Java encryption and decryption basic classification and pattern induction collation

Java Encryption and decryption basis:

Cryptography is a technical science that studies the preparation and breaking of codes. Coding science refers to the study of the objective laws of password changes and the application to the preparation of passwords to protect communication secrets; Cryptography is applied to breaking codes to obtain communications information.

A common term in cryptography

Plaintext: Data to be encrypted.

Ciphertext: Plaintext encrypted data.

Encryption: The process of converting plaintext into ciphertext.

Encryption algorithm: A conversion algorithm that converts plaintext into ciphertext.

Encryption key: A key used to encrypt an operation through an encryption algorithm.

Deciphering: The process of converting ciphertext into an inscription.

Decryption algorithm: A conversion algorithm that converts ciphertext into plaintext.

Decryption key: A key used to decrypt a message by decrypting short hair.

Cryptographic classification

1. By time

a. Classical passwords: use characters as the basic encryption unit.

Modern passwords: use blocks of information as the basic encryption unit.

2. Classification according to the algorithm of confidential content

Restricted algorithm: The confidentiality of the algorithm is based on keeping the algorithm secret.

Key - based algorithm: The confidentiality of the algorithm is based on the confidentiality of the key.

3. According to the key system

Symmetric cryptography: Also known as single - or private-key cryptography, the same set of keys is used for encryption and decryption. The corresponding algorithm is symmetric encryption algorithm, such as DES, AES.

Asymmetric cryptography: Also known as double - or public-key cryptography, the encryption process and the decryption process using different keys. The corresponding algorithm is asymmetric encryption algorithm, such as RSA.

4. Categorize by plaintext processing

Stream cipher: Also known as sequence cipher, the plaintext is encrypted one bit or one byte at a time. For example, RC4 algorithm.

Block cipher: when encrypting, the plaintext is divided into fixed-length groups, and the encrypted output of each group with the same key and algorithm is also fixed-length plaintext. When the last group size does not meet the specified group size,

There are two processing modes:

Without filling mode, the remaining data is directly encrypted, and the encrypted size of this group is related to the remaining data;

There is a filling mode for data filling that does not meet the specified length grouping. If the last set of data happens to be the same size as the specified group, then simply add 1 specified

The size of the grouping; The last byte of padding records the number of bytes filled.

A brief introduction to block cipher working mode

1. Electronic password module --ECB

Each group of plaintext is encrypted independently with the same key. In this way, the encryption of each group is independent of each other, so it can be carried out in parallel. Also because each group encrypts independently, the same plaintext packet has the same ciphertext after encryption. It is easy to expose the statistical law and structural characteristics of plaintext grouping. Substitution attacks cannot be prevented.

In fact, the implementation of ECB is just a process of grouping plaintext, encrypting them separately, and finally concatenating them from 1. This pattern is not recommended when message length exceeds 1 group. Adding random bits to each packet (for example, 96 bits in a 128-bit packet are valid plaintext and 32 bits are random Numbers) makes it slightly more secure, but this undoubtedly expands the data during encryption.

Advantages:

1. Simple;

2. Conducive to parallel computing;

3. Errors will not be transmitted;

Disadvantages:

1. The plaintext mode cannot be hidden;

2. May actively attack plaintext;

2. Password block link module --CBC

An initialization vector IV is required. The plaintext of the first group is encrypted after xor operation with the initialization vector. Each subsequent group of plaintext is encrypted after xor operation with the ciphertext of the first group. IV does not need to be secret. It can be transmitted in plaintext and ciphertext 1.

Advantages:

1. It is not easy to attack actively, and its security is better than ECB. It is suitable for transmitting messages with long length, which is the standard of SSL and IPSec.

Disadvantages:

1. Not conducive to parallel computing;

2. Error transfer;

3. Vector IV needs to be initialized

3. Ciphertext feedback mode --CFB

An initialization vector, IV, is required. After encryption, isor operation is performed with the first packet plaintext to generate the first ciphertext. Then, after encryption, isor operation is performed with the second packet plaintext to entrain the second ciphertext.

Advantages:

1. Hide the plaintext mode;

2. Block password is converted to stream mode;

3. Can encrypt and transmit data smaller than packet in time;

Disadvantages:

1. Not conducive to parallel computing;

2. Error transmission: the damage of 1 plaintext unit affects multiple units;

3. IV for only 1;

4. Output feedback mode --OFB

Need an initialization vector IV, after get first encrypted data encryption, the encrypted data with the first group group 1 ciphertext expressly for exclusive or operation, and second the first encrypt the data encryption, get second encrypted data, second encrypted data to group 2 ciphertext expressly to produce 2 of an exclusive or operation group, 1 time and so on, until completion of the encryption.

Advantages:

1. Hide the plaintext mode;

2. Block password is converted to stream mode;

3. Can encrypt and transmit data smaller than packet in time;

Disadvantages:

1. Not conducive to parallel computing;

2. Active attack on plaintext is possible;

3. Error transmission: the damage of 1 plaintext unit affects multiple units;

5. Counter mode --CTR

Using a counter, the initial value of the counter is encrypted and the first set of plaintext is generated by xor operation.
The counter is increased, and then the encrypted text is xor with the next set of plaintext to produce the next set of ciphertext, and so on until the encryption is complete

Advantages:

1. Parallel computation;

2. The security is at least as good as CBC mode 1;

3. Encryption and solution only involve encryption of the cipher algorithm;

Disadvantages:

1. No error propagation, and it is difficult to ensure data integrity;

Introduction to block password padding

PKCS5: The fill string consists of a sequence of bytes with a value of 5, each of which fills in the length of the sequence. The Block size is clearly defined as 8 bits

PKCS7: The fill string consists of a sequence of bytes with a value of 7, each of which fills in the length of the sequence. The size of the block is uncertain and can range from 1 to 255

ISO10126: The fill string consists of a sequence of 1 bytes, the last of which fills the length of the byte sequence, and the remaining bytes fill the random data.

I hope you found this article helpful