Encryption, is a special algorithm to change the original information data, so that unauthorized users even obtained encrypted information, but because of the method of decryption, still can not understand the content of the information. Generally divided into two-way encryption and one-way encryption, and two-way encryption is divided into symmetric and asymmetric encryption (some data will be encrypted directly into symmetric and asymmetric encryption).
Bi-directional encryption is the general meaning of plaintext encryption after the formation of ciphertext, can be reduced to clear text through the algorithm. and one-way encryption is only a summary of the information calculation, can not generate clear text through the algorithm, one-way encryption from the strict meaning can not be regarded as a kind of encryption, it should be a summary algorithm.
In specific terms:
The system must be available, not mathematically not decoded.
The system is not necessarily confidential and can easily fall into the enemy's hands.
The key must be able to exchange and memorize without written data, and both sides can change the key.
The system can be used for telecommunications.
The system can transfer the position, its function must not pass through several person's hand only then can achieve.
The system is easy to use, does not require the user's mental overwork or a lot of rules.
One, the main encryption way code provider
JDK: Code in the Jre\lib\jce.jar package in the Java installation directory;
The ORG.APACHE.COMMONS.CODEC provided by Cc:apache Company
Home: http://commons.apache.org/proper/commons-codec/
BC:org.bouncecastle
Home: http://www.bouncycastle.org/java.html
The basic common use of JDK is enough.
Second, Base64 algorithm
1, from the complexity of the current encryption algorithm to see BASE64 this is embarrassed to say that they are encrypted, but for the people who do not understand the computer is enough. The use of BASE64 encoding is not readable, that is, the encoded data will not be directly visible to the human eye.
BASE64 encoding is typically used for URL processing, or anything that you don't want the average person to know at a glance can be Base64 encoded and then posted on the web.
Package com.amuro.strategy.base64;
Import java.util.Base64;
Import Com.amuro.strategy.IStrategy;
The/**
* Base64 algorithm is based on 64 basic characters, and the encrypted string contains only these 64 characters
* @author Amuro * * * */Public
class Base64strategy Implements IStrategy
{public
string encode (String src)
{
byte[] encodebytes = Base64.getencoder () . Encode (Src.getbytes ());
return new String (encodebytes);
}
Public String decode (string src)
{
byte[] decodebytes = Base64.getdecoder (). Decode (Src.getbytes ());
return new String (decodebytes);
}
}
2. BASE64 Encoding Correspondence Relation table
Three, the Message digest algorithm (Messages Digest)
Message Digest (Digest) is also known as a numeric digest (Digital Digest). It is a unique value that corresponds to a fixed length of a message or text, which is generated by a one-way hash cipher function that acts on the message. The anti-conflict nature of the hash function causes a different value to be generated by the hash algorithm if a paragraph of the text changes slightly, even if only one letter of the passage is changed. The one-way nature of the hash algorithm makes it computationally impossible to find two different input messages with the same hash value. So the hash value of the data, the message digest, can verify the integrity of the data.
with vernacular, any piece of data should be the same as the person, the only identification is what the human word is currently fingerprint, and what is the fingerprint of the data? Yes, this is the string that the message digest algorithm produces. For example, when we register the Web site, the client to the server transmission, should be the password we entered the Message digest processing after the content, so that even if the server is breached, hack can not know the user's real password is what. However, it is said that now MD5 and Sha have been breached, the specific people can Google.
