A brief introduction to encryption and decryption

Encryption technology is the most commonly used security means, the use of technical means to turn important data into garbled (encryption) transmission, after arriving at the destination with the same or different means to restore (decryption). Encryption consists of two elements: the algorithm and the key. An algorithm is the process of combining ordinary or understandable information with a string of numbers (keys) to generate incomprehensible ciphertext. A key is an algorithm used to encode and decrypt data. In security and secrecy, the communication security of network can be ensured by appropriate key encryption technology and management mechanism.

The cryptosystem of secret key encryption technology can be divided into symmetric key system and asymmetric key system. Data encryption technology is divided into two types, namely symmetric encryption (private key encryption) and asymmetric encryption (public key encryption). Symmetric Encryption is typically represented by Data Encryption Standard (DES) algorithm, while asymmetric Encryption is usually represented by Rivest Shamir Ad1eman (RSA) algorithm. For symmetric encryption, the encryption key is the same as the decryption key. For asymmetric encryption, the encryption key is different from the decryption key. The encryption key can be made public while the decryption key must be kept secret.

Two, the type of encryption and decryption

Symmetric encryption algorithms include AES, DES, and 3DES

Asymmetric algorithms include RSA, DSA, and ECC

Hash/hash algorithms include MD5 and SHA1

Other common algorithms: Base64

Three, common encryption algorithms

1. Symmetric encryption

Symmetric encryption refers to encryption and decryption using the same secret key, so it is called symmetric encryption. Symmetric encryption has only one secret key, which acts as a private key.

Symmetric encryption used password encoding technology, its characteristic is to use the same secret file encryption and decryption key, namely the encryption keys can also be used as the decryption key, this method in cryptography is called symmetric encryption algorithms, symmetric encryption algorithm is simple and easy to use, the key is shorter, and deciphering difficult, in addition to the data encryption standard (DES), Another symmetric key encryption system is the International Data Encryption Algorithm (IDEA), which is better than DES encryption, and the computer function requirements are not so high. IDEA Encryption standard Is used by the Pretty Good Privacy (PGP) system.

2. Asymmetric encryption

Asymmetric encryption refers to the use of different secret keys for encryption and decryption, one as a public key and the other as a private key. Public key encrypted information, only the private key can decrypt. The private key encrypts information that only the public key can decrypt.

In 1976, Dime and Henman, two American scholars, proposed a new key exchange protocol to solve the problem of information public transmission and key management, which allowed the communication parties on the insecure media to exchange information and securely reach the agreed key, which was called “public key system”. This method is also called “asymmetric encryption algorithm” as opposed to “symmetric encryption algorithm”. Different from symmetric encryption algorithms, asymmetric encryption algorithms require two keys: a publickey and a privatekey. The public key and private key are a pair. If the public key is used to encrypt data, only the corresponding private key can be used to decrypt data. If data is encrypted with a private key, it can only be decrypted with the corresponding public key. Because encryption and decryption use two different keys, the algorithm is called asymmetric encryption.

3. Hash/hash algorithm

A Hash is a Hash algorithm that transforms an input of any length (also known as a pre-mapped pre-image) into a fixed-length output, which is a Hash value. This transformation is a compression mapping, that is, the space of hash values is usually much smaller than the space of input, and different inputs may be hashed into the same output, so it is impossible to determine a unique input value from the hash value. Simply put, it is a function that compresses a message of any length into a message digest of a fixed length.

4. Other common algorithms

Base64 is one of the most common encoding methods for transmitting 8Bit bytecode on the network. Base64 is a method to represent binary data based on 64 printable characters. For details about MIME, see RFC2045 to RFC2049.

Base64 encoding is a process from binary to character that can be used to pass longer identity information in HTTP environments. For example, in Hibernate, the Java Persistence system, Base64 is used to encode a long unique identifier (typically a 128-bit UUID) into a string that is used as a parameter in HTTP forms and HTTP GET urls. In other applications, it is often necessary to encode binary data into a form suitable for placing in urls, including hidden form fields. At this point, Base64 encoding is not readable and can only be read after decoding.

Four, common encryption and decryption algorithm

1. MD5

MD5 is message-digest Algorithm 5 to ensure the consistency of information transmission. It is one of the hashing algorithms widely used in computers. MD5 has been widely implemented in mainstream programming languages. Computing data (such as Chinese characters) into another fixed length value is the basis of the hashing algorithm. The predecessors of MD5 are MD2, MD3 and MD4.

The MD5 algorithm has the following features:

  1. Compressibility: The length of the CALCULATED MD5 value is fixed for any length of data.
  2. Easy to calculate: It is easy to calculate the MD5 value from the raw data.
  3. Modifiability: Any change to the original data, even if it is only 1 byte, will result in a significant difference in the MD5 value.
  4. Strong collision resistance: Given the original data and its MD5 value, it is very difficult to find a data with the same MD5 value (i.e. forged data).

