Shulou(Shulou.com)05/31 Report--

Today, I would like to share with you what are the relevant knowledge points of the encryption algorithms commonly used in web, which are detailed in content and clear in logic. I believe most people still know too much about this, so share this article for your reference. I hope you can get something after reading this article.

The encryption algorithm as a whole can be divided into reversible encryption and irreversible encryption, and reversible encryption can be divided into symmetric encryption and asymmetric encryption.

1. Irreversible encryption

The common irreversible encryption algorithms are MD5,HMAC,SHA1, SHA-224, SHA-256, SHA-384, and SHA-512, among which SHA-224, SHA-256, SHA-384, and SHA-512 can be called SHA2 encryption algorithm. The security of SHA encryption algorithm is higher than that of MD5, while SHA2 encryption algorithm is higher than that of SHA1. The number after SHA represents the length of the encrypted string, and SHA1 produces a 160-bit summary of information by default.

The most important feature of irreversible encryption algorithm is the key, but HMAC requires a key [manual dog head].

Because these encryption are irreversible, the more common scenario is user password encryption, and the authentication process is to confirm the identity by comparing whether the two encrypted strings are the same. There are also many websites on the Internet that claim to be able to crack MD5 passwords, and its principle is the same, that is, there is a huge resource library, which stores a lot of strings and corresponding MD5 encrypted strings, through the MD5 encrypted strings you enter to compare, if your password complexity is relatively low, there is still a good chance of verification.

1.1 MD5

MD5 message digest algorithm (English: MD5 Message-Digest Algorithm), a widely used cryptographic hash function, can produce a 128bit (16-byte) hash value (hash value) to ensure complete and consistent transmission of information.

MD5 algorithm has the following characteristics:

1. Compressibility: no matter what the data length is, the calculated MD5 value is the same length.

2. Easy to calculate: MD5 value can be easily calculated from the original data.

3. Anti-modification: even if you modify one byte, the calculated MD5 value will be very different.

4, anti-collision: know the data and MD5 value, very little probability to find the same MD5 value of the same original data.

Public static String md5 (String text) {MessageDigest messageDigest = null; try {messageDigest = MessageDigest.getInstance ("MD5");} catch (NoSuchAlgorithmException e) {e.printStackTrace ();} byte [] bytes = messageDigest.digest (text.getBytes ()); return Hex.encodeHexString (bytes);}

1.2 SHA Seri

Secure hash algorithm (English: Secure Hash Algorithm, abbreviated as SHA) is a family of cryptographic hash functions and is a secure hash algorithm certified by FIPS. An algorithm that can calculate a fixed-length string corresponding to a digital message (also known as message digest). And if the messages entered are different, there is a high chance that they will correspond to different strings.

At the end of the CRYPTO meeting on August 17, 2005, Wang Xiaoyun, Yao Qizhi and Yao Chufeng once again published a more efficient SHA-1 attack method, which can find collisions within the computational complexity of 2 to the power of 63.

In other words, SHA-1 encryption algorithm has the possibility of collision, although it is very small.

Public static String sha256 (String text) {MessageDigest messageDigest = null; try {messageDigest = MessageDigest.getInstance ("SHA-256");} catch (NoSuchAlgorithmException e) {e.printStackTrace ();} byte [] bytes = messageDigest.digest (text.getBytes ()); return Hex.encodeHexString (bytes);}

1.3 HMAC series

HMAC is the abbreviation of key-related hash operation message authentication code (Hash-based Message Authentication Code). A method of message authentication based on Hash function and key was proposed by H. Krawezyk, M. Bellaresee R. Canetti in 1996. It was published as RFC2104 in 1997, and has been widely used in IPSec and other network protocols (such as SSL). Now it has become a de facto Internet security standard. It can be bundled with any iterative hash function.

The HMAC algorithm is more like an encryption algorithm, which introduces a key, and its security does not depend entirely on the Hash algorithm used.

Public static String hmacSha256 (String text, SecretKeySpec sk) {Mac mac = null; try {mac = Mac.getInstance ("HmacSHA256");} catch (NoSuchAlgorithmException e) {e.printStackTrace ();} try {mac.init (sk);} catch (InvalidKeyException e) {e.printStackTrace ();} byte [] rawHmac = mac.doFinal (text.getBytes ()) Return new String (Base64.encodeBase64 (rawHmac))

If you want to use irreversible encryption, it is recommended to use SHA256, SHA384, SHA512 and HMAC-SHA256, HMAC-SHA384, HMAC-SHA512 algorithms.

Second, symmetric encryption algorithm

Symmetric encryption algorithm is an early algorithm, which uses the same key in data encryption and decryption, which leads to the difficulty of key management. Common symmetric encryption algorithms are DES, 3DES, AES128, AES192, AES256 (the default installation of JDK does not support AES256, you need to install the corresponding jce patch to upgrade jce1.7,jce1.8). The number after AES represents the key length. The security of symmetric encryption algorithm is relatively low, and the more suitable scenario is encryption and decryption in the intranet environment.