1, MD5
Package com.amuro.strategy.message_digest;
Import Java.security.MessageDigest;
Import java.security.NoSuchAlgorithmException;
Import Org.apache.commons.codec.binary.Hex;
Import Com.amuro.strategy.IStrategy;
/**
* Message digest algorithm
* @author Amuro
*/public
class Md5strategy implements IStrategy
{
Public String encode (string src)
{
try
{
MessageDigest MD = messagedigest.getinstance ("MD5");
byte[] encodebytes = Md.digest (Src.getbytes ());
Return hex.encodehexstring (encodebytes);
}
catch (nosuchalgorithmexception e)
{
e.printstacktrace ();
}
return null;
}
Public String decode (string src)
{
throw new RuntimeException ("MD5 no Decode");
}
2. SHA
package com.amuro.strategy.message_digest;
Import Java.security.MessageDigest;
Import java.security.NoSuchAlgorithmException;
Import Org.apache.commons.codec.binary.Hex;
Import Com.amuro.strategy.IStrategy;
/** * Secure Hashing algorithm * @author Amuro * * */public class Shastrategy implements IStrategy {public string encode (string src)
{try {messagedigest MD = messagedigest.getinstance ("SHA");
Md.update (Src.getbytes ());
Return hex.encodehexstring (Md.digest ());
catch (NoSuchAlgorithmException e) {e.printstacktrace ();
return null;
public string decode (string src) {throw new RuntimeException ("SHA no Decode"); }
}
Four, symmetric encryption
uses a cryptographic method of a single key cryptosystem, which can be used as both encryption and decryption of information, a cryptographic method called symmetric encryption, also known as single key encryption. And because both encryption and decryption use the same key, how to safely pass the key to the decryption person's hand is a problem that must be solved. Of course, the advantage of low security is that it has the advantages of small computation, fast encryption and high encryption efficiency.
But the egg, the modern computer for this level of computing has long been care, security is the most important.
1, des
des, known as the "Data encryption Standard", is a block algorithm that uses cryptographic keys to encrypt the code. DES algorithm is the symmetric cipher system in cipher system, also known as the United States data Encryption Standard, is the 1972 United States IBM developed the symmetric cipher system encryption algorithm. The plaintext is grouped by 64 bits, the key is 64 bits long, and the key is in fact 56 bits participating in the DES operation (8th, 16, 24, 32, 40, 48, 56, 64 bits are check bits, so that each key has an odd number of 1) After grouping the plaintext group and the 56-bit key bitwise substitution or Exchange method to form encryption of ciphertext group Method.
Package com.amuro.strategy.des;
Import Javax.crypto.Cipher;
Import Javax.crypto.KeyGenerator;
Import Javax.crypto.SecretKey;
Import Javax.crypto.SecretKeyFactory;
Import Javax.crypto.spec.DESKeySpec;
Import Org.apache.commons.codec.binary.Hex;
Import Com.amuro.strategy.IStrategy;
/** * * * @author Amuro * */public class Desstrategy implements IStrategy {private Cipher Cipher;
Private Secretkey GenerateKey;
Public String encode (string src) {try {keygenerator keygenerator = keygenerator.getinstance ("DES");
Keygenerator.init (//size), Secretkey Secretkey = Keygenerator.generatekey ();
byte[] keybytes = secretkey.getencoded ();
Deskeyspec Deskeyspec = new Deskeyspec (keybytes);
Secretkeyfactory secretkeyfactory = secretkeyfactory.getinstance ("DES");
GenerateKey = Secretkeyfactory.generatesecret (Deskeyspec);
cipher = Cipher.getinstance ("des/ecb/pkcs5padding");
Cipher.init (Cipher.encrypt_mode, GenerateKey); byte[] resultbytes = cipher.dofinal (src.getbytES ());
Return hex.encodehexstring (resultbytes);
catch (Exception e) {e.printstacktrace ();
return null;
public string decode (string src) {try {cipher.init (Cipher.decrypt_mode, GenerateKey);
Byte[] result = Hex.decodehex (Src.tochararray ());
return new String (cipher.dofinal (result));
catch (Exception e) {e.printstacktrace ();
return null; }
}
2, 3des3des, or "Triple des", the Chinese name "Triple Data encryption Algorithm", which is equivalent to the use of three DES encryption algorithm for each block of data. The encryption key length of the original DES cipher becomes easily brute force because of the enhancement of computer computing power; 3DES is designed to provide a relatively simple way to avoid similar attacks by increasing the length of the Des's key, rather than designing a new block cipher algorithm.
