SSL安全性与两个节点上的数据是否加密有关。由于SSL执行加密,在互联网上的连接可以实现安全传输。
安全为什么如此必要
现在,我列出几个示例,这些示例可以证明日常传输和交易中加入安全加密的必要性。
1、你不想成为网络钓鱼的受害者
2、确保用户的真实性
3、可以保护敏感信息免遭欺诈
什么是加密
现在,我们来试想一个被装满不同字母的盒子。我们把字母打乱,那么盒子内容将不可读。
加密原理遵循同样的原理。
一般将纯文本或者可读型文本加入干扰,变成不可读的文本或字符,也称为密文。密文只能使用密码密钥破解,可以是私钥或公钥。
私钥仅允许目的收件人将代码破解还原为可读形式。另一侧,公钥是供所有人使用的。对所有人来讲,这已经不是什么大秘密。
加密算法
使用数学算法将纯文本转换为只能密钥解密的字母或符号。
比如一个生物学家,可以尝试将昆虫学和密钥关联。
目前加密算法如以下几种:
1) Two fish
2) Blowfish
3) AES or DES
以及更多内容。
加密类型
加密分为对称加密和不对称加密。我们分别来理解这两个术语。
1)对称加密
对称加密即服务器和客户端都使用相同的密钥来解密信息。如下加密类:
package eds;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Base64;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
public class EncDecSymmetric {
Symmetric encryption algorithms supported - AES,
RC4,
DES protected static String DEFAULT_ENCRYPTION_ALGORITHM = "AES";
protected static int DEFAULT_ENCRYPTION_KEY_LENGTH = 256;
protected SecretKey mSecretKey;
protected String mEncryptionAlgorithm,
mKeyEncryptionAlgorithm,
mTransformation;
protected int mEncryptionKeyLength,
mKeyEncryptionKeyLength;
protected PublicKey mPublicKey;
protected PrivateKey mPrivateKey;
EncDecSymmetric() {
mSecretKey = null;
mEncryptionAlgorithm = EncDecSymmetric.DEFAULT_ENCRYPTION_ALGORITHM;
mEncryptionKeyLength = EncDecSymmetric.DEFAULT_ENCRYPTION_KEY_LENGTH;
}
public static BigInteger keyToNumber(byte byteArray) {
return new BigInteger(1, byteArray);
}
public SecretKey getSecretKey() {
return mSecretKey;
}
public byte getSecretKeyAsByteArray() {
return mSecretKey.getEncoded();
}
public String getEncodedPublicKey() {
String encodedKey = Base64.getEncoder().encodeToString(mPublicKey.getEncoded());
return encodedKey;
}
get base64 encoded version of the key public String getEncodedSecretKey() {
String encodedKey = Base64.getEncoder().encodeToString(mSecretKey.getEncoded());
return encodedKey;
}
public void generateSymmetricKey() {
KeyGenerator generator;
try {
generator = KeyGenerator.getInstance(mEncryptionAlgorithm);
generator.init(mEncryptionKeyLength);
mSecretKey = generator.generateKey();
} catch(NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
public byte encryptText(String textToEncrypt) {
byte byteCipherText = null;
try {
Cipher encCipher = Cipher.getInstance(mEncryptionAlgorithm);
encCipher.init(Cipher.ENCRYPT_MODE, mSecretKey);
byteCipherText = encCipher.doFinal(textToEncrypt.getBytes());
} catch(NoSuchAlgorithmException e) {
e.printStackTrace();
} catch(NoSuchPaddingException e) {
e.printStackTrace();
} catch(InvalidKeyException e) {
e.printStackTrace();
} catch(IllegalBlockSizeException e) {
e.printStackTrace();
} catch(BadPaddingException e) {
e.printStackTrace();
}
return byteCipherText;
}
public String decryptText(byte decryptedKey, byte encryptedText) {
String decryptedPlainText = null;
try {
SecretKey originalKey = new SecretKeySpec(decryptedKey, 0, decryptedKey.length, mEncryptionAlgorithm);
Cipher aesCipher2 = Cipher.getInstance(mEncryptionAlgorithm);
aesCipher2.init(Cipher.DECRYPT_MODE, originalKey);
byte bytePlainText = aesCipher2.doFinal(encryptedText);
decryptedPlainText = new String(bytePlainText);
} catch(NoSuchAlgorithmException e) {
e.printStackTrace();
} catch(NoSuchPaddingException e) {
e.printStackTrace();
} catch(InvalidKeyException e) {
e.printStackTrace();
} catch(IllegalBlockSizeException e) {
e.printStackTrace();
} catch(BadPaddingException e) {
e.printStackTrace();
}
return decryptedPlainText;
}
}
使用上述类的方法:
package eds;