2. SHA

Secure Hash Algorithm (SHA) is used to ensure consistent information transmission. SHA is implemented based on MD5.

FIPS PUB 180 is a national standard published by the American National Institute of Standards and Technology. The latest standard has been updated to FIPS PUB 180-3 in 2008. The one-way hashing algorithms sha-1, SHA-224, SHA-256, SHA-384, and SHA-512 are specified. Sha-1, SHA-224, and SHA-256 are suitable for messages of up to 2^64 bits. Sha-384 and SHA-512 work with messages of up to 2^128 binary bits.

SHA1 has the following features: Information cannot be recovered from the message digest; Two different messages do not produce the same message digest.

3. DES

DES is short for Data Encryption Standard. The DES algorithm is a symmetric cipher system. It is a kind of encryption algorithm developed by IBM. The National Bureau of Standards of the United States published it as a data encryption standard used by non-confidential departments in 1977. For twenty years, it has been active in the stage of international confidential communication, playing a very important role.

DES is a block encryption algorithm that encrypts data in 64 – bit groups. DES is also a symmetric algorithm: encryption and decryption use the same algorithm. Its key length is 56 bits (because each eighth bit is used as a parity check), and the key can be any 56-bit number and can be changed at any time. A very small number of them are considered weak keys, but they are easy to avoid. So confidentiality depends on the key.

Features: Short packet, short key, short password life cycle, slow operation speed.

DES algorithm has high security, so far, in addition to the exhaustive search method to attack DES algorithm, has not found a more effective way. The 56-bit key has 256 exhaustive Spaces, which means that if a computer was running at a speed of one million keys per second, it would take nearly 2,285 years to search the full key.

DES is no longer considered a secure encryption algorithm because the 56-bit key it uses is too short to be cracked in 24 hours with modern computing power. Some analyses have pointed to theoretical weaknesses in the algorithm, though not necessarily practical ones. The standard has recently been replaced by the Advanced Encryption Standard (AES).

Basic principle of DES: DES design uses two principles of block cipher design: confusion and diffusion, its purpose is to counter the enemy’s statistical analysis of the cipher system

4. 3DES

3DES (or Triple DES) is a common name for a block password of the Triple Data Encryption Algorithm (TDEA). It is equivalent to applying the DES encryption algorithm three times to each block of data. Due to the enhancement of computer computing power, the key length of the original DES password becomes easy to be cracked by violence; 3DES is designed to provide a relatively simple way to avoid such attacks by increasing the key length of DES, rather than designing a new block cipher algorithm.

5. AES

Advanced Encryption Standard (AES), also known as Rijndael Encryption, is a block Encryption Standard adopted by the U.S. federal government. This standard to replace the original DES, has been widely analyzed and used around the world. After a five-year selection process, the Advanced Encryption Standard was published by the National Institute of Standards and Technology (NIST) on FIPS PUB 197 on 26 November 2001 and became a valid standard on 26 May 2002. In 2006, advanced Encryption Standard has become one of the most popular algorithms in symmetric key encryption.

The AES block length is fixed at 128 bits, and the key length can be either 128, 192 or 256 bits.

AES encryption mode

Symmetric/block ciphers are generally divided into stream encryption (such as OFB and CFB) and block encryption (such as ECB and CBC). For stream encryption, block ciphers need to work in stream mode. For block encryption (or block encryption), if you want to encrypt data larger than the block size, you need to involve the fill and chain encryption modes.

ECB(Electronic Code Book) mode

The ECB mode is the earliest and simplest. It divides the encrypted data into groups of the same size as the length of the encryption key, and then encrypts each group with the same key.

Advantages:

  • simple
  • In favor of parallel computing
  • Errors are not transmitted

Disadvantages:

  • Plaintext patterns cannot be hidden
  • Possible active attack on plaintext

Therefore, this pattern is suitable for encrypting small messages.

Cipher Block Chaining (CBC) mode

Advantages:

  • It is not easy to be attacked and has better security than ECB. It is suitable for transmitting long packets and is the standard of SSL and IPSec.

Disadvantages:

  • Bad for parallel computing
  • Error transfer
  • I need to initialize vector IV

Cipher FeedBack Mode (CFB) Mode

Advantages:

  • Plaintext mode is hidden
  • The block cipher is converted to stream mode
  • Can encrypt and transmit data smaller than packet in time

Disadvantages:

  • Bad for parallel computing
  • Error transfer: a plaintext unit corruption affects multiple units
  • The only IV

OFB(Output FeedBack) mode

Advantages:

  • Plaintext mode is hidden
  • The block cipher is converted to stream mode
  • Can encrypt and transmit data smaller than packet in time

Disadvantages:

  • Bad for parallel computing
  • An active attack on plaintext is possible
  • Error transfer: a plaintext unit corruption affects multiple units

6. RSA

The RSA encryption algorithm is an asymmetric encryption algorithm. RSA is widely used in public key encryption standards and electronic commerce. RSA was first proposed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. All three were working at THE Massachusetts Institute of Technology. RSA is the first letter of their surnames.

