What is a digital envelope

Digital envelope is a practical application of public key cryptography, which uses encryption technology to ensure that only the specified recipient can read the content of communication.

In the digital envelope, the message sender using symmetric key to encrypt the information content, and then the symmetric key with the recipient’s public key to encrypt (this part of the digital envelope), put it together with the encrypted information sent to the receiver, receiving Fang Xianyong corresponding private key to open the digital envelope, symmetric key, and then use the symmetric key to encrypt the information. This technique is quite secure. Digital envelope mainly includes digital envelope packaging and digital envelope disassembly. Digital envelope packaging is the process of encrypting the encryption key using the public key of the other party. Only the private key of the other party can restore the encrypted data (communication key). Digital envelope unpacking is the process of decrypting encrypted data using a private key.

Symmetric and asymmetric encryption have their advantages. Symmetric encryption is simple to implement, fast encryption and decryption speed, asymmetric encryption algorithm is firm, easy to realize digital signature, but the encryption and decryption speed is a little slow, so in general, the combination of symmetric encryption and asymmetric encryption can achieve good encryption effect. One typical application is the electronic envelope.

Two, digital envelope advantages

Digital envelope is a kind of technology which combines the advantages of symmetric encryption and asymmetric encryption to secure information transmission. Digital envelopes play the advantages of symmetric encryption algorithm with high speed and good security, and the advantages of asymmetric encryption algorithm with convenient key management.

Three, code implementation

1. Symmetric encryption is implemented. 3DES encryption is used here

3DES (or Triple DES) is a common name for a block password of the Triple Data Encryption Algorithm (TDEA). It is equivalent to applying the DES encryption algorithm three times to each block of data. Due to the enhancement of computer computing power, the key length of the original DES password becomes easy to be cracked by violence; 3DES is designed to provide a relatively simple way to avoid such attacks by increasing the key length of DES, rather than designing a new block cipher algorithm.

Public class DES3Utils {private final static String iv = "01234567"; Private final static String Encoding = "UTF-8 "; private final static String Encoding =" UTF-8 "; /** * 3DES encryption ** @param plainText * @return * @throws Exception */ public static String encode(String) plainText,String secretKey) throws Exception { Key deskey = null; DESedeKeySpec spec = new DESedeKeySpec(secretKey.getBytes()); SecretKeyFactory keyfactory = SecretKeyFactory.getInstance("desede"); deskey = keyfactory.generateSecret(spec); Cipher cipher = Cipher.getInstance("desede/CBC/PKCS5Padding"); IvParameterSpec ips = new IvParameterSpec(iv.getBytes()); cipher.init(Cipher.ENCRYPT_MODE, deskey, ips); byte[] encryptData = cipher.doFinal(plainText.getBytes(encoding)); return Base64.encode(encryptData); } /** * 3DES encrypts ** @param encryptText encryption text * @return * @throws Exception */ public static String decode(String) encryptText,String secretKey) { try { Key deskey = null; DESedeKeySpec spec = new DESedeKeySpec(secretKey.getBytes()); SecretKeyFactory keyfactory = SecretKeyFactory.getInstance("desede"); deskey = keyfactory.generateSecret(spec); Cipher cipher = Cipher.getInstance("desede/CBC/PKCS5Padding"); IvParameterSpec ips = new IvParameterSpec(iv.getBytes()); cipher.init(Cipher.DECRYPT_MODE, deskey, ips); byte[] decryptData = cipher.doFinal(Base64.decode(encryptText)); return new String(decryptData, encoding); }catch (Exception e){ return ""; }}}Copy the code

2. Asymmetric encryption is implemented. RSA encryption is used here

RSA is one of the most widely used public key cryptosystems. It was developed in 1977 by Ron Rivest, Adi Shamir and Leonard Adleman. All three were working at THE Massachusetts Institute of Technology. RSA is the first letter of their surnames.

The security of RSA algorithm is based on the difficulty of RSA problem, which is based on the difficulty of large integer factorization. However, THE RSA problem is not more difficult than the factor decomposition problem, that is, it is possible to solve the RSA problem without solving the factor decomposition problem. Therefore, THE RSA algorithm is not completely based on the difficulty of factor decomposition of large integers.