import javax.crypto.SecretKey;
public class Main {
public static void main(String args) {
EncDecSymmetric sed = new EncDecSymmetric();
sed.generateSymmetricKey();
byte secretKeyByteArray = sed.getSecretKeyAsByteArray();
System.out.println("secret key: '" + EncDecSymmetric.keyToNumber(secretKeyByteArray).toString() + "'");
String plainText = "Hello World, Symmetric Encryption style";
System.out.println("plainText: '" + plainText + "'");
byte encryptedText = sed.encryptText(plainText);
System.out.println("encrypted text: '" + EncDecSymmetric.keyToNumber(encryptedText).toString() + "'");
String decryptedText = sed.decryptText(secretKeyByteArray, encryptedText);
System.out.println("decrypted text: '" + decryptedText + "'");
}
}
使用对称加密时,保管加密密钥是最大的挑战。如果加密消息需要大量人员或应用程序处理,则需要与每个人/应用程序共享相同的密钥,这增加了密钥被泄露的风险。
因此它与另一个加密方式:非对称加密方法相比,这种类型加密会被认为安全性更差一些。
2)非对称加密
此为TLS/SSL系统使用的加密技术。它被认为是最安全的加密形式,通常使用两个不同的密钥,即公有密钥和专有密钥。
公钥/私钥加密简称PKE,克服了对称加密的缺点。
在PKE方法中,加密和解密中使用了两个密钥,一个用来加密,一个用来解密。同一个密钥不能同时用于加解密,因此被称为非对称加密。
在PKE方法中,比如老王和老马在希望交换消息时,两边都会生成各自的私钥和公钥对。私钥各自不会公开,而公钥则与所有人共享。当老王希望向老马发送消息,他使用老马的公钥对消息进行加密,并将加密的消息发送给老马。老马收到消息后,使用自己的私钥对消息进行解密,还原完成原始消息。
PKE方法的好处在于,任何人都可以通过公钥发送消息,然后使用私钥对消息进行解密。只要私钥不被破坏,别人无法轻易解密消息。
以下是使用PKE方法的Java代码:
package edpkpk;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Base64;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
public class EncDecPublicKeyPrivateKey
{
// key encryption algorithms supported - RSA, Diffie-Hellman, DSA
// key pair generator - RSA: keyword - RSA, key size: 1024, 2048
// key pair generator - Diffie-Hellman: keyword i DiffieHellman, key size - 1024
// key pair generator - DSA: keyword - DSA, key size: 1024
// NOTE: using asymmetric algorithms other than RSA needs to be worked out
protected static String DEFAULT_ENCRYPTION_ALGORITHM = "RSA";
protected static int DEFAULT_ENCRYPTION_KEY_LENGTH = 1024;
protected static String DEFAULT_TRANSFORMATION = "RSA/ECB/PKCS1Padding";
protected String mEncryptionAlgorithm, mTransformation;
protected int mEncryptionKeyLength;
protected PublicKey mPublicKey;
protected PrivateKey mPrivateKey;
EncDecPublicKeyPrivateKey()
{
mEncryptionAlgorithm = EncDecPublicKeyPrivateKey.DEFAULT_ENCRYPTION_ALGORITHM;
mEncryptionKeyLength = EncDecPublicKeyPrivateKey.DEFAULT_ENCRYPTION_KEY_LENGTH;
mTransformation = EncDecPublicKeyPrivateKey.DEFAULT_TRANSFORMATION;
mPublicKey = null;
mPrivateKey = null;
}
public static BigInteger keyToNumber(byte byteArray)
{
return new BigInteger(1, byteArray);
}
public String getEncryptionAlgorithm()
{
return mEncryptionAlgorithm;
}
public int getEncryptionKeyLength()
{
return mEncryptionKeyLength;
}
public String getTransformation()
{
return mTransformation;
}
public PublicKey getPublicKey()
{
return mPublicKey;
}
public byte getPublicKeyAsByteArray()
{
return mPublicKey.getEncoded();
}
public String getEncodedPublicKey()
{
String encodedKey = Base64.getEncoder().encodeToString(mPublicKey.getEncoded());
return encodedKey;
}
public PrivateKey getPrivateKey()
{
return mPrivateKey;
}
public byte getPrivateKeyAsByteArray()
{
return mPrivateKey.getEncoded();
}
public String getEncodedPrivateKey()
{
String encodedKey = Base64.getEncoder().encodeToString(mPrivateKey.getEncoded());
return encodedKey;
}
public byte encryptText(String text)
{
byte encryptedText = null;
try {
KeyPairGenerator kpg = KeyPairGenerator.getInstance(mEncryptionAlgorithm);
kpg.initialize(mEncryptionKeyLength);
