The encryption algorithm is divided into one -way encryption and two -way encryption. In one -way encryption includes MD5, SHA and other abstract algorithms. The one -way encryption algorithm is irreversible, that is, the encrypted data cannot be restored to the original data, unless the collision attack and poverty are adopted. Like the storage of bank account passwords, one -way encryption is generally used. The two -way encryption is reversible. There is a kernel key. The party holding a cipher text can obtain the original plain text based on the key decryption. Generally, the sender and the receiver can obtain the clear text through the key. Two -way encryption includes symmetrical encryption and asymmetric encryption. Symmetric encryption includes DES encryption, AES encryption, etc., asymmetric encryption includes RSA encryption, ECC encryption. AES algorithm ADVANCED Standard is a substitute for the DES algorithm and one of the most popular symmetrical encryption algorithms today. If to learn the AES algorithm, you must first figure out the three basic concepts: keys, filling, and patterns. The key is the foundation of encryption and decryption of the AES algorithm. Symmetric encryption algorithm is symmetrical because such algorithms need to be encrypted and decrypted by bright text. AES supports three types of lengths: 128 bits, 192 -bit, 256 -bit The aES128, AES192, AES256, which everyone calls, actually refers to the AES algorithm on different lengths The use of the key. From the perspective of security, AES256 has the highest safety. From the perspective of performance, AES128 has the highest performance. The essential reason is that their encryption processing wheels are different. In the concept of filling, we must first understand the packets of AES. When the AES algorithm is encrypted to the bright text, it is not to add the entire Mingyan brain to a whole paragraph, but to divide the plain text into independent plain text blocks, each of which is 128bit in length. This blocks are complex by the AES encrypital to generate independent ciphertext blocks. These ciphertext blocks are stitched together, which is the final AES encryption result. but a problem involved here: If the length of a plain text is 192bit, if you are split according to a bright text block per 128bit, the second Ming text block is only 64bit, less than 128bit. What should I do at this time? Padding needs to be filled in Mingwen blocks. AES has many different fillings in different language implementation. We only give a concentrated typical filling to introduce it. MON not to fill in, but it is required to be an integer multiple of 16 bytes. If the text of the text is less than 16 bytes (128bit), the corresponding number of characters at the end of the bright text block, and the value of each byte is equal to the lack of number of characters. , for example, clear text: {1,2,3,4,5, A, B, C, D, E}, the lack of 6 bytes, then the completion is {1,2,3,4,5, A, B, C, D, E, 6,6,6,6,6,6} . If there are less than 16 bytes (128bit) in the text, the corresponding number of bytes are added at the end of the open text block, The last character value is equal to the number of characters that lack, and other characters fill the random number. , for example, clear text: {1,2,3,4,5, A, B, C, D, E}, lack of 6 bytes, may be supplemented as {1,2,3,4,5 , A, B, C, D, E, 5, C, 3, G, $, 6} n, you need to note that if you use a certain filling method when you are encrypted, it is also The same filling method must be adopted. AES's working mode is reflected in the processing process of encrypted the text block into a dense block. The AES encryption algorithm provides five different working modes: ECB, CBC, CTR, CFB, OFB mode is similar, and there are some differences in processing details. In this issue, we only introduce the basic definition of each mode. The code of this mode CodeBook Book Cable group link mode Chaining Counter mode Counter Code feedback mode Output feedback mode The same working mode must be used when using a certain working mode. AES encryption mainly includes two steps: key extension and brightly encrypted. The key expansion process description (the key is 16 bytes): The process instructions of function G: The round (RCON) is a word, and the three bytes on the far right are always 0 Essence Therefore, the word is different from RCON, and its result is only different from the leftmost byte. The volume of the wheels per round is different, positioning is RCON [J] = (RC [J], 0, 0, 0). (RC is a one -dimensional array) RC generates function: rc [1] = 1, rc [j] = 2 * RC [j - 1]. Because the 16 -byte key is expanded only 10 rounds, the value of the final generated RC [j] is expressed as hexadecimal: After the key expansion of ten rounds, it can be generated. 44 expansion keys. The extended key will be used for AES's encryption process. S box is a matrix composed of 16 × 16 bytes. The index values of the ranks start from 0 to the end of the Final of the hexadecimal F, and the range of each byte is (00-FF). When the byte replacement is performed, each byte in the state is divided into 4 bits and 4 bits high. The high 4 digits are used as a line value, and the low 4 digits are used as a column value, and these ranks are used as the output of the corresponding position of the index from the corresponding position of the S box. n (1) Initially initialize the S box by byte deserves to be promoted. The byte value of the y column X is {yx}. (2) Each byte in the s box is mapped to the inverse in it in the limited domain GF; {00} is mapped to it itself {00}. (3) The 8 constituents of each byte in the s box are recorded as (B7, B6, B5, B4, B3, B2, B1). The following changes are made for each bit of each bit of the S -box: CI refers to the i -1 bit of the byte C with a value of {63}. The decryption process The inverse bytes instead of the inverse S box, the structure is byte d = {05}. The reverse row displacement will perform the displacement operation in the opposite direction in the opposite direction. If the second row moves to the right to move a byte, other rows are similar. If attention, the multiplication and addition of the matrix of the icon are defined on GF (2^8). The principle of reverse column confusion is as follows: The grouping of the tightly key to perform a round key to restore the original value. Therefore, as long as the key expansion and clear text encryption can be encrypted by the key expansion and clearly encrypted. When you decrypt it, you only need to reverse the transformation. FIG. [Process of AES encryption algorithm] also needs to be noted. After the input state is input, a round of wheel key is needed to initialize the input state. In the first 9 rounds of encryption process, byte substitution, row shift, confusion, and rotation key are required, but the 10th round no longer needs to be confused. When decrypting, reverse bytes need to be performed, reverse row shift, reverse column confusion, and rotation key.
The encryption algorithm is divided into one -way encryption and two -way encryption.
In one -way encryption includes MD5, SHA and other abstract algorithms. The one -way encryption algorithm is irreversible, that is, the encrypted data cannot be restored to the original data, unless the collision attack and poverty are adopted. Like the storage of bank account passwords, one -way encryption is generally used.
The two -way encryption is reversible. There is a kernel key. The party holding a cipher text can obtain the original plain text based on the key decryption. Generally, the sender and the receiver can obtain the clear text through the key. Two -way encryption includes symmetrical encryption and asymmetric encryption. Symmetric encryption includes DES encryption, AES encryption, etc., asymmetric encryption includes RSA encryption, ECC encryption.
AES algorithm ADVANCED Standard is a substitute for the DES algorithm and one of the most popular symmetrical encryption algorithms today.
If to learn the AES algorithm, you must first figure out the three basic concepts: keys, filling, and patterns.
The key is the foundation of encryption and decryption of the AES algorithm. Symmetric encryption algorithm is symmetrical because such algorithms need to be encrypted and decrypted by bright text.
AES supports three types of lengths:
128 bits, 192 -bit, 256 -bit
The aES128, AES192, AES256, which everyone calls, actually refers to the AES algorithm on different lengths The use of the key. From the perspective of security, AES256 has the highest safety. From the perspective of performance, AES128 has the highest performance. The essential reason is that their encryption processing wheels are different.
In the concept of filling, we must first understand the packets of AES. When the AES algorithm is encrypted to the bright text, it is not to add the entire Mingyan brain to a whole paragraph, but to divide the plain text into independent plain text blocks, each of which is 128bit in length.
This blocks are complex by the AES encrypital to generate independent ciphertext blocks. These ciphertext blocks are stitched together, which is the final AES encryption result.
but a problem involved here:
If the length of a plain text is 192bit, if you are split according to a bright text block per 128bit, the second Ming text block is only 64bit, less than 128bit. What should I do at this time? Padding needs to be filled in Mingwen blocks. AES has many different fillings in different language implementation. We only give a concentrated typical filling to introduce it.
