Android security encryption: detailed explanation of symmetric encryption
Android security encryption feature article index
All the above contents, such as symmetric encryption, asymmetric encryption, message digest and digital signature, are used as a preparatory knowledge to understand the working principle of digital certificate. Digital certificate is the ultimate weapon in cryptography and the crystallization of wisdom summarized by human history for thousands of years. Only after understanding the working principle of digital certificate can we understand the secure communication mechanism of HTTPS protocol. Finally, it can be handy in the SSL development process.
In addition, symmetric encryption and message digest can be used separately.
Digital certificate uses all the knowledge learned above
Through the study of the above contents, we should be able to master the following knowledge points:
Caesar cipher
1. Introduction
As one of the oldest symmetric encryption systems, Caesar password has been very popular in ancient Rome. His basic idea is to realize encryption and decryption by moving letters by a certain number of digits. All letters in plaintext are shifted backward (or forward) by a fixed number on the alphabet and replaced with ciphertext. For example, when the offset is 3, all letters a will be replaced with D, and B will become e. it can be seen that the number of bits is the key for the encryption and decryption of Caesar's password.
For example, if each character of the string "ABC" is shifted 3 bits to the right, it becomes "def". When decrypting, each character of "def" can be restored by shifting 3 bits to the left, as shown in the following figure:
2. Preparation knowledge
3. Simple code implementation of Caesar password
Code output result:
4. Cracking Caesar Code: frequency analysis method
The encryption strength of Caesar password is too low. It can be cracked only by frequency analysis.
In any written language, the frequency of different letters or letter combinations varies. Moreover, any text written in this language has roughly the same characteristic letter distribution. For example, in English, the letter E appears frequently, while x appears less.
The typical letter distribution in English text is shown in the figure below:
5. Cracking process
Note: when counting the characters with the most occurrences in the ciphertext, it is necessary to count several alternatives, because the characters with the most occurrences may be spaces or other characters. For example, the character '#' with the most occurrences in the figure below is the character after space encryption, and 'H' is the value after 'e' offset.
Try to decrypt more times, because the character with the most times is not necessarily the target character we want. As shown in the figure below, the result of the second decryption is correct.
Symmetric encryption
introduce
Both encryption and decryption use the same secret key. This encryption method is called symmetric encryption, also known as single key encryption. It is simply understood as: encryption and decryption are the same key.
Caesar's password belongs to symmetric encryption, and his character offset is the secret key.
Common algorithms of symmetric encryption
AES, DES, 3DES, TDEA, blowfish, RC2, RC4, RC5, idea, skipjack, etc.
Des: the full name is data encryption standard, that is, data encryption standard. It is a block algorithm using key encryption. It was determined as the federal data processing standard (FIPS) by the National Bureau of standards of the federal government in 1976, and then widely spread internationally.
3DES: also known as triple des, it is the general name of triple data encryption algorithm (TDEA) block cipher. It is equivalent to applying DES encryption algorithm three times to each data block. Due to the enhancement of computer computing power, the key length of the original des password becomes easy to be brutally cracked; 3DES is designed to provide a relatively simple method, that is, by increasing the key length of DES to avoid similar attacks, rather than designing a new block cipher algorithm.
AES: Advanced Encryption Standard (abbreviated as AES), also known as Rijndael encryption method in cryptography, is a block encryption standard adopted by the federal government of the United States. This standard is used to replace the original DES, which has been analyzed by many parties and widely used all over the world. After five years of selection process, the advanced encryption standard was released by the National Institute of standards and Technology (NIST) in FIPS pub 197 on November 26, 2001, and became an effective standard on May 26, 2002. In 2006, advanced encryption standard has become one of the most popular algorithms in symmetric key encryption.
