Original source:Potter’s Personal Blog
Summary of the content
- What is symmetric encryption
- Symmetric encryption demo
- What is asymmetric encryption
- Asymmetric encryption Demo
- Symmetric encryption and asymmetric encryption used in combination
- This paper introduces a feasible hybrid encryption scheme, how to apply it to interface data encryption
- Demo source code project
What is symmetric encryption
-
Definition:
Symmetric key algorithm (Symmetric key algorithm), also known as Symmetric encryption, private key encryption, and shared key encryption, is a kind of encryption algorithm in cryptography. These algorithms use the same key for encryption and decryption, or two keys that can simply be deduced from each other
-
Advantages:
The algorithm is open, has a small amount of computation, fast encryption speed, and high encryption efficiency, which is suitable for the scenario where a large amount of data is encrypted. For example, in common encryption scenarios of HTTP Live Streaming (HLS), the AES-128 symmetric encryption algorithm is used to encrypt TS slices to ensure multimedia resource security
-
Disadvantages:
It’s not very secure. You just need the key to unlock the data
-
Symmetric encryption process:
The sender uses the key to encrypt the plaintext data into ciphertext and then sends the ciphertext. After receiving the ciphertext, the receiver uses the same key to decrypt the ciphertext into plaintext for reading
-
Personal Understanding:
Symmetric encryption is like a key to a lock, a cryptographic box for storing things, and if you have the key you can take the treasure out of the box
Symmetric encryption demo
this.key = CryptoJS.enc.Utf8.parse("0123456789abcdef"); this.iv = CryptoJS.enc.Utf8.parse("abcdef0123456789"); /** * AES encryption * @param iv * @param key * @param content Encrypted data * @returns {string} * @private */ __aesEncrypt(iv, key, content) { let text = CryptoJS.enc.Utf8.parse(JSON.stringify(content)); let encrypted = CryptoJS.AES.encrypt(text, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7, }); return encrypted.toString(); }, /** * AES decrypt * @param iv * @param key * @param content Decrypt data * @returns {string} * @private */ __aesDecrypt(iv, key, content) { let decrypt = CryptoJS.AES.decrypt(content, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7, }); let decryptText = decrypt.toString(CryptoJS.enc.Utf8); return decryptText.replace(/\"/g, ""); },Copy the codeWhat is asymmetric encryption
-
Definition:
Asymmetric encryption algorithms require two keys: a publickey and a privatekey. The public key and private key are a pair. If the public key is used to encrypt data, only the corresponding private key can be used to decrypt data. Because encryption and decryption use two different keys, the algorithm is called asymmetric encryption
-
Advantages:
The public key is public, and the private key is saved by yourself. You do not need to provide the private key to others
-
disadvantages
Encryption and decryption speed is slow, only suitable for small data encryption and decryption
-
Symmetric encryption process:
-
Personal understanding
Asymmetric encryption: A public key is like an unlocked cipher box that can only store things in and then be locked. A secret key is like a key to a combination box. It opens the secret box and takes away the treasure inside
-
Asymmetric encryption Demo
this.rsaEncryptor = new JSEncrypt(); this.rsaEncryptor.setPublicKey(this.rsa_pub_key); this.rsaDecryptor = new JSEncrypt(); this.rsaDecryptor.setPrivateKey(this.rsa_pri_key); RSA encryption / * * * * @ param content * @ returns {CipherParams | PromiseLike < ArrayBuffer >} * @ private * / __rsaEncrypt (content) { return this.rsaEncryptor.encrypt(content); }, / * * * * @ RSA decryption param content * @ returns {WordArray | PromiseLike < ArrayBuffer >} * @ private * / __rsaDecrypt (content) { return this.rsaDecryptor.decrypt(content); },Copy the codeSymmetric encryption and asymmetric encryption used in combination
Now we all know the shortcomings of symmetric encryption and asymmetric encryption, then combine the advantages of symmetric encryption and asymmetric encryption to a demo, ideas: for small data symmetric encryption IV and key, using asymmetric encryption; Symmetric encryption is used for big data.
/** * @param content * @param returns {{data: string, iv: (CipherParams|PromiseLike<ArrayBuffer>), key: (CipherParams|PromiseLike<ArrayBuffer>)}} * @private */ __hybirdEncrypt(iv, key, content) { const aesEncryptData = this.__aesEncrypt(iv, key, content); const rsaEncryptIv = this.__rsaEncrypt(iv); const rsaEncryptKey = this.__rsaEncrypt(key); return { iv: rsaEncryptIv, key: rsaEncryptKey, data: aesEncryptData, }; }, /** * encryptInfo * @param encryptInfo * @returns {string} * @private */ __hybirdDecrypt(encryptInfo) {const iv = this.rsaDecryptor.decrypt(encryptInfo.iv); const key = this.rsaDecryptor.decrypt(encryptInfo.key); const data = encryptInfo.data; return this.__aesDecrypt(iv, key, data); }Copy the codeThis paper introduces a feasible hybrid encryption scheme and how to apply it to interface data encryption. The flow chart is as follows:
- Here’s the idea:
- Step 1: Create a set of RSA public and private keys. The public key front end holds the public key, and the private key server holds the private key
- Step 2: The front end generates a RequestID for each network request
- Step 3: The client generates an AES Key, uses RequestID as the Key, and AES Key as Value to store memory
- Step 4: The client encrypts Request Data with the generated AES Key, encrypts the AES Key with the RSA public Key, and sends the requestID, encrypted Data, and encrypted AES Key to the server
- Step 5: The server uses the RSA private Key to decrypt the encrypted AES Key, and then uses the decrypted AES Key to decrypt RequestData
- Step 6: The server uses AES Key to encrypt the response data ResposneData +RequestID and return it to the front-end
- Step 7: The front-end retrieves the AES key of the memory according to the RequestID returned by the server, decrypts Resposne Data with the AES key, and deletes the AES key of the RequestID.
- Finally: Each time the front-end sends a request, it creates an AES Key to encrypt data. After receiving the response from the server, it deletes the AES Key data in the memory. In this way, the cycle uses a set of RSA public and private keys to solve the mixed encryption problem
- Flow chart:
Demo source engineering:
- Visit: github.com/aa4790139/e…
Finally:
Because symmetric encryption DES security is not too strong, so we chose the alternative AES. Thank you very much Po brother to provide the play mix encryption article, easy to understand, let me benefit. Finally Po brother mentioned the AES key storage memory easy to let others get AES key. So I went to understand how to prevent Web debugging, code how to confuse, etc., next: How to prevent Web debugging
References:
- Po go – Play with hybrid encryption
For more information:
- Principle of DES encryption algorithm
- Algorithm popular science: the mysterious DES encryption algorithm
Above: If you find any problems, welcome to point out the message, I timely correction