preface
In our daily program development, more or less we will encounter some encryption/decryption scenarios, for example, in the process of some interface calls, we (Client) not only need to pass to the interface service (Server) necessary business parameters, The Signature must also be provided for Server verification. Was there tampering?) ; The response result returned by the Server to the Client also contains Signature for verification. This blog will be from the Java programmer’s point of view, popular understanding of encryption, decryption those things!
Understand the terms: unidirectional, symmetric, asymmetric
Assume that the client needs to send a message “Hello World” to the server
One-way encryption
One-way encryption means that the client encrypts the message “Hello World” without the server’s participation, that is, encryption does not depend on the server. Also, the server does not rely on the client to decrypt the received message into “Hello World”.
For example, we know that MD5 is a one-way encryption algorithm, is an irreversible algorithm.
Symmetric encryption
The client needs to rely on the server to encrypt messages. The two parties can decrypt each other.
Asymmetric encryption
The client needs to rely on the server to encrypt messages, but the two parties cannot decrypt each other.
Base64 encoding is indispensable
Let’s start with some code:
It is important to note that BASE64Encoder and BASE64Decoder are not official JDK implementation classes. If you need to use them, you will need to import the Sun.misc package.
BASE64 is not strictly an encryption algorithm, but an encoding format. To put it bluntly, the purpose of BASE64 is to convert information that can be recognized by the human eye into data that cannot be recognized by the human eye. It is not to encrypt data, but to change the data into a new dress. (Fool your eyes, don’t fool the program)
The larger the raw data, the larger the results BASE64 generates, which is an additional point of concern.
The BASE64 result always consists of 64 characters.
Because of the encoding characteristics of BASE64, it can be used in some scenarios. For example, some websites will encode the binary stream of pictures into BASE64 and pass it to the client. For example, some mail servers encode mail attachments directly into BASE64 and send them along with the mail content. For example, if Chinese characters need to be transmitted in the URL, Chinese characters can be encoded in BASE64 first to avoid garbled characters in the transmission process.
Use MD5 widely
MD5, or Message Digest, version 5. For example, in the process of interaction with wechat Pay and Alipay payment interface, you can choose MD5 algorithm to encrypt.
Let’s start with some code:
MD5 cracking?
As mentioned above, MD5 is an irreversible algorithm, but why is it cracked? In fact, the so-called crack, not really crack, but is a collision of big data query. For example, if a server stores a large number of keys and their MD5 encoded information, the data can be compared.
So how do we prevent brute force cracking in the real world?
Answer: Perform secondary encryption.
For example, when the client invokes the server interface, the server assigns a Token to the client. Each time the client invokes the server interface, the Token and service parameters need to be encrypted by MD5. In fact, this is called a “salt” process.
Analysis of some characteristics of MD5
First, we know that BASE64 results in a larger length after encoding with the increase of the original data, while the length value of MD5 results is fixed, that is, 32 bits. So MD5 is very compressible.
Second, calculating MD5 from the original data is a quick and easy process that is not reversible.
Third, it is very difficult to find two different data sets whose computed MD5 is consistent. This is the weak collision of MD5, which means that it is very difficult to fake data.
Fourthly, any modification of the original data, even if only one byte of data is changed, will lead to a great change in THE MD5 value, indicating that MD5 is very resistant to modification and suitable for password, service data verification, file comparison, etc.
Understand the SHA
SHA is a Security Hash Algorithm. For example, when our program is developed, only the people we want to distribute it can use it. What should we do? At this point, consider using the SHA algorithm. SHA is a more secure encryption algorithm than MD5, and is widely used in the field of digital signature.
Well, here, a preliminary introduction and we JAVA programmers about some encryption knowledge, focusing on BASE64 and MD5, encryption algorithm water is too deep, welcome everyone to take a brick advice, ^_^