Introduction to DES algorithm
DES encryption principle (compare bit operation, exchange position, XOR, etc., without detailed understanding)
Preparation knowledge
Bit is the smallest transmission unit of the computer. The value of the bit is represented by 0 or 1
For example, the binary data corresponding to number 3 is 00000011
Code example
Difference between byte and bit
Data storage is in the unit of "byte", and data transmission is mostly in the unit of "bit" (also known as "bit"). A bit represents a 0 or 1 (i.e. binary). Every 8 bits (bit, abbreviated as b) form a byte (byte, abbreviated as b), which is the smallest level of information unit.
Byte value range:
That is, between 10000000 and 01111111, one byte occupies 8 bits
Binary to decimal diagram:
Any string can be converted to a byte array
String data = "1234abcd"; byte[] bytes = data.getBytes();// Content: 49 50 51 52 97 98 99 100
Binary data corresponding to the above data 49 50 51 52 97 98 99 100 (i.e. the bit is):
00110001 00110010 00110011 00110100 01100001 01100010 01100011 01100100
Increase their spacing, which can be regarded as a matrix:
After that, you can perform various operations on them, such as switching location, segmentation, XOR operation, etc. common encryption methods operate bits in this way, such as IP replacement and S - @ r in the figure below_ 233_ 2419 @ operations are common encryption methods:
IP replacement:
S-@R_ 233_ 2419 @ replacement:
DES encryption process diagram (the process is very complex, only need to know the internal operation bits):
Symmetric encryption application scenario
DES algorithm code implementation
AES algorithm code implementation
The usage is the same as above. Just change the "des" parameter to "AES".
Use Base64 to encode the encrypted results
Byte [] result = cipher.dofinal ("dark horse". Getbytes()); System.out.println(new String(result));
Output results:
The result of encryption is a byte array. These encrypted bytes cannot find the corresponding characters in the code table (such as UTF-8 code table), and there will be garbled code. When the garbled string is converted into a byte array again, the length will change, resulting in decryption failure, so the converted data is unsafe.
Using Base64 to encode the byte array, any byte can be mapped into the corresponding Base64 character, and then can be restored to the byte array, which is conducive to the preservation of encrypted data in transmission, so the conversion is safe. Similarly, it is safe to convert byte arrays to hexadecimal strings.
Output result after ciphertext is converted into Base64 encoding:
Output result after ciphertext is converted into hexadecimal encoding:
There is no API that directly provides Base64 and byte array to hexadecimal in Java. In development, you usually write your own handwriting or directly use the mature and stable tool classes provided by a third party (such as Apache's commons codec).
Base64 character mapping table
Specific application of symmetric encryption
1. Generate the secret key and save it on the hard disk. Later, read the secret key for encryption and decryption. It is rarely used in actual development
2. Use a custom secret key (the secret key is written in the code)
matters needing attention
There is a certain risk in writing the secret key in the code. When others decompile the code, they may see the secret key. In Android development, it is recommended to write the secret key value into C code with JNI, or even split it into several copies, and finally combine it into a real secret key
Algorithm / working mode / filling mode
When initializing the cipher object, the parameter can be directly passed to the method name: for example:
Cipher c = Cipher.getInstance("DES");
You can also specify more detailed parameters in the format of "algorithm / mode / padding", i.e. "algorithm / working mode / filling mode"
Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding");
Cipher block operating mode
Block cipher mode of operation is an extension of the encryption method of processing passwords by block. It is not only applicable to AES, but also applicable to encryption methods such as DES and RSA.
@H_ 363_ 419@
Fill mode
Padding is a rule that fills the block length according to a certain method when the data length does not meet the block processing requirements for the data to be processed by block.
Specific code:
Note: AES and des require IV parameters in CBC operation mode
summary
Des security is not high enough in modern times. Later, the strength of 3DES algorithm has been greatly improved, but its execution efficiency is low. AES algorithm has high encryption strength, high execution efficiency and simple use. It is recommended to choose AES algorithm in actual development. In actual Android development, symmetric encryption (such as AES algorithm) can be used to solve many problems, such as: