instructions

POM

When using Hutool encryption and decryption, the following dependencies are introduced

<dependency> <groupId>cn. Hutool </groupId> <artifactId>hutool-crypto</artifactId> <version>5.7.15</version> </dependency>Copy the code

Symmetric and asymmetric encryption

Symmetric encryption

The encryption algorithm

  • In the encryption method of single-key cryptosystem, the same key can be used to encrypt and decrypt information at the same time. This encryption method is called symmetric encryption, also called single-key encryption.

  • Common Encryption Algorithms

    • DES(Data Encryption Standard): Data encryption standard is a block algorithm using key encryption. In 1977, it was determined by the National Bureau of Standards of the United States federal government as the Federal Data Processing Standard (FIPS) and authorized to be used in unclassified government communications. Subsequently, the algorithm was widely spread internationally.
    • AES(Advanced Encryption Standard): Advanced encryption standard. Also known as Rijndael in cryptography, it is a block encryption standard adopted by the US federal government. This standard to replace the original DES, has been widely analyzed and used around the world.
  • The characteristics of

    • Fast encryption speed, can encrypt large files
    • Ciphertext reversible, once the key file is leaked, data will be exposed
    • After encryption, the encoding table cannot find the corresponding character, resulting in garbled characters. It is generally used with Base64

Encryption scheme

  • ECB(Electronic codebook): electronic password book. The message to be encrypted is divided into several blocks according to the block size of the block password, and each block is encrypted independently

    • Advantages: Data can be processed in parallel
    • Disadvantages: The same source text generates the same ciphertext, which cannot protect data well
    • At the same time, the original text is the same, and the encrypted ciphertext is the same
  • CBC(Cipher-block chaining): Password block link. Each plaintext block is xor with the previous ciphertext block and then encrypted. Each ciphertext block depends on all plaintext blocks in front of it

    • Advantages: The ciphertext generated in the same original text is different
    • Disadvantages: Serial processing of data

Fill mode

When the data needs to be processed by block and the data length does not meet the requirements of block processing, fill the block length in a certain way according to the rule

  • NoPadding don’t fill

    • inDESUnder the encryption algorithm, the text length must be8byteThe integer times of
    • inAESUnder the encryption algorithm, the text length must be16byteThe integer times of
  • PKCS5Padding

    • The size of the data block is 8 bits

Tips: By default, the encryption mode and fill mode are: ECB/PKCS5Padding. If you use CBC mode, you need to add parameters to initialize vector IV

DESwithAESThe sample code

public class SymmetricCryptoTest { @Test public void des() { String text = "HelloWorld"; // key: In DES mode, the key must be an 8-bit String key = "12345678"; // iv: offset, not required in ECB mode, must be 8 bits in CBC mode String iv = "12345678"; // DES des = new DES(Mode.ECB, Padding.PKCS5Padding, key.getBytes()); DES des = new DES(Mode.CBC, Padding.PKCS5Padding, key.getBytes(), iv.getBytes()); String encrypt = des.encryptBase64(text); System.out.println(encrypt); String decrypt = des.decryptStr(encrypt); System.out.println(decrypt); } @Test public void aes() { String text = "HelloWorld"; // Key: In AES mode, the key must be a 16-bit String. Key = "1234567812345678"; // iv: offset, not required in ECB mode, must be 16 bits in CBC mode String iv = "1234567812345678"; // AES aes = new AES(Mode.ECB, Padding.PKCS5Padding, key.getBytes()); AES aes = new AES(Mode.CBC, Padding.PKCS5Padding, key.getBytes(), iv.getBytes()); String encrypt = AES.encryptBase64 (text); // Encrypt and Base transcode String encrypt = AES.encryptBase64 (text); System.out.println(encrypt); // Decrypt to a String String decrypt = AES.decryptstr (encrypt); System.out.println(decrypt); }}Copy the code

Asymmetric encryption

Introduction to the

  • Asymmetric encryption algorithm is also called modern encryption algorithm.

  • Asymmetric encryption is the cornerstone of computer communication security, ensuring that encrypted data can not be cracked.

  • Unlike symmetric encryption algorithms, asymmetric encryption algorithms require two keys: a publickey and a privatekey.