2.1 DES

DES is a typical algorithm in the field of symmetric encryption algorithms, and its default key length is 56 bits.

/ encrypt public static String encrypt (byte [] dataSource, String password) {try {SecureRandom random = new SecureRandom (); DESKeySpec desKeySpec = new DESKeySpec (password.getBytes ()); / / create a key factory and use it to convert DESKeySpec into SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance ("DES"); SecretKey secretKey = secretKeyFactory.generateSecret (desKeySpec) / / the Cipher object actually completes the encryption operation Cipher cipher = Cipher.getInstance ("DES"); / / initializes the Cipher object cipher.init (Cipher.ENCRYPT_MODE, secretKey, random) with the key; / / formally performs the encryption operation return Base64.encodeBase64String (cipher.doFinal (dataSource));} catch (Throwable e) {e.printStackTrace () } return null;} / / decrypt public static String decrypt (String src, String password) throws Exception {/ / DES algorithm requires a trusted random number source SecureRandom random = new SecureRandom (); / / create a DESKeySpec object DESKeySpec desKeySpec = new DESKeySpec (password.getBytes ()); / / create a key factory SecretKeyFactory keyFactory = SecretKeyFactory.getInstance ("DES") / / convert DESKeySpec object to SecretKey object SecretKey secretKey = keyFactory.generateSecret (desKeySpec); / / Cipher object actually completes decryption operation Cipher cipher = Cipher.getInstance ("DES"); / / initialize Cipher object cipher.init (Cipher.DECRYPT_MODE, secretKey, random) with key; / / actually start decryption operation return new String (cipher.doFinal (Base64.decodeBase64 (src);}

2.2 3DES

3DES (that is, Triple DES) is an encryption algorithm for the transition from DES to AES, which uses three 56-bit keys to encrypt data three times. Is a safer variant of DES. It takes DES as the basic module and designs the packet encryption algorithm through the combined grouping method. It is more secure than the original DES,3DES. The key length defaults to 168 bits, and 128 bits can be selected.

Public static String encryptThreeDESECB (String src, String key) {try {DESedeKeySpec dks = new DESedeKeySpec (key.getBytes ("UTF-8")); SecretKeyFactory keyFactory = SecretKeyFactory.getInstance ("DESede"); SecretKey securekey = keyFactory.generateSecret (dks); Cipher cipher = Cipher.getInstance ("DESede/ECB/PKCS5Padding"); cipher.init (Cipher.ENCRYPT_MODE, securekey) Byte [] b = cipher.doFinal (src.getBytes ("UTF-8")); String ss = new String (Base64.encodeBase64 (b)); ss = ss.replaceAll ("\ +", "-"); ss = ss.replaceAll ("/", "_"); return ss;} catch (Exception ex) {ex.printStackTrace (); return src }} public static String decryptThreeDESECB (String src, String key) {try {src = src.replaceAll ("-", "+"); src = src.replaceAll ("_", "/"); byte [] bytesrc = Base64.decodeBase64 (src.getBytes ("UTF-8")); / /-- decrypted key DESedeKeySpec dks = new DESedeKeySpec (key.getBytes ("UTF-8")) SecretKeyFactory keyFactory = SecretKeyFactory.getInstance ("DESede"); SecretKey securekey = keyFactory.generateSecret (dks); / /-- Chipher object decryption Cipher cipher = Cipher.getInstance ("DESede/ECB/PKCS5Padding"); cipher.init (Cipher.DECRYPT_MODE, securekey); byte [] retByte = cipher.doFinal (bytesrc); return new String (retByte, "UTF-8") } catch (Exception ex) {ex.printStackTrace (); return src;}}

2.3 AES

AES advanced data encryption standard, can effectively resist all known attacks against DES algorithm, the default key length is 128bits, but also can choose 192,256bits. By the way, this bit refers to bit.

Private static final String defaultCharset = "UTF-8"; private static final String KEY_AES = "AES"; private static final String KEY_MD5 = "MD5"; private static MessageDigest md5Digest; static {try {md5Digest = MessageDigest.getInstance (KEY_MD5);} catch (NoSuchAlgorithmException e) {}} / * encryption * / public static String encrypt (String data, String key) {return doAES (data, key, Cipher.ENCRYPT_MODE) } / * decryption * / public static String decrypt (String data, String key) {return doAES (data, key, Cipher.DECRYPT_MODE);} / * * encryption and decryption * / private static String doAES (String data, String key, int mode) {try {boolean encrypt = mode = = Cipher.ENCRYPT_MODE; byte [] content; if (encrypt) {content = data.getBytes (defaultCharset) } else {content = Base64.decodeBase64 (data.getBytes ());} SecretKeySpec keySpec = new SecretKeySpec (md5Digest.digest (key.getBytes (defaultCharset)), KEY_AES); Cipher cipher = Cipher.getInstance (KEY_AES); / / create codec cipher.init (mode, keySpec) / / initialize byte [] result = cipher.doFinal (content); if (encrypt) {return new String (Base64.encodeBase64 (result));} else {return new String (result, defaultCharset);}} catch (Exception e) {} return null;}

Symmetric encryption algorithms are recommended: AES128, AES192, AES256.