KeyPair keyPair = kpg.generateKeyPair();
mPublicKey = keyPair.getPublic();
mPrivateKey = keyPair.getPrivate();
Cipher cipher = Cipher.getInstance(mTransformation);
cipher.init(Cipher.PUBLIC_KEY, mPublicKey);
encryptedText = cipher.doFinal(text.getBytes());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
return encryptedText;
}
public byte decryptText(byte encryptedText)
{
byte decryptedText = null;
try {
Cipher cipher = Cipher.getInstance(mTransformation);
cipher.init(Cipher.PRIVATE_KEY, mPrivateKey);
decryptedText = cipher.doFinal(encryptedText);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
return decryptedText;
}
}
调用此代码的主函数如下:
package edpkpk;
public class Main
{
public static void encryptDecrypt(String plainText)
{
EncDecPublicKeyPrivateKey edpkpk = new EncDecPublicKeyPrivateKey();
//byte secretKeyByteArray = sed.getSecretKeyAsByteArray();
//System.out.println("secret key: '" + EncryptDecryptPublicKeyPrivateKey.keyToNumber(secretKeyByteArray).toString() + "'" );
System.out.println("plainText: '" + plainText + "'");
System.out.println("plainText size: '" + plainText.length() + "'");
System.out.println("encryption key length: '" + edpkpk.getEncryptionKeyLength() + "'");
System.out.println("encryption algorithm: '" + edpkpk.getEncryptionAlgorithm() + "'");
System.out.println("encryption transform: '" + edpkpk.getTransformation() + "'");
byte encryptedText = edpkpk.encryptText(plainText);
System.out.println("encrypted text: '" + EncDecPublicKeyPrivateKey.keyToNumber(encryptedText).toString() + "'" );
System.out.println("encrypted text length: '" + EncDecPublicKeyPrivateKey.keyToNumber(encryptedText).toString().length() + "'" );
System.out.println("public key: '" + EncDecPublicKeyPrivateKey.keyToNumber(edpkpk.getPublicKeyAsByteArray()).toString() + "'" );
System.out.println("public key length: '" + EncDecPublicKeyPrivateKey.keyToNumber(edpkpk.getPublicKeyAsByteArray()).toString().length() + "'" );
System.out.println("private key: '" + EncDecPublicKeyPrivateKey.keyToNumber(edpkpk.getPrivateKeyAsByteArray()).toString() + "'" );
System.out.println("private key length: '" + EncDecPublicKeyPrivateKey.keyToNumber(edpkpk.getPrivateKeyAsByteArray()).toString().length() + "'" );
String decryptedText = new String(edpkpk.decryptText(encryptedText));
System.out.println("decrypted text: '" + decryptedText + "'" );
System.out.println("decrypted text length: '" + decryptedText.length() + "'");
}
public static void main(String args)
{
String plainText1 = "Hello World, Public Key / Private Key style";
Main.encryptDecrypt(plainText1);
//System.out.println("----------------------------------------------------------------");
//String plainText2 = "Hello World, Public Key / Private Key style with a very loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooog piece of text";
//Main.encryptDecrypt(plainText2);
}
}
PKU方法加密安全可靠,但是也有局限性,第一就是加密速度慢,第二必须使用块的形式加密,每个块的长度要小于密钥的长度。例如,使用密钥长度为1024的RSA算法,那么可加密的块最大长度为117个字符(块的长度=(密钥长度/64)-11)
破解此密文可能是一项艰巨的任务,需要花费数年时间甚至更长。
256位加密算法
通过以上内容,我们已经了解了加密的功能和重要性。
现在,请让我们共同进入256位加密系统。
这是当今最安全的加密方法,它使用256位密钥来加密和解密数据。
这里的数字术语描述了用于加密的密钥长度。
256位长度表示将加密组织提升到256的幂。这个数字几乎无法换算,这种类型的密钥有十几亿种组合,实际上是不可能被破解的。
即使用我们使用超级计算机,尝试和测试每种组合也需要数个光年。
因此,使用256位加密数据,数据安全性如何?
答案已经不言而喻。256位加密是一种安全的加密系统,目前已经广泛应用在政府、银行、电商等机构来支持交易。
可以确定,256位加密方式足够可靠并安全。
作者:恒一
说明:21CTO社区原创稿件,未经许可请勿转载。
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/258110.html