.oschina.net/nicsun/blog/95632


Java uses bouncy Castle for AES128 encryption and decryption (CBC mode PKCS7 padding)
http://blog.csdn.net/aflight/article/details/13626385


Security articleAES/RSA encryption mechanism
Http://www.jianshu.com/p/ec7bb7325ff2


Secure authentication scheme for open interfaces (AES+RSA)
https://wustrive2008.github.io/2015/08/21/%E5%BC%80%E6%94%BE%E6%8E%A5%E5%8F%A3%E7%9A%84%E5%AE%89%E5%85%A8%E9% aa%8c%e8%af%81%e6%96%b9%e6%a1%88 (AES+RSA)/


Java encryption and decryption quick start "including MD5, BASE64, DES, RSA and other algorithms" in the previous article
http://hellonickxu.iteye.com/blog/2103775


Java encryption and decryption quick start "including MD5, BASE64, DES, RSA and other algorithms" next
http://hellonickxu.iteye.com/blog/2103781


"Java" AES Encryption decryption  And the use of Base64
Http://www.cnblogs.com/arix04/archive/2009/10/15/1511839.html


. Net/android/java/ios AES Universal Encryption decryption
Http://www.cnblogs.com/jys509/p/4768120.html


Security articleAES/RSA encryption mechanism
Http://www.jianshu.com/p/ec7bb7325ff2


IOS & JAVA RSA Encryption & Decryption
Http://www.cnblogs.com/makemelike/articles/3802518.html


Doc_rsa_java
Http://cryptojs.altervista.org/publickey/doc/doc_rsa_java.html


Cryptographic algorithm Detailedaes
Http://www.mamicode.com/infodetail514466.html
My Android Advanced tour>android uses the AES+RSA encryption mechanism to encrypt HTTP requests