Package com.amuro.strategy.des;
Import Javax.crypto.Cipher;
Import Javax.crypto.KeyGenerator;
Import Javax.crypto.SecretKey;
Import Javax.crypto.SecretKeyFactory;
Import Javax.crypto.spec.DESedeKeySpec;
Import Org.apache.commons.codec.binary.Hex;
Import Com.amuro.strategy.IStrategy;
public class _3desstrategy implements IStrategy {private Cipher Cipher;
Private Secretkey GenerateKey;
Public String encode (string src) {try {keygenerator keygenerator = keygenerator.getinstance ("Desede");
Keygenerator.init (//size); Secretkey Secretkey = Keygenerator.generatekey ();
byte[] keybytes = secretkey.getencoded ();
Desedekeyspec Deskeyspec = new Desedekeyspec (keybytes);
Secretkeyfactory secretkeyfactory = secretkeyfactory.getinstance ("Desede");
GenerateKey = Secretkeyfactory.generatesecret (Deskeyspec);
cipher = Cipher.getinstance ("desede/ecb/pkcs5padding");
Cipher.init (Cipher.encrypt_mode, GenerateKey);
byte[] resultbytes = cipher.dofinal (Src.getbytes ()); REturn hex.encodehexstring (resultbytes);
catch (Exception e) {e.printstacktrace ();
return null;
public string decode (string src) {try {cipher.init (Cipher.decrypt_mode, GenerateKey);
Byte[] result = Hex.decodehex (Src.tochararray ());
return new String (cipher.dofinal (result));
catch (Exception e) {e.printstacktrace ();
return null; }
}
3, Aesaes, all known as "Advanced encryption Standard", Chinese name "Advanced Encryption Standard", in cryptography, also known as Rijndael encryption, is the United States federal government used a block encryption standards. AES encryption algorithm as a new generation of data encryption standards converge on strong security, high performance, high efficiency, ease of use and flexible advantages. AES Design has three key lengths: 128,192,256 bits. By contrast, AES's 128 key is 1021 times times stronger than DES's 56 key.
Package com.amuro.strategy.des;
Import Javax.crypto.Cipher;
Import Javax.crypto.KeyGenerator;
Import Javax.crypto.SecretKey;
Import Javax.crypto.spec.SecretKeySpec;
Import Org.apache.commons.codec.binary.Hex;
Import Com.amuro.strategy.IStrategy;
public class Aesstrategy implements IStrategy {private Cipher Cipher;
Private Secretkey GenerateKey;
Public String encode (string src) {try {keygenerator keygenerator = keygenerator.getinstance ("AES");
Keygenerator.init (128);//size Secretkey Secretkey = Keygenerator.generatekey ();
byte[] keybytes = secretkey.getencoded ();
GenerateKey = new Secretkeyspec (keybytes, "AES");
cipher = Cipher.getinstance ("aes/ecb/pkcs5padding");
Cipher.init (Cipher.encrypt_mode, GenerateKey);
byte[] resultbytes = cipher.dofinal (Src.getbytes ());
Return hex.encodehexstring (resultbytes);
catch (Exception e) {e.printstacktrace ();
return null; public string decode (string src) {try {cipher.init (Cipher.decrypt_mode), GenerateKey);
Byte[] result = Hex.decodehex (Src.tochararray ());
return new String (cipher.dofinal (result));
catch (Exception e) {e.printstacktrace ();
return null; }
}
4, PBE
PBE, all known as "Password base Encryption", the Chinese name "based on password Encryption", is a password-based encryption algorithm, which is characterized by the use of a password instead of the key, and password by the user himself in charge, The data security is ensured by using random number hashing and multiple encryption methods. The
PBE algorithm does not have a key concept and treats the password as a key. Because the key length affects the algorithm security, also inconvenient memory, here we directly to our own common password is greatly different, easy to our memory. But the simple password is very easy to be poor by the dictionary method to lift out, so we give the password to add a bit "salt", this salt and password combination, want to crack is difficult. At the same time, we combine the salt and password to build the basic material of the key initialization vector with the message digest algorithm for many times, making deciphering more difficult.