    • A public key and a private key are a pair
    • If the public key is used to encrypt data, only the corresponding private key can be used to decrypt the data.
    • If the private key is used to encrypt data, only the corresponding public key can be used to decrypt the data.
  • Because encryption and decryption use two different keys, the algorithm is called asymmetric encryption.

  • The characteristics of

    • Encryption and decryption use different keys
    • Data processing is slow because of high security
  • Common algorithms

    • RSA
    • ECC

RSAThe sample

Public class AsymmetricCryptoTest {/** * private key and public key */ private static String privateKey; private static String publicKey; private static String encryptByPublic; / * * * * to generate public/private key / @ BeforeAll public static void genKey () {KeyPair pair. = SecureUtil generateKeyPair (" RSA "); privateKey = Base64.encode(pair.getPrivate().getEncoded()); System.out.println(" privateKey \t" + privateKey); publicKey = Base64.encode(pair.getPublic().getEncoded()); System.out.println(" publicKey \t" + publicKey); } @Test public void test() { String text = "HelloWorld"; // The first parameter is the encryption algorithm, RSA/ECB/PKCS1Padding // The second parameter is the private key (Base64 string) // The third parameter is the public key (Base64 string) RSA RSA = new RSA(AsymmetricAlgorithm.RSA_ECB_PKCS1.getValue(), privateKey, publicKey); String encryptByPublic = rsa.encryptBase64(text, keyType.publicKey); // encryptByPublic = rsa.encryptBase64(text, keytype.publicKey); System.out.println(" public key encrypt \t" + encryptByPublic); String decryptByPrivate = rsa.decryptStr(encryptByPublic, KeyType.PrivateKey); System.out.println(" decrypt "+ decryptByPrivate); String encryptByPrivate = rsa.encryptBase64(text, keyType.privateKey); // encryptByPrivate = rsa.encryptBase64(text, keyType.privateKey); System.out.println(" encryptByPrivate "+ encryptByPrivate); String decryptByPublic = rsa.decryptStr(encryptByPrivate, KeyType.PublicKey); System.out.println(" public key decrypt "+ decryptByPublic); / / assignment here for the next test AsymmetricCryptoTest. EncryptByPublic = encryptByPublic; } /** * Use only the private key to decrypt the ciphertext encrypted with the public key */ @test public void test2() {// Pass in the private key and the corresponding algorithm RSA RSA = new RSA(AsymmetricAlgorithm.RSA_ECB_PKCS1.getValue(), privateKey, null); String Decrypt = RSA.decryptstr (encryptByPublic, keyType.privateKey); System.out.println(decrypt); }}Copy the code

The encryption

Introduction to the

  • Message Digest Is also called a Digital Digest

  • It is a fixed-length value that uniquely corresponds to a message or text and is generated by a one-way Hash encryption function acting on the message

  • Values generated using a digital digest cannot be tampered with to ensure the security of the file or value

  • Features:

    • No matter how long the input message is, the length of the calculated message digest is always fixed. For example,

      • withMD5The algorithm summary message has 128 bits
      • withSHA-1The algorithm digest message ends up being 160 bits
    • As long as the input message is different, the summary message generated after the digest must be different. But the same input must produce the same output

    • Message digests are one-way and irreversible

  • Common algorithms

    • MD5
    • SHA1
    • SHA256
    • SHA512

MD5andSHA-1The sample

public class DigesterTest { @Test public void md5() { String text = "HelloWorld"; Digester md5 = new Digester(DigestAlgorithm.md5); String digestHex = md5.digestHex(text); System.out.println(digestHex); Md5Hex = DigestUtil. Md5Hex (text); DigestUtil String md5Hex = DigestUtil. System.out.println(md5Hex); } @Test public void sha1() { String text = "HelloWorld"; Digester md5 = new Digester(DigestAlgorithm.SHA1); Digester md5 = new Digester(DigestAlgorithm. String digestHex = md5.digestHex(text); System.out.println(digestHex); DigestUtil String md5Hex = DigestUtil. Sha1Hex (text); System.out.println(md5Hex); }}Copy the code