MON not to fill in, but it is required to be an integer multiple of 16 bytes.
If the text of the text is less than 16 bytes (128bit), the corresponding number of characters at the end of the bright text block, and the value of each byte is equal to the lack of number of characters.
, for example, clear text: {1,2,3,4,5, A, B, C, D, E}, the lack of 6 bytes, then the completion is {1,2,3,4,5, A, B, C, D, E, 6,6,6,6,6,6}
. If there are less than 16 bytes (128bit) in the text, the corresponding number of bytes are added at the end of the open text block, The last character value is equal to the number of characters that lack, and other characters fill the random number.
, for example, clear text: {1,2,3,4,5, A, B, C, D, E}, lack of 6 bytes, may be supplemented as {1,2,3,4,5 , A, B, C, D, E, 5, C, 3, G, $, 6} n, you need to note that if you use a certain filling method when you are encrypted, it is also The same filling method must be adopted.
AES's working mode is reflected in the processing process of encrypted the text block into a dense block. The AES encryption algorithm provides five different working modes:
ECB, CBC, CTR, CFB, OFB
mode is similar, and there are some differences in processing details. In this issue, we only introduce the basic definition of each mode.
The code of this mode CodeBook Book
Cable group link mode Chaining
Counter mode Counter
Code feedback mode
Output feedback mode
The same working mode must be used when using a certain working mode.
AES encryption mainly includes two steps: key extension and brightly encrypted.
The key expansion process description (the key is 16 bytes):
The process instructions of function G:
The round (RCON) is a word, and the three bytes on the far right are always 0 Essence Therefore, the word is different from RCON, and its result is only different from the leftmost byte. The volume of the wheels per round is different, positioning is RCON [J] = (RC [J], 0, 0, 0). (RC is a one -dimensional array)
RC generates function: rc [1] = 1, rc [j] = 2 * RC [j - 1].
Because the 16 -byte key is expanded only 10 rounds, the value of the final generated RC [j] is expressed as hexadecimal:
After the key expansion of ten rounds, it can be generated. 44 expansion keys. The extended key will be used for AES's encryption process.
S box is a matrix composed of 16 × 16 bytes. The index values of the ranks start from 0 to the end of the Final of the hexadecimal F, and the range of each byte is (00-FF).
When the byte replacement is performed, each byte in the state is divided into 4 bits and 4 bits high. The high 4 digits are used as a line value, and the low 4 digits are used as a column value, and these ranks are used as the output of the corresponding position of the index from the corresponding position of the S box. n (1) Initially initialize the S box by byte deserves to be promoted. The byte value of the y column X is {yx}.
(2) Each byte in the s box is mapped to the inverse in it in the limited domain GF; {00} is mapped to it itself {00}.
(3) The 8 constituents of each byte in the s box are recorded as (B7, B6, B5, B4, B3, B2, B1). The following changes are made for each bit of each bit of the S -box:
CI refers to the i -1 bit of the byte C with a value of {63}.
The decryption process The inverse bytes instead of the inverse S box, the structure is
byte d = {05}.
The reverse row displacement will perform the displacement operation in the opposite direction in the opposite direction. If the second row moves to the right to move a byte, other rows are similar.
If attention, the multiplication and addition of the matrix of the icon are defined on GF (2^8).
The principle of reverse column confusion is as follows:
The grouping of the tightly key to perform a round key to restore the original value. Therefore, as long as the key expansion and clear text encryption can be encrypted by the key expansion and clearly encrypted. When you decrypt it, you only need to reverse the transformation.
FIG. [Process of AES encryption algorithm] also needs to be noted. After the input state is input, a round of wheel key is needed to initialize the input state. In the first 9 rounds of encryption process, byte substitution, row shift, confusion, and rotation key are required, but the 10th round no longer needs to be confused.
When decrypting, reverse bytes need to be performed, reverse row shift, reverse column confusion, and rotation key.