The reliability of RSA algorithms based on factorization of very large integers is difficult. If someone were to find a fast algorithm for factorization, the reliability of information encrypted with RSA would surely be severely compromised. But the chances of finding such an algorithm are pretty slim. Today only short RSA keys can be broken by brute force. As of 2008, there was no reliable way to attack the RSA algorithm in the world. Messages encrypted with RSA are virtually unbreakable as long as their keys are long enough.

The RSA algorithm uses the product of two very large prime numbers to encrypt. Either of these two prime numbers can be decrypted by multiplying the other prime number to encrypt the file. But it’s very difficult to use one prime number to find another. Therefore, this Pair of primes is called a Key Pair. In encryption applications, a user always discloses a key, so that the sender can encrypt the information with its public key and send it to the user. Once the information is encrypted, only the private key known by the user can be decrypted. The public key of a person with digital credentials can be found on the Internet, and the public key can be sent to the other party when the other party is asked to send information. In this way, the confidentiality and security of information transmitted on the Internet can be ensured.

RSA encryption Principle Usage Mode Signature authentication

Encryption is a very important link in network transmission, which ensures the security of information. It makes it impossible for others to obtain communication information by capturing packets or to invade the system by forging information. RSA encryption is the most commonly used encryption method for information transmission.

RSA Encryption Principle

RSA differs from traditional encryption methods in that it is asymmetric and can be decrypted without directly transferring the key. This ensures the security of the message and avoids the risk of being cracked by passing the key directly.

RSA encryption is as follows:

  1. Party B generates two keys (public key and private key). Public keys are public and available to anyone, while private keys are private.
  2. Party A obtains Party B’s public key and uses it to encrypt the information.
  3. Party B gets the encrypted information and decrypts it with the private key.

Disadvantages of the RSA encryption algorithm

Although RSA encryption algorithm as one of the most outstanding public key scheme, published in more than thirty years of time, has experienced a variety of attacks, gradually accepted by people. However, this is not to say that RSA has no drawbacks. The equivalence between the difficulty of decoding RSA and the difficulty of large number decomposition has not been proved theoretically. Therefore, RSA’s major flaw is that it is impossible to know theoretically how secure it is. In practice, RSA also has some disadvantages:

  • It is very troublesome to generate key, which is restricted by prime number generation technology, so it is difficult to achieve one secret at a time.
  • Because the packet length is too large, n must be at least 600 bits to ensure the security, which makes the operation cost very high, especially the slow speed.

7. ECC

ECC elliptic curve encryption algorithm is a kind of public key encryption system, initially by Koblitz and Miller are put forward in 1985, its mathematical basis is the use of rational points on the elliptic curve Abel additive group the computational difficulty of discrete logarithm.

Compared with classical RSA, DSA and other public key cryptosystems, elliptic cryptosystem has the following advantages:

  • High security: Some studies show that the 160-bit elliptic key is as secure as the 1024-bit RSA key
  • High processing speed: The ECC algorithm is faster than RSA and DSA in encrypting and decrypting private keys
  • The storage space is small
  • Low bandwidth requirements

8. DSA

Dsa-digital Signature Algorithm is a variant of Schnorr and ElGamal Signature algorithms. It is regarded by NIST as DigitalSignature Standard (DSS). Simply put, this is a more advanced form of authentication, used as a digital signature. Not only public and private keys, but also digital signatures. The private key encryption generates the digital signature, and the public key validates the data and signature. If the data and signature do not match, the authentication is considered failed! The function of digital signature is to verify that data is not modified during transmission. Digital signature is a one-way encryption upgrade!

9. Base64

Base64 is one of the most common encoding methods for transmitting 8Bit bytecode on the network. Base64 is a method to represent binary data based on 64 printable characters. For details about MIME, see RFC2045 to RFC2049.

Base64 encoding is a process from binary to character that can be used to pass longer identity information in HTTP environments. For example, in Hibernate, the Java Persistence system, Base64 is used to encode a long unique identifier (typically a 128-bit UUID) into a string that is used as a parameter in HTTP forms and HTTP GET urls. In other applications, it is often necessary to encode binary data into a form suitable for placing in urls, including hidden form fields. At this point, Base64 encoding is not readable and can only be read after decoding.

Five, the summary

  1. Symmetric encryption Encryption and decryption use the same key, so the encryption speed is fast. However, because the key needs to be transmitted over the network, the security is not high.
  2. Asymmetric encryption uses a pair of keys, a public key and a private key, so it has high security but slow encryption and decryption speed.
  3. The solution is to encrypt the symmetric encryption key with the asymmetric encryption public key, and then send it. The receiver uses the private key to decrypt the symmetric encryption key, and then the two parties can use the symmetric encryption to communicate.

\