Java and..;
First, let's take a look at Java's support for security.
JDK provides a very powerful set of APIs and general implementation of common algorithms and protocols. It mainly includes four aspects:
1,Encryption and decryptionThis section provides support for common algorithms and their encryption standards, and is embodied in JCA [Java cryptographic architecture] And JCE [Java cryptographic extension]. Through these two components, users can implement their own encryption and decryption algorithms and perform plugging and unplugging In the JVM for flexible use. For example, the industry-renowned bouncycastle implementation is provided through JCE. Note the following: through Java. the custom jar package used for security plugging must be digitally signed; otherwise, the JVM will reject the execution;
2,PKIThis part mainly provides support for the PKI system, for example, X.509 Certificate, crls [certificate revocations lists], OCSP [On-Line Certificate Status Protocol], and LDAP [Lightweight Directory Access Protocol;
3,Secure CommunicationThis part mainly provides support for the underlying secure communication protocol, such as the SSL/TLS layer https, JSSE [Java Secure Socket Extension], jgss [Java generic security services], jsasl [Java simple authentication and security layer] and other components are used for implementation;
4,Authentication and Access ControlThis part implements SSO for multiple authentication mechanisms and permission Control for various resources. The main components include JAAS [Java authentication and authorization Service], policy ......
The specific content of each component can be found on the Java SE Security Homepage .*;
The supported standard algorithms can be found at http://java.sun.com/javase/6/docs/javastes/guides/security/standardnames.html;
. Net's support for security is relatively weak. It does not have such a detailed classification, nor does it provide scalable components such as JCA/JCE, with little support for various standard algorithms; it mainly uses system. security is a namespace to provide support, and the most common ones are:
System. Security. CryptographyThe namespace provides encryption services, including secure data encoding and decoding, and many other operations, such as hash, random number generation, and message authentication.
System. Security. cryptography. x509certificatesThe namespace provides the implementation of the public Language Runtime Library for the Authenticode X.509 V.3 certificate.
Back to the problem we encountered last time ,. in the. NET environment, each time the RSA algorithm is used for encryption, different results are obtained. This is because random numbers are added each time. In fact, the generation of these random numbers follows the algorithm standard, more professional: Random filling algorithms, such as nopadding, padding, oaeppadding, pkcs1padding, pkcs5padding, and ssl3padding ;. the implementation of net uses pkcs1padding, and only this implementation can be used, and the parameter cannot be used to specify the filling algorithm. In addition, rsacryptoserviceprovider is used. keyexchangealgorithm the result is a RSA-PKCS1-KeyEx, because the source code cannot be seen, do not know what the final keyex means?
In contrast, Java is implemented mainly through cipher. getinstance. input parameters are strings describing the operations (or a group of Operations) performed on a given input to generate an output. The name of the encryption algorithm must be included. A feedback mode and filling scheme may be provided later. This implementation is more flexible. We can specify different feedback modes and fill schemes through parameters, such as cipher. getinstance ("RSA/ECB/pkcs1padding"), or cipher. getinstance ("RSA") can be used, but its encryption effect will be different;
Use. in contrast to Java, the keyex should correspond to the feedback mode, however, I use all possible feedback modes in Java: None, CBC, CFB/cfbx, CTR, CTS, ECB, ofB/ofbx, and PCBC, there is still no way to achieve mutual encryption and decryption!
The last time a netizen said. net/C ++ can communicate with each other. This is completely possible. I am not familiar with C ++, but as long as he and. net can communicate with each other using the same encryption rules (including encryption algorithms, feedback modes, and fill schemes). This rule is suitable for all languages;
Although encryption and decryption between the two parties cannot be interconnected, there is no problem with digital signature and verification. You can use the default implementation class. Because digital signature cannot be encrypted using the filling algorithm, in this way, the meaning of the signature to the original data is lost;
In addition, there is a small detail ,. net supports X.509 certificates in V3. JAVA supports V1. (the jks files generated by keytool correspond to V1 ), although I have not found any problems in using the certificate, I think we have not used some details of the certificate;