# Preface

We're doing it `java`

When the project is developed , In front and rear interface separation mode , The interface information needs to be encrypted , Do signature authentication , In addition, the user login information and password also need data encryption .` Information encryption `

It is the technology that almost all projects need to use now , Identity Authentication 、 Single sign-on 、 Information communication 、 Encryption algorithm is often used in payment transaction scenarios , Encryption algorithm , That is to change the original plaintext into ciphertext through a series of algorithm operations .

`BASE`

Strictly speaking , It belongs to coding format , Not encryption algorithms`MD`

(Message Digest algorithm , Information digest algorithm )`SHA`

(Secure Hash Algorithm, Secure hash algorithm )`HMAC`

(Hash Message Authentication Code, Hash message identifier )Encryption algorithm

`SHA1、SHA-224、SHA-256、SHA-384`

, and`SHA-512`

, among`SHA-224、SHA-256、SHA-384`

, and`SHA-512`

We can collectively call it`SHA2`

encryption algorithm`SHA`

Encryption algorithm is more secure than`MD5`

Higher , and`SHA2`

Encryption algorithm than`SHA1`

You have to be tall . among`SHA`

The following number represents the encrypted string length ,`SHA1`

By default, a`160`

Bit information digest .

# MD5

MD5 Information digest algorithm （ English ：MD5 Message-Digest Algorithm）, A widely used cryptographic hash function , I can produce one 128 position （16 byte ） Hash value （hash value）, Used to ensure complete and consistent transmission of information .

MD5 The algorithm has the following characteristics ：

compressibility ： No matter how long the data is , Calculated MD5 The values have the same length

Easy to calculate ： It is easy to calculate from the original data MD5 value

Resistance to change ： Even if you change a byte , Calculated MD5 Values can also vary greatly

Resistance to PengZhuangXing ： Know the data and MD5 value , Very little chance of finding the same MD5 Original data with the same value

To be exact ,MD5 It's not an encryption algorithm , It's a summary algorithm ,MD5 Can output plaintext as 128bits String , This string can no longer be converted to plaintext . Some online MD5 Decryption website also just saved some string corresponding md5 strand , Through what has been recorded md5 String to find out the original .

I have done a few projects often see MD5 Scenes for encryption . Like encryption of passwords , After generating a password , Use MD5 Generate a 128 Bit strings are stored in the database , After the user enters the password, it will become MD5 strand , Compare it in the database . So we can't get the original password when we retrieve it , Because plaintext passwords are not saved at all .

# SHA series

- Secure hash algorithm （ English ：Secure Hash Algorithm, Abbreviation for SHA） Is a family of cryptographic hash functions , yes FIPS Authenticated secure hash algorithm . Can calculate the corresponding value of a digital message , Fixed length string （ Also known as message summary ） The algorithm of . And if the input message is different , They are very likely to correspond to different strings .
- 2005 year 8 month 17 Japanese CRYPTO At the end of the meeting, Wang Xiaoyun 、 Yao Jizhi 、 Yao chufeng once again published more efficient SHA-1 Attack , Can be in 2 Of 63 Find collisions within the power of computational complexity .

in other words `SHA-1`

The encryption algorithm has the possibility of collision , Small as it is .

# HMAC

- HMAC Is the key related hash operation message authentication code （Hash-based Message Authentication Code） Abbreviation , from H.Krawezyk,M.Bellare,R.Canetti On 1996 A new method based on Hash Function and key for message authentication , And in 1997 Years as a RFC2104 Be announced , And in IPSec And other network protocols （ Such as
`SSL`

） It can be widely used , Now it has become de facto Internet safety standards . It can be bundled with any iterative hash function .- HMAC The algorithm is more like
`encryption algorithm`

, It introduces`secret key`

, Its security is not completely dependent on the Hash Algorithm

If you want to use ` encryption `

, Recommended SHA256、SHA384、SHA512 as well as HMAC-SHA256、HMAC-SHA384、HMAC-SHA512 These algorithms .

# Symmetric encryption algorithm

Symmetric encryption algorithm is an early algorithm , The same key is used for data encryption and decryption , This leads to the difficulty of key management . The common symmetric encryption algorithms are

`DES、3DES、AES128、AES192、AES256`

( Default installed JDK Not yet in favor of AES256, You need to install the corresponding jce Patch upgrade jce1.7,jce1.8). among AES The following number represents the key length . The security of symmetric encryption algorithm is relatively low , The more applicable scenario is the encryption and decryption in the Intranet environment .Symmetric encryption , That is, after encryption by key, you can pass

`Key decryption`

. One of the state-owned enterprises I have contacted now adopts`AES`

The way to achieve integrated landing . The third party system provides an interface to receive user information , The state-owned enterprise will provide users with information AES After encryption, it is passed to the third party system through this interface , The third party system can log in by itself . It's important to note that the key is very important , If`Key loss`

, There is`Information leakage`

The risk of .

# Encrypting salt

Encryption salt is also a concept often heard , Salt is a random string that is used to concatenate with our encrypted string and encrypt it .

Salt is mainly used to provide the security of encrypted strings . If you have an encrypted string with salt , Hackers use certain means to encrypt the string , The plaintext he got , It's not the string before we encrypt it , It's the string before encryption and the string combined with salt , This relatively increases the security of the string .

# Online encrypted website

- Webmaster Tools
- Online encryption
- Java Develop encryption and decryption tool class Look at my article

# summary

Several encryption algorithms are recommended ：

Irreversible encryption ：SHA256、SHA384、SHA512 as well as HMAC-SHA256、HMAC-SHA384、HMAC-SHA512

Symmetric encryption algorithm ：AES、3DES

Asymmetric encryption algorithm ：RSA