Shulou(Shulou.com)06/03 Report--

What is the working mode of Java symmetric encryption? many novices are not very clear about it. In order to help you solve this problem, the following editor will explain it in detail. People with this need can come and learn. I hope you can get something.

Symmetric encryption is divided into block encryption and sequence cipher.

Block ciphers, also known as block encryption (block cyphers), encrypt one block of plaintext at a time. The plaintext is grouped according to a certain bit length, the plaintext group is encrypted to get the ciphertext group, and the ciphertext group is restored to the plaintext group after decryption operation (the inverse operation of the encryption operation).

Sequence ciphers, also known as stream encryption (stream cyphers), encrypt one bit of plaintext at a time. It refers to the use of a small number of keys (chaos-making elements) to generate a large number of pseudo-random bitstreams through some complex operation (cryptographic algorithm), which is used to encrypt the plaintext bitstream.

Decryption refers to the use of the same key and cryptographic algorithm and the same pseudo-random bit stream as encryption to restore the plaintext bit stream.

In block encryption algorithms, there are several algorithm modes such as ECB,CBC,CFB,OFB.

1) ECB (Electronic Code Book) / codebook mode

ECB (electronic cipherbook method) is actually very simple, that is, encrypting or decrypting the data according to a paragraph of section 8ache 16 to get a ciphertext or plaintext of 16 bytes, the last paragraph is less than 16 bytes, and the calculation is made up of 16 bytes according to the demand, and then the calculated data can be connected in order, and each segment of data does not affect each other.

Advantages:

1. Simple, conducive to parallel computing, errors will not be transmitted

Disadvantages:

1. Plaintext patterns cannot be hidden

two。 It is possible to actively attack plaintext.

2) CBC (Cipher Block Chaining) / ciphertext grouping link method

The implementation mechanism of CBC (ciphertext grouping link mode) makes the encrypted data have a connection. The mechanism of its implementation is as follows:

The encryption steps are as follows:

1) first, the data is grouped according to a group of 8 PADDING 16 bytes to get the D1D2.Dn (if the data is not an integer multiple of 8, the specified data is padded)

2) the first set of ciphertext C1 is obtained by encrypting the result of XOR between the first set of data D1 and the initialization vector I.

3) the second group of data D2 is encrypted with the encryption result C1 of the first group, and the second group of ciphertext C2 is obtained.

4) the data after that, and so on, get the Cn

5) the encryption result is obtained by connecting C1C2C3.Cn sequentially.

Decryption is the reverse process of encryption. The steps are as follows:

1) first, the data are grouped according to a group of 8 stroke 16 bytes to get the C1C2C3.Cn.

2) the first set of data is decrypted and XOR with the initialization vector I to get the first set of plaintext D1 (note: it must be decrypted first and then XOR)

3) the second group of data C2 is decrypted and XOR with the first group of ciphertext data to get the second group of data D2.

4) and so on, to get Dn

5) the decryption result is obtained if the D1D2D3.Dn is connected sequentially.

Note here that the result of decryption is not necessarily our original encrypted data, it may also contain your bit, be sure to remove the bit is your original data.

Advantages:

1. It is not easy to attack actively, and its security is better than ECB. It is suitable for messages with long transmission length. It is the standard of SSL and IPSec.

Disadvantages:

1. Both sender and receiver need to know the initialization vector IV2. The encryption process is serial and cannot be parallelized (in decryption, a plain text block can be obtained from two adjacent ciphertext blocks. Therefore, the decryption process can be parallelized)

3. Error transmission

3) Cipher Feedback (CFB) / ciphertext feedback mode

Ciphertext feedback (CFB,Cipher feedback) mode is similar to CBC, which can change block passwords into self-synchronized stream ciphers. The working process is also very similar. The decryption process of CFB is almost the encryption process of CBC upside down:

You need to use a shift register of the same size as the block and initialize the register with IV. Then, the contents of the register are encrypted with a block password, and then the highest x bit of the result is XOR with the x of the plain text to produce the x bit of the ciphertext. The next step is to move the generated x-bit ciphertext into the register and repeat this process for the following x-bit plain text. The decryption process is similar to the encryption process, starting with IV, encrypting the register, XOR the high x of the result with the ciphertext, generating x-bit plain text, and then shifting the lower x of the ciphertext into the register.

Similar to CBC, changes to plain text affect all subsequent ciphertext, so the encryption process cannot be parallelized; similarly, like CBC, the decryption process can be parallelized.

Advantages:

1. Hides the plaintext mode

two。 Convert block cipher to stream mode

3. It can encrypt and transmit data smaller than packets in time.

Disadvantages:

1. Not conducive to parallel computing

two。 Error transmission: damage to one plaintext unit affects multiple units

3. The only IV

4) Output Feedback (OFB) / output feedback mode

The output feedback mode (Output feedback, OFB) can change the block password into a synchronous stream password. It generates the block of the key stream, and then XOR it with the plain text block to get the ciphertext. Like other stream ciphers, the flipping of a bit in the ciphertext will flip the bits in the same position in the plain text. This feature enables many error correction codes, such as parity bits, to get correct results even if calculated before encryption and checked after encryption.

Each output block that uses OFB is related to all the output blocks preceding it, so it cannot be parallelized. However, because plain text and ciphertext are only used in the final XOR process, IV can be encrypted in advance, and finally parallel XOR processing of plain text or ciphertext can be carried out.

The CBC mode with all-zero input can be used to generate the key stream of OFB mode. This approach is useful because the fast CBC hardware implementation can be used to speed up the encryption process in OFB mode.

Advantages:

1. Hides the plaintext mode

two。 Convert block cipher to stream mode

3. It can encrypt and transmit data smaller than packets in time.

Disadvantages:

1. Not conducive to parallel computing

two。 It is possible to attack plaintext actively.

3. Error transmission: damage to one plaintext unit affects multiple units

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.