Package com.amuro.strategy.pbe;
Import Java.security.SecureRandom;
Import Javax.crypto.Cipher;
Import Javax.crypto.SecretKey;
Import Javax.crypto.SecretKeyFactory;
Import Javax.crypto.spec.PBEKeySpec;
Import Javax.crypto.spec.PBEParameterSpec;
Import Org.apache.commons.codec.binary.Hex;
Import Com.amuro.strategy.IStrategy; /** * Password based encryption (password), symmetric + message digest * @author Amuro */public class Pbestrategy implements IStrategy {private Cipher
Cipher
Private Secretkey GenerateKey;
Private Pbeparameterspec Pbeparameterspec;
Public String encode (string src) {try {securerandom securerandom = new SecureRandom ();
byte[] Salt = securerandom.generateseed (8);
String password = "Amuro";
Pbekeyspec Pbekeyspec = new Pbekeyspec (Password.tochararray ());
Secretkeyfactory secretkeyfactory = secretkeyfactory.getinstance ("Pbewithmd5anddes");
GenerateKey = Secretkeyfactory.generatesecret (Pbekeyspec);
Pbeparameterspec = new Pbeparameterspec (salt, 100); cipher = cipher.geTinstance ("Pbewithmd5anddes");
Cipher.init (Cipher.encrypt_mode, GenerateKey, Pbeparameterspec);
byte[] resultbytes = cipher.dofinal (Src.getbytes ());
Return hex.encodehexstring (resultbytes);
catch (Exception e) {e.printstacktrace ();
return null;
public string decode (string src) {try {cipher.init (Cipher.decrypt_mode, GenerateKey, Pbeparameterspec);
Byte[] result = Hex.decodehex (Src.tochararray ());
return new String (cipher.dofinal (result));
catch (Exception e) {e.printstacktrace ();
return null; }
}
Five, asymmetric encryption
Asymmetric encryption algorithms require two keys for encryption and decryption, respectively, the public and private keys. It is important to note that this public and private key must be a pair, and if the data is encrypted with the public key, then only the corresponding private key can be used to decrypt it, and vice versa. Because encryption and decryption use two different keys, this algorithm is called an asymmetric encryption algorithm.
1, RSA
In fact, as early as 1978, RSA has appeared, it is the first to both data encryption can also be used for digital signature algorithm. It is easy to understand and operate, but also very popular. The principle is as described in the working process above. The RSA algorithm is based on a very simple number theory fact: it is easy to multiply two large primes, but it is extremely difficult to factor the product, so you can expose the product as the encryption key.
Package com.amuro.strategy.asymmetric;
Import Java.security.KeyFactory;
Import Java.security.KeyPair;
Import Java.security.KeyPairGenerator;
Import Java.security.PrivateKey;
Import Java.security.PublicKey;
Import Java.security.interfaces.RSAPrivateKey;
Import Java.security.interfaces.RSAPublicKey;
Import Java.security.spec.PKCS8EncodedKeySpec;
Import Java.security.spec.X509EncodedKeySpec;
Import Javax.crypto.Cipher;
Import Org.apache.commons.codec.binary.Hex;
Import Com.amuro.strategy.IStrategy;
public class Rsastrategy implements IStrategy {private Rsapublickey rsapublickey;
Private Rsaprivatekey Rsaprivatekey; Public String encode (String src) {try {//Initialize key keypairgenerator Keypairgenerator = Keypairgenerator.getinstance ("
RSA ");
Keypairgenerator.initialize (512);