Public class RSA {private static final String ALGO = "RSA"; private static final String CHARSET = "UTF-8"; Public static Map<Integer, String> KEY_CACHE = new HashMap<>(); /** * Randomly generated key pair ** @throws NoSuchAlgorithmException */ public static void generateKeyPair() throws NoSuchAlgorithmException {// KeyPairGenerator class for generating public and private key pairs, Based on RSA algorithm to generate KeyPairGenerator object keyPairGen = KeyPairGenerator. GetInstance (ALGO); Initialize (1024, new SecureRandom()); // Initialize the keypairgen.initialize (1024, new SecureRandom()); / / generates a key pair, save in the keyPair keyPair keyPair. = keyPairGen generateKeyPair (); // getPrivate key RSAPrivateKey privateKey = (RSAPrivateKey) keypair.getprivate (); RSAPublicKey publicKey = (RSAPublicKey) keypair.getPublic (); String publicKeyString = new String(Base64.getEncoder().encode(publicKey.getEncoded())); String privateKeyString = new String(base64.getencoder ().encode((privatekey.getencoded ()))); // Save the public and private keys to Map key_cache. put(0, publicKeyString); KEY_CACHE.put(1, privateKeyString); } /** * RSA public key encryption ** @param data Encryption string * @param publicKey Public key * @return ciphertext * @throws Exception Exception Information during encryption */ public static  String encrypt(String data, String publicKey) throws Exception {// base64 encoded publicKey byte[] decoded = base64.getdecoder ().decode(publicKey); String publicKey) throws Exception {// base64 encoded publicKey byte[] decoded = base64.getdecoder ().decode(publicKey); RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance(ALGO).generatePublic(new X509EncodedKeySpec(decoded)); // RSA encryption Cipher Cipher = cipher.getinstance (ALGO); // Public key encryption cipher.init(cipher. ENCRYPT_MODE, pubKey); return Base64.getEncoder().encodeToString(cipher.doFinal(data.getBytes(CHARSET))); } /** * RSA privateKey decryption ** @param data encryption string * @param privateKey privateKey * @return inscription * @throws Exception Exception information during decryption */ public static String decrypt(String data, String privateKey) throws Exception { byte[] inputByte = Base64.getDecoder().decode(data.getBytes(CHARSET)); Byte [] decoded = base64.getdecoder ().decode(privateKey); byte[] decoded = base64.getdecoder (). RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance(ALGO).generatePrivate(new PKCS8EncodedKeySpec(decoded)); // Cipher Cipher = cipher.getinstance (ALGO); // Decrypt cipher.init(cipher. DECRYPT_MODE, priKey); return new String(cipher.doFinal(inputByte)); }}Copy the code

3. The test

/ / = = = = = = = = = = = = = = = = = data transmission encryption = = = = = = = = = = = = = = = = = = = = = = / / the first step: get a String of data to be encrypted data = "{dano: 1256, eugo: 6521}"; String miyao = generateString(28); // Step 2: Generate symmetric encryption key (random generated String) String csData=DES3Utils. Encode (data, miyao); GenerateKeyPair (); // Step 4: Encrypt the symmetric key using the RSA public key. String csKey=RSA.encrypt(miyao, KEY_CACHE.get(0)); ToMap =new HashMap<>(16); toMap=new HashMap<>(16); toMap.put("data",csData); toMap.put("key",csKey); / / = = = = = = = = = = = = = = = = = Data receiver decryption = = = = = = = = = = = = = = = = = = = = = = / / step 1: obtain the encrypted Data String Data = toMap. Get (" Data "); String key= tomap.get ("key"); // Step 3: Use the RSA public key to decrypt the symmetric key String jmKey=RSA.decrypt(key, key_cache.get (1)); String jmData= des3utils.decode (Data, jmKey); String jmData= des3utils.decode (Data, jmKey); System.out.println(jmData);Copy the code

END to END