Third, asymmetric encryption algorithm

The asymmetric encryption algorithm has two keys, which are completely different but completely match. Only by using a matching pair of public and private keys can the process of encrypting and decrypting plaintext be completed. Common asymmetric encryption includes RSA, SM2 and so on.

3.1 RSA

RSA keys are at least 500 bits long, and 1024 bits are generally recommended.

/ / asymmetric key algorithm public static final String KEY_ALGORITHM = "RSA"; / * key length, the default key length of DH algorithm is 1024 * key length must be a multiple of 64, between 512 and 65536 bits * / private static final int KEY_SIZE = 1024; / / public key private static final String PUBLIC_KEY = "RSAPublicKey"; / / private key private static final String PRIVATE_KEY = "RSAPrivateKey" / * initialize key pair * * @ Map of Party A's key * / public static Map initKey () throws Exception {/ / instantiate key generator KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance (KEY_ALGORITHM); / / initialize key generator keyPairGenerator.initialize (KEY_SIZE); / / generate key pair KeyPair keyPair = keyPairGenerator.generateKeyPair () / / Party A's public key RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic (); / / Party A's private key RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate (); / / store the key in map Map keyMap = new HashMap (); keyMap.put (PUBLIC_KEY, publicKey); keyMap.put (PRIVATE_KEY, privateKey); return keyMap } / * * Private key encryption * * @ param data data to be encrypted * @ param key key * @ return byte [] encrypted data * / public static byte [] encryptByPrivateKey (byte [] data, byte [] key) throws Exception {/ / obtain private key PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec (key); KeyFactory keyFactory = KeyFactory.getInstance (KEY_ALGORITHM); / / generate private key PrivateKey privateKey = keyFactory.generatePrivate (pkcs8KeySpec) / / data encryption Cipher cipher = Cipher.getInstance (keyFactory.getAlgorithm ()); cipher.init (Cipher.ENCRYPT_MODE, privateKey); return cipher.doFinal (data) } / * * Public key encryption * @ param data data to be encrypted * @ param key key * @ return byte [] encrypted data * / public static byte [] encryptByPublicKey (byte [] data, byte [] key) throws Exception {/ / instantiate key Factory KeyFactory keyFactory = KeyFactory.getInstance (KEY_ALGORITHM) / / initialize public key / / key material conversion X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec (key); / / generate public key PublicKey pubKey = keyFactory.generatePublic (x509KeySpec); / / data encryption Cipher cipher = Cipher.getInstance (keyFactory.getAlgorithm ()); cipher.init (Cipher.ENCRYPT_MODE, pubKey); return cipher.doFinal (data) } / * * Private key decryption * * @ param data data to be decrypted * @ param key key * @ return byte [] decryption data * / public static byte [] decryptByPrivateKey (byte [] data, byte [] key) throws Exception {/ / obtain private key PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec (key); KeyFactory keyFactory = KeyFactory.getInstance (KEY_ALGORITHM); / / generate private key PrivateKey privateKey = keyFactory.generatePrivate (pkcs8KeySpec) / / data decryption Cipher cipher = Cipher.getInstance (keyFactory.getAlgorithm ()); cipher.init (Cipher.DECRYPT_MODE, privateKey); return cipher.doFinal (data) } / * * Public key decryption * * @ param data data to be decrypted * @ param key key * @ return byte [] decryption data * / public static byte [] decryptByPublicKey (byte [] data, byte [] key) throws Exception {/ / instantiate key Factory KeyFactory keyFactory = KeyFactory.getInstance (KEY_ALGORITHM) / / initialize public key / / key material conversion X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec (key); / / generate public key PublicKey pubKey = keyFactory.generatePublic (x509KeySpec); / / data decryption Cipher cipher = Cipher.getInstance (keyFactory.getAlgorithm ()); cipher.init (Cipher.DECRYPT_MODE, pubKey); return cipher.doFinal (data) } / * get the private key * * @ param keyMap key map * @ return byte [] private key * / public static byte [] getPrivateKey (Map keyMap) {Key key = (Key) keyMap.get (PRIVATE_KEY); return key.getEncoded () } / * get the public key * * @ param keyMap key map * @ return byte [] public key * / public static byte [] getPublicKey (Map keyMap) throws Exception {Key key = (Key) keyMap.get (PUBLIC_KEY); return key.getEncoded ();}

IV. Encrypted salt

Encrypted salt is also a more common concept. Salt is a random string used to concatenate our encrypted string for encryption. The main purpose of adding salt is to provide security for encrypted strings. If there is an encrypted string after adding salt, the hacker uses certain means to encrypt the string, the plaintext he gets is not the string before encryption, but the string combined with salt before encryption, which relatively increases the security of the string.

These are all the contents of this article entitled "what are the encryption algorithms commonly used in web?" Thank you for reading! I believe you will gain a lot after reading this article. The editor will update different knowledge for you every day. If you want to learn more knowledge, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.