KeyPair KeyPair = Keypairgenerator.generatekeypair ();
Rsapublickey = (Rsapublickey) keypair.getpublic ();
Rsaprivatekey = (Rsaprivatekey) keypair.getprivate (); Private key encryption public key decryption Pkcs8encodedkeyspec PKCS8EncodedKeySpec = new Pkcs8encodedkeyspec (rsaprivatekey.getencoded ());
Keyfactory keyfactory = keyfactory.getinstance ("RSA");
Privatekey Privatekey = keyfactory.generateprivate (Pkcs8encodedkeyspec);
Cipher Cipher = cipher.getinstance ("RSA");
Cipher.init (Cipher.encrypt_mode, Privatekey);
byte[] resultbytes = cipher.dofinal (Src.getbytes ());
Private key decryption Public key encryption//X509ENCODEDKEYSPEC X509ENCODEDKEYSPEC =//New X509encodedkeyspec (rsapublickey.getencoded ());
Keyfactory keyfactory = keyfactory.getinstance ("RSA");
PublicKey PublicKey = Keyfactory.generatepublic (X509encodedkeyspec);
Cipher Cipher = cipher.getinstance ("RSA");
Cipher.init (Cipher.encrypt_mode, PublicKey);
byte[] resultbytes = cipher.dofinal (Src.getbytes ());
Return hex.encodehexstring (resultbytes);
catch (Exception e) {e.printstacktrace ();
return null; public string decode (string src) {try {//private key Encryption key decryption X509encodedkeyspec X509encodedkeyspec = new x509encoded Keyspec (rsapUblickey.getencoded ());
Keyfactory keyfactory = keyfactory.getinstance ("RSA");
PublicKey PublicKey = Keyfactory.generatepublic (X509encodedkeyspec);
Cipher Cipher = cipher.getinstance ("RSA");
Cipher.init (Cipher.decrypt_mode, PublicKey);
byte[] resultbytes = cipher.dofinal (Hex.decodehex (Src.tochararray ()));
Private key decryption Public key encryption//PKCS8ENCODEDKEYSPEC Pkcs8encodedkeyspec//= new Pkcs8encodedkeyspec (rsaprivatekey.getencoded ());
Keyfactory keyfactory = keyfactory.getinstance ("RSA");
Privatekey Privatekey = keyfactory.generateprivate (Pkcs8encodedkeyspec);
Cipher Cipher = cipher.getinstance ("RSA");
Cipher.init (Cipher.decrypt_mode, Privatekey);
byte[] resultbytes = cipher.dofinal (Hex.decodehex (Src.tochararray ()));
return new String (resultbytes);
catch (Exception e) {e.printstacktrace ();
return null; }
}
The
2, DH algorithm
DH, all known as "Diffie-hellman", is a way to ensure that shared key travels securely through insecure networks, which is often said to be a key agreement. A thought proposed by the founder of the public Key cryptography, Diffie and Hellman. Simply put, two users are allowed to exchange information on public media to generate "consistent", sharable keys. That is, party a produces a pair of key (public, private), party B in accordance with the public key to generate party B key pair (public key, private key). The
is used as a baseline for data transmission confidentiality, while both parties use the same symmetric encryption algorithm to build local keys (Secretkey) to encrypt the information. Thus, after the local key (Secretkey) algorithm is exchanged, both parties expose their public key, encrypt the data using the other's public key and the private key just generated, and can decrypt the data using the other's public key and their private key. Not only is a party b both sides, can be extended to the multi-party sharing of data communications, so that the network interactive data to complete the security communication!
