Encryption technology is usually divided into two categories: "symmetric" and "asymmetric".

Symmetric encryption algorithm: Symmetric encryption means that encryption and decryption

use the same key. Both parties to the information need to know the key and the encryption and

decryption algorithm in advance and their keys are the same, and then the data is encrypted and

decrypted. Symmetric encryption algorithm is used to encrypt sensitive data and other

information.

Asymmetric algorithm: Asymmetric encryption means that the encryption and decryption do

not use the same key, usually there are two keys, called "public key" and "private key", they must

be used in pairs, otherwise they cannot be opened Encrypt files. Sending parties A and B both

generate a bunch of keys in advance, and then A sends his own public key to B, and B sends his

own public key to A. If A wants to send a message to B, he needs to use B's first The public key

encrypts the message and then sends it to B. At this time, B uses its own private key to decrypt

the message. The same applies when B sends a message to A.

Hash algorithm: Hash algorithm, also known as hash function, is a one-way encryption

algorithm. In information security technology, it is often necessary to verify the integrity of a

message. The Hash function provides this service. It produces a fixed-length output for input

messages of different lengths. This fixed-length output is called the "hash" or "Message digest"

of the original input message. A hash algorithm is not an encryption algorithm because the

result is irreversible. Since it is irreversible, it is of course not used for encryption, but for

signing.

Symmetric encryption algorithms are: AES, DES, 3DESPurpose: Symmetric encryption

algorithms are used to encrypt sensitive data and other information

DES (Data Encryption Standard): Data encryption standard, which is faster and is suitable for

encrypting large amounts of data.

3DES (Triple DES): Based on DES, a piece of data is encrypted three times with three different

keys, with higher strength.

AES (Advanced Encryption Standard): Advanced Encryption Standard, the next-generation

encryption algorithm standard, with fast speed and high security level; AES is a block encryption

algorithm that uses 128 as a block, and the block is encrypted with 128, 192 or 256 bits. The

keys are used together as input to operate on a 4×4 byte array. It is well known that AES is a

very efficient algorithm, especially in the 8-bit architecture, which stems from its byte-oriented

design. AES is suitable for 8-bit small single-chip microcomputers or ordinary 32-bit

microprocessors, and is suitable for special hardware implementation. The hardware

implementation can make its throughput (the number of encryption/decryption bits that can be

reached per second) reach the order of one billion. Likewise, it also applies to RFID systems.

Asymmetric algorithms are: RSA, DSA, ECC

RSA : Invented by RSA, it is a public key algorithm that supports variable-length keys. The length

of the file block that needs to be encrypted is also variable. RSA has already entered the

practical stage abroad, and a variety of high-speed RSA dedicated chips have been developed.

DSA (Digital Signature Algorithm): Digital signature algorithm is a standard DSS (Digital

Signature Standard), strictly speaking, it is not an encryption algorithm.

ECC (Elliptic Curves Cryptography): Elliptic curve cryptography. Compared with RSA, ECC has

absolute advantages in many aspects, mainly including: strong attack resistance. With the same

key length, its resistance to attack is many times stronger. The calculation is small and the

processing speed is fast. The overall speed of ECC is much faster than RSA and DSA. Storage

space is small. Compared with RSA and DSA, the key size and system parameters of ECC are

much smaller, which means that the storage space it occupies is much smaller. This is

particularly important for the application of encryption algorithms on IC cards. Low bandwidth
requirements. When encrypting and decrypting long messages, the three types of cryptographic

systems have the same bandwidth requirements, but when applied to short messages, the ECC

bandwidth requirements are much lower. Low bandwidth requirements make ECC have a wide

range of application prospects in the field of wireless networks.

Hash algorithm (signature algorithm): MD5, SHA1, HMACPurpose: Mainly used for verification

to prevent information from being modified. Specific uses such as: document verification, digital

signature, authentication agreement

MD5 : MD5 is an irreversible encryption algorithm. It is currently one of the most reliable

encryption algorithms. No program capable of inverse calculation has been developed yet. It

corresponds to any string that can be encrypted into a unique fixed-length code.

MD5 is an unkeyed hash function - there is not key in use at all.

SHA1 : It is designed by NISTNSA to be used with DSA. It generates a hash value with a length

of 160bit for an input whose length is less than 264, so it has better brute-force resistance. SHA-

1 was designed based on the same principle as MD4 and imitated the algorithm. SHA-1 is a

national standard promulgated by the National Institute of Standards and Technology (NIST). It

is the most widely used hash function algorithm and the most advanced encryption technology

currently used by government departments and private owners to process sensitive information.

SHA-1 is based on MD5, and MD5 is based on MD4.

HMAC : Hash-based Message Authentication Code (Hash-based Message Authentication Code)

related to the key. The HMAC operation uses a hash algorithm to take a key and a message as

input and generate a message digest as output. In other words, HMAC requires a key. Therefore,

HMAC_SHA1 also requires a key, but SHA1 does not.

Other commonly used algorithms:

Base64 : In fact, it is not an encryption and decryption algorithm in the security field. It can only

be regarded as an encoding algorithm. It is usually used to encode binary data into data in the

form of writable characters, and encode the data content to be suitable for transmission (you

can use img image encoding For transmission). This is a reversible encoding method. The

encoded data is a string, which contains characters: AZ, az, 0-9, +,/, a total of 64 characters (26

+ 26 + 10 + 1 + 1 = 64, in fact, 65 characters, "=" is a filling character. Base64 requires that every

three 8Bit bytes be converted into four 6Bit bytes (3*8 = 4*6 = 24), and then the 6Bit is added

with two high bits 0 to form four 8Bit bytes, that is to say, the converted character string will

theoretically be 1/3 longer than the original. If the original text contains less than 3 bytes at the

end, use 0 to make up, and use the = sign to replace the Base64 code during conversion. This is

why some Base64 codes end with one or two equal signs. It is impossible to have equal signs in

the middle, but there are only two equal signs at most. In fact, there is no need to "=" nor delay

decoding, the reason for using "= "It may be that the Base64 string after multi-segment encoding

will not cause confusion.) Base64 encoding is a process from binary to character. For example,

when some Chinese characters are converted to binary using different encodings, the resulting

binary is not The same, so the final Base64 characters are different. For example, "Internet"

corresponds to the Base64 encoding of utf-8 format is "5LiK572R", and the Base64 encoding

corresponding to GB2312 format is "yc/N+A==".

