Symmetric encryption and asymmetric encryption, asymmetric encryption
Safe communication methods must meet the following three conditions:1. Integrity, that is, the message has not been tampered with midway through.2. Confidentiality, which cannot be decrypted by a third party.3. verifiable. The message receiver can determine who sent the message.
Symmetric encryption: The same key used by both parties can be encrypted and decrypted. This encryption method is called symmetric encryption or single-key encryption.
Advantage: fast, symmetric encryption is usually used when the message sender needs to encrypt a large amount of data. The algorithm is public, the computation is small, the encryption speed is fast, and the encryption efficiency is high.
Disadvantage: Before data transmission, the sender and receiver must agree on the key so that both parties can save the key. Second, if one party's key is leaked, the encrypted information will be insecure. In addition, every time users use symmetric encryption algorithms, they need to use a unique secret key that others do not know. This will make the number of keys owned by both parties huge, key management is a burden on both parties.
Common symmetric encryption algorithms include DES and AES.
AES: The key length can be 128, 192, or 256 characters, that is, 16 bytes, 24 bytes, and 32 bytes. DES: The key length is 64-bit and 8 bytes. Use des in c # for encryption and decryption:
/// <Summary> // DES encrypted string /// </summary> /// <param name = "encryptString"> string to be encrypted </param> // /<param name = "encryptKey"> encryption key, the value must be 8-bit </param> /// <returns>. The encrypted string is returned successfully, and the source string </returns> public static string EncryptDES (string encryptString, string key) {try {byte [] rgbKey = Encoding. UTF8.GetBytes (key); byte [] rgbIV = {0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF }; byte [] inputByteArray = Encoding. UTF8.GetBytes (encryptString); DESCryptoServiceProvider dCSP = new DESCryptoServiceProvider (); MemoryStream mStream = new MemoryStream (); CryptoStream cStream = new CryptoStream (mStream, dCSP. createEncryptor (rgbKey, rgbIV), CryptoStreamMode. write); cStream. write (inputByteArray, 0, inputByteArray. length); cStream. flushFinalBlock (); return Convert. toBase64String (mStream. toArray ();} catch {return encryptString ;}} /// <summary> // DES decryption string /// </summary> /// <param name = "decryptString"> string to be decrypted </param> // /<param name = "key"> decrypt the key, required 8-bit </param> /// <returns> </returns> public static string DecryptDES (string decryptString, string key) {try {// default key vector byte [] Keys = {0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF}; byte [] rgbKey = Encoding. UTF8.GetBytes (key); byte [] rgbIV = Keys; byte [] inputByteArray = Convert. fromBase64String (decryptString); DESCryptoServiceProvider DCSP = new DESCryptoServiceProvider (); MemoryStream mStream = new MemoryStream (); CryptoStream cStream = new CryptoStream (mStream, DCSP. createDecryptor (rgbKey, rgbIV), CryptoStreamMode. write); cStream. write (inputByteArray, 0, inputByteArray. length); cStream. flushFinalBlock (); return Encoding. UTF8.GetString (mStream. toArray ();} catch {return decryptString ;}}
Use AES encryption and decryption in c:
/// <Summary> // AES encryption // </summary> /// <param name = "str"> string to be encrypted </param> /// <param name = "aeskey"> the key length can be 128, 192, or 256 bits, that is, 16 bytes, 24 bytes, and 32 bytes </param> // <returns> returns the encrypted String </returns> public static String EncryptAES (String str, string aeskey) {Byte [] keyArray = System. text. UTF8Encoding. UTF8.GetBytes (aeskey); Byte [] toEncryptArray = System. text. UTF8Encoding. UTF8.GetBytes (str); System. security. cryptography. rijndaelManaged rDel = new System. security. cryptography. rijndaelManaged (); rDel. key = keyArray; rDel. mode = System. security. cryptography. cipherMode. ECB; rDel. padding = System. security. cryptography. paddingMode. PKCS7; System. security. cryptography. ICryptoTransform cTransform = rDel. createEncryptor (); Byte [] resultArray = cTransform. transformFinalBlock (toEncryptArray, 0, toEncryptArray. length); return Convert. toBase64String (resultArray, 0, resultArray. length );} /// <summary> // AES decryption // </summary> /// <param name = "str"> string to be decrypted </param> /// <param name = "aeskey"> the key length can be 128, 192, or 256 bits, that is, 16 bytes, 24 bytes, and 32 bytes </param> // <returns> returns the decrypted String </returns> public static String DecryptAES (String str, string aeskey) {Byte [] keyArray = System. text. UTF8Encoding. UTF8.GetBytes (aeskey); Byte [] toEncryptArray = Convert. fromBase64String (str); System. security. cryptography. rijndaelManaged rDel = new System. security. cryptography. rijndaelManaged (); rDel. key = keyArray; rDel. mode = System. security. cryptography. cipherMode. ECB; rDel. padding = System. security. cryptography. paddingMode. PKCS7; System. security. cryptography. ICryptoTransform cTransform = rDel. createDecryptor (); Byte [] resultArray = cTransform. transformFinalBlock (toEncryptArray, 0, toEncryptArray. length); return System. text. UTF8Encoding. UTF8.GetString (resultArray );}