Package com.amuro.strategy.asymmetric;
Import Java.security.KeyFactory;
Import Java.security.KeyPair;
Import Java.security.KeyPairGenerator;
Import Java.security.PrivateKey;
Import Java.security.PublicKey;
Import Java.security.spec.X509EncodedKeySpec;
Import java.util.Objects;
Import Javax.crypto.Cipher;
Import javax.crypto.KeyAgreement;
Import Javax.crypto.SecretKey;
Import Javax.crypto.interfaces.DHPublicKey;
Import Javax.crypto.spec.DHParameterSpec;
Import Org.apache.commons.codec.binary.Hex;
Import Com.amuro.strategy.IStrategy;
public class Dhstrategy implements IStrategy {private Cipher Cipher;
Private Secretkey Receiversecretkey; Public String encode (String src) {try {//Init sender key Keypairgenerator senderkeypairgenerator = Keypairgenerator.geti
Nstance ("DH");
Senderkeypairgenerator.initialize (512);
KeyPair Senderkeypair = Senderkeypairgenerator.generatekeypair ();
Privatekey Senderprivatekey = Senderkeypair.getprivate (); byte[] Senderpublickeybytes = SenderKeypair.getpublic (). getencoded ()//Sender's public key//initialized receiver key, using the sender's public key keyfactory receiverkeyfactory = Keyfactory.getinstance
("DH");
X509encodedkeyspec X509encodedkeyspec = new X509encodedkeyspec (senderpublickeybytes);
PublicKey Receiverpublickey = Receiverkeyfactory.generatepublic (X509encodedkeyspec);
Dhparameterspec Dhparameterspec = ((Dhpublickey) receiverpublickey). Getparams ();
Keypairgenerator receiverkeypairgenerator = keypairgenerator.getinstance ("DH");
Receiverkeypairgenerator.initialize (DHPARAMETERSPEC);
KeyPair Receiverkeypair = Receiverkeypairgenerator.generatekeypair ();
Privatekey Receiverprivatekey = Receiverkeypair.getprivate ();
byte[] receiverpublickeybytes = Receiverkeypair.getpublic (). getencoded ();
Keyagreement receiverkeyagreement = keyagreement.getinstance ("DH");
Receiverkeyagreement.init (Receiverprivatekey);
Receiverkeyagreement.dophase (Receiverpublickey, true);
Receiversecretkey = Receiverkeyagreement.generatesecret ("DES"); The sender gets the publ of the receiverIC key can be done encrypted keyfactory senderkeyfactory = keyfactory.getinstance ("DH");
X509encodedkeyspec = new X509encodedkeyspec (receiverpublickeybytes);
PublicKey Senderpublickey = Senderkeyfactory.generatepublic (X509encodedkeyspec);
Keyagreement senderkeyagreement = keyagreement.getinstance ("DH");
Senderkeyagreement.init (Senderprivatekey);
Senderkeyagreement.dophase (Senderpublickey, true);
Secretkey Sendersecretkey = Senderkeyagreement.generatesecret ("DES");
if (Objects.equals (Receiversecretkey, Sendersecretkey)) {cipher = Cipher.getinstance ("DES");
Cipher.init (Cipher.encrypt_mode, Sendersecretkey);
Byte[] result = Cipher.dofinal (Src.getbytes ());
return hex.encodehexstring (Result);
} catch (Exception e) {e.printstacktrace ();
return null;
public string decode (string src) {try {cipher.init (Cipher.decrypt_mode, Receiversecretkey);
Byte[] result = Hex.decodehex (Src.tochararray ());
return new String (cipher.dofinal (result)); catch (exception e) {e.printstacktrace ();
return null; }
}
Six, digital signature certificate
Asymmetric encryption has been grayed out, but there is another flaw:
Server A publishes its own public key, and my computer is encrypted with Server A's public key and then sent to server A; When Server B hacked into my computer, The public key I used to encrypt was replaced with its public key, so the data I sent out was cracked by the private key of Server B. Is it swollen to prevent the public key from being tampered with?
Yes, we thought of the previous message digest, when server A threw the public key to me, at the same time go to the CA to apply for a digital certificate, in fact, is mainly the public key message digest, with this certificate, when I use public key encryption, I can first verify that the current public key is the server a sent to me.