The standard Base64 is not suitable for transmission directly in the URL, because the URL

encoder will change the "/" and "+" characters in the standard Base64 into a form like "%XX", and

these "%" signs are stored It needs to be converted when entering the database, because the "%"

sign has been used as a wildcard in ANSI SQL.

To solve this problem, an improved Base64 encoding for URLs can be used, which does not fill

in the'=' at the end, and changes the "+" and "/" in the standard Base64 to "-" and "_" respectively
This eliminates the need for conversion during URL encoding and decoding and database

storage, avoids the increase in the length of encoding information in this process, and unifies

the format of object identifiers in databases, forms, etc.

There is also an improved Base64 variant for regular expressions, which changes "+" and "/" to

"!" and "-" because of "+", "*" and the " Both [" and "]" may have special meanings in regular

expressions.

In addition, there are some variants, which change "+/" to "_-" or "._" (used as an identifier name

in a programming language) or ".-" (used for Nmtoken in XML) or even "_ :" (used for Name in

XML).

HTTPS (full name: Hypertext Transfer Protocol over Secure Socket Layer) is an HTTP channel

with security as the goal. Simply put, it is a secure version of HTTP. That is, the SSL layer is

added under HTTP. The security basis of HTTPS is SSL (SSL uses 40-bit keywords as the RC4

stream encryption algorithm, which is suitable for the encryption of commercial information.),

so the encryption details require SSL. https: URL indicates that it uses HTTP, but HTTPS has a

default port different from HTTP and an encryption/authentication layer (between HTTP and

TCP), which provides authentication and encrypted communication methods, and it is now

widely used in the World Wide Web Security-sensitive communications, such as transaction

payment. Its main function can be divided into two types: one is to establish an information

security channel to ensure the safety of data transmission; the other is to confirm the

authenticity of the website.

Summary of project application:1. The encryption algorithm is reversible and is used to protect

sensitive data. The hash algorithm (signature algorithm, hash algorithm) is irreversible and is

mainly used for identity verification.

2. The symmetric encryption algorithm uses the same key for encryption and decryption, which

is fast and suitable for encrypting large amounts of data. Symmetric encryption client and

server use the same key, there is a risk of packet capture and cracking.

3. The asymmetric encryption algorithm uses public key encryption, private key decryption,

private key signature, and public key verification. The security is higher than symmetric

encryption, but the speed is slower. Asymmetric encryption uses two keys. The server-side and

client-side keys are different. The private key is placed on the server-side, which is generally not

available to hackers and has high security.

4. Base64 is not an encryption and decryption algorithm in the security field. It is just an

encoding algorithm. It is usually used to encode binary data into data in the form of writable

characters. It is especially suitable for fast data transmission over the network under the http

and mime protocols. The Base64 encoding results of UTF-8 and GBK Chinese are different. The

use of Base64 encoding is not only relatively short, but also unreadable, that is, the encoded

data will not be directly seen by people with the naked eye, but this method is very basic and

simple. Base64 can encode and transmit image files.

5. The https protocol is widely used in security-sensitive communications on the World Wide

Web, such as transaction payments. Its main function can be divided into two types: one is to

establish an information security channel to ensure the safety of data transmission; the other is

to confirm the authenticity of the website.

6. It is recommended to use symmetric encryption algorithm for large amount of data

encryption to increase the speed of encryption and decryption; for small amount of confidential

data, asymmetric encryption algorithm can be used. In the actual operation process, we usually

adopt the method: use an asymmetric encryption algorithm to manage the key of the symmetric

algorithm, and then use the symmetric encryption algorithm to encrypt the data, so that we have
integrated the advantages of the two types of encryption algorithms, both to achieve encryption

The advantage of fast speed also realizes the advantages of safe and convenient key

management.

7. MD5 standard key length is 128 bits (128 bits refer to binary bits. Binary is too long, so it is

generally rewritten into hexadecimal. Each hexadecimal number can replace 4 binary numbers,

so 128-bit binary numbers are written as The hexadecimal system becomes 128/4=32 bits. 16-

bit encryption is to extract the middle 16 bits from the 32-bit MD5 hash); the sha1 standard key

length is 160 bits (32 bits longer than the MD5 digest), Base64 The converted character string

will theoretically be 1/3 longer than the original one.

Reference article:http://www.cnblogs.com/mddblog/p/5380556.html

http://blog.csdn.net/xuefeng0707/article/details/19845111

http://blog.csdn.net/benbenxiongyuan/article/details/7756912

https://zh.wikipedia.org/wiki/Base64

http://www.cnblogs.com/hongru/archive/2012/01/14/2321397.html

http://www.cnblogs.com/chengxiaohui/articles/3951129.html

http://www.cnblogs.com/fireway/p/5860622.html

http://www.cnblogs.com/JCSU/articles/2803598.html

https://baike.so.com/doc/5404553-5642272.html

http://www.cnblogs.com/yangywyangyw/archive/2012/07/31/2620861.html

Original: https://www.cnblogs.com/sochishun/p/7028056.html

Reprinted at: https://www.cnblogs.com/huangzelin/p/9531357.html