Asymmetric encryption: A key is composed of a public key and a private key (many key pairs can be used ). The private key decrypts the public key to encrypt data, and the Public Key decrypts the private key to encrypt and decrypt data (the private key can encrypt and decrypt each other ). Private keys can only be kept by one party and cannot be leaked. The public key can be handed over to any requester. Common asymmetric encryption algorithms have the following Disadvantages: Low Speed. Advantages: using RSA in secure c # for encryption and decryption:
/// <Summary> /// generate the private key and public Key // </summary> public static void CreateKey () {RSACryptoServiceProvider provider = new RSACryptoServiceProvider (); string privateKey = provider. toXmlString (true); // obtain the private key string publicKey = provider. toXmlString (false ); // only obtain the public key} // <summary> // RSA encryption // </summary> // <param name = "publicKey"> Public Key </param> /// <param name = "plainText"> encrypted string </param> /// <returns> </returns> public static string RSAEncrypt (string publicKey, string plainText) {RSACryptoServiceProvider provider = new RSACryptoServiceProvider (); provider. fromXmlString (publicKey); // uses the public key to initialize the object byte [] plainData = Encoding. default. getBytes (plainText); byte [] encryptedData = provider. encrypt (plainData, true); return Convert. toBase64String (encryptedData );} /// <summary> // RSA decryption /// </summary> /// <param name = "privateKey"> Private Key </param> /// <param name = "encryptedText"> decryption string </param> // <returns> </returns> public static string RSADecrypt (string privateKey, string encryptedText) {RSACryptoServiceProvider provider = new RSACryptoServiceProvider (); provider. fromXmlString (privateKey); // use the public/private key pair to initialize the object byte [] encryptedData = Convert. fromBase64String (encryptedText); byte [] plainData = provider. decrypt (encryptedData, true); string plainText = Encoding. default. getString (plainData); return plainText ;}
Message Digest (hash): An information Digest (encrypted Message-Digest) is generated for a Message to prevent tampering. It is irreversible to encrypt the same string multiple times. Common algorithms: md5
// Md5 32-bit hash encryption private static string GetMD5 (string str) {if (string. isNullOrEmpty (str) return str; try {var sb = new StringBuilder (32); var md5 = System. security. cryptography. MD5.Create (); var output = md5.ComputeHash (Encoding. UTF8.GetBytes (str); for (int I = 0; I <output. length; I ++) sb. append (output [I]. toString ("X "). padLeft (2, '0'); return sb. toString () ;}catch (Exception) {return null ;}}
Digital Signature:
1. Perform digest operations such as md5 on the specified message value to obtain the message digest. 2. Use the sender's private key to encrypt the message digest (not encrypt the message itself). 3. The receiver uses the sender's public key for decryption and calculates the hash value. To determine whether messages are consistent. Note: If the parameter is intercepted, the message itself is still visible.
Hybrid use (asymmetric encryption + digital signature ):First, both the receiver and the sender have a pair of keys. Sender: 1. Perform digest operations such as md5 on the message to obtain the message digest. 2. Use the sender's private key to encrypt the message digest,
This process is also called signature.. (Ensure that the recipient can confirm his identity) 3. use the public key of the receiver to encrypt the message (ensuring that the message can only be decrypted by the expected receiver. receiver for sending messages and message Summary: 1. use the public key to decrypt the message digest (confirm who sent the message) and obtain the original message digest. use your own private key to decrypt the message (securely obtain the message content) 3. hash messages to obtain the summary of local messages. 4. Compare the original message digest with the local Message Digest (
Signature Verification) To confirm whether the message is tampered. Disadvantage: relatively time-consuming. Refer to: Baidu encyclopedia and. NET beauty.