A RSA is posted here:
Package com.amuro.strategy.signature;
Import Java.security.KeyFactory;
Import Java.security.KeyPair;
Import Java.security.KeyPairGenerator;
Import Java.security.PrivateKey;
Import Java.security.PublicKey;
Import Java.security.Signature;
Import Java.security.interfaces.RSAPrivateKey;
Import Java.security.interfaces.RSAPublicKey;
Import Java.security.spec.PKCS8EncodedKeySpec;
Import Java.security.spec.X509EncodedKeySpec; public class Rsasign {public static Boolean verifysign (String src) {try {keypairgenerator keypairgenerator = Keyp
Airgenerator.getinstance ("RSA");
Keypairgenerator.initialize (512);
KeyPair KeyPair = Keypairgenerator.generatekeypair ();
PublicKey Rsapublickey = (rsapublickey) keypair.getpublic ();
Privatekey Rsaprivatekey = (rsaprivatekey) keypair.getprivate ();
Pkcs8encodedkeyspec Pkcs8encodedkeyspec = new Pkcs8encodedkeyspec (rsaprivatekey.getencoded ());
Keyfactory keyfactory = keyfactory.getinstance ("RSA"); Privatekey Privatekey = Keyfactory.geneRateprivate (PKCS8ENCODEDKEYSPEC);
Signature Signature = signature.getinstance ("Md5withrsa");
Signature.initsign (Privatekey);
Signature.update (Src.getbytes ());
Generate signature bytes byte[] signbytes = Signature.sign ();
X509encodedkeyspec X509encodedkeyspec = new X509encodedkeyspec (rsapublickey.getencoded ());
Keyfactory = Keyfactory.getinstance ("RSA");
PublicKey PublicKey = Keyfactory.generatepublic (X509encodedkeyspec);
Signature = Signature.getinstance ("Md5withrsa");
Signature.initverify (PublicKey);
Signature.update (Src.getbytes ());
Boolean isverified = Signature.verify (signbytes);
return isverified;
catch (Exception e) {e.printstacktrace ();
return false; }
}
With regard to the use of digital signatures and asymmetric encryption algorithms, we also see a great example to share with you:
Alas, bought too many books this month, by the end of the month Jiebukaiguo. Happened to encounter Clark on QQ:
1-2-3: "Clark, I need 2002 gilt silver, can I borrow it?" ”
Clark: "No problem." I'll transfer the money to you. Please give me a promissory note. ”
1-2-3: "Thank you very much, I will write an IOU to you with Word." ”
Then I create a new Word document, write an IOU, and save it. And then, what then? I can't send the IOU directly to Clark because:
1. I cannot guarantee that Clark will not change "gilt silver 2002" to "Gilt silver 20,002" after receiving the IOU.
2. If I don't, Clark cannot prove that the IOU was written by me.
3. Ordinary Word documents cannot be used as evidence of a lawsuit.
Fortunately, I have already applied for digital certificate. I first use my private key to the IOU to encrypt, and then encrypt the ciphertext with QQ sent to Clark. After Clark received the secret of the IOU, download my public key on the website of the digital certificate Authentication center, then use my public key to decrypt the ciphertext, find that it is "borrow gilt silver 2002", and Clark can lend me the silver at ease, and I will not worry that Clark will tamper with my IOU because:
1. Clark was unable to make changes because I sent Clark a cipher. Clark could have modified the decrypted IOU, but Clark did not have my private key to imitate my encryption of the IOU. This is called tamper-proof.
2. With my private key to encrypt the IOU, and only my public key can be decrypted. In turn, the IOU, which can be decrypted with my public key, must be encrypted with my private key, and only I have my private key so that Clark can prove that the IOU was written by me. This is called denial.
3. If I have been relying on not paying back, Clark has sued me in court, and this Word document, encrypted with my private key, can be used as a Cheng. Because China has promulgated the "People's Republic of China electronic signature law", so that digital signature has a legal effect.
You must have noticed that this use of my private key to encrypt the IOU, with tamper-proof, anti-repudiation features, and can be used as Cheng evidence, and I have the IOU for the "signature" effect is the same. Yes, the process of "encrypting an IOU with my private key" is called a digital signature.
This is a summary of the article, put some commonly used Java encryption technology and the core code on this side, the supply needs a friend reference.