Home>

Encryption is to change the original information data with a special algorithm.So that even if an unauthorized user gets encrypted information,But because I do n’t know the decryption method,Still unable to understand the content of the information.Broadly divided into two-way encryption and one-way encryption,Two-way encryption is divided into symmetric encryption and asymmetric encryption (some materials directly divide encryption into symmetric encryption and asymmetric encryption).

Bidirectional encryption generally means that the plaintext is encrypted to form a ciphertext.Can be restored to plain text by an algorithm.And one-way encryption is just a summary calculation of the information,Cannot generate plaintext by algorithm,One-way encryption is not strictly a type of encryption.It should be considered a digest algorithm.

Specifically:

The system must be available,Not mathematically non-decodeable.

The system does not have to be confidential,Can easily fall into the hands of the enemy.

The key must be able to exchange and memorize without writing,And both parties can change the key.

The system can be used for telecommunications.

The system can transfer locations,Its function can only be achieved without the hands of a few people.

System is easy to use,Don't require users to be overworked or have many rules.

First, the main encryption method code provider

jdk:the code is in the jre \ lib \ jce.jar package in the java installation directory;

cc:org.apache.commons.codec provided by the Apache company

Home:

bc:org.bouncecastle

Home:

Basically, using jdk is enough.

Second, the base64 algorithm

1. From the complexity of the current encryption algorithm, base64 is embarrassed to say that it is encrypted.But it's enough for people who don't know computers at all.Using base64 encoding is unreadable,That is, the encoded data will not be directly visible to the naked eye.

Base64 encoding is generally used for URL processing, or anything you don't want ordinary people to know at a glance can be processed with base64 encoding and then posted on the web.

package com.amuro.strategy.base64;
import java.util.base64;
import com.amuro.strategy.istrategy;
/**
 * The base64 algorithm is based on 64 basic characters,The encrypted string contains only these 64 characters
 * @author amuro
 *
 * /
public class base64strategy implements istrategy
{
 public string encode (string src)
 {
 byte [] encodebytes=base64.getencoder (). encode (src.getbytes ());
 return new string (encodebytes);
 }
 public string decode (string src)
 {
 byte [] decodebytes=base64.getdecoder (). decode (src.getbytes ());
 return new string (decodebytes);
 }
}

2.Base64 encoding correspondence table

Third, the message digest algorithm (message digest)

The message digest is also called digital digest. It is a unique fixed-length value that corresponds to a message or text.It is generated by a one-way hash encryption function that acts on messages.The anti-collision property of the hash function makes if the plaintext changes slightly,Even if you change only one letter of the paragraph,After acting through the hash algorithm, different values ​​will be generated.The one-way nature of the hash algorithm makes it necessary to find two different input messages with the same hash value.It is computationally impossible.So the hash of the data,Message summary,You can verify the integrity of the data.

In vernacular,Any piece of data should be unique like people.What is the unique identity,Human words are currently fingerprints,And what is the fingerprint of the data?That's right, this is the string generated by the message digest algorithm. For example, when we register for a website,Transmitted from the client to the server,It should be the content of the message digest processed by the password we entered.So even if the server is compromised,The hack can't know what the user's real password is.However, it is said that now md5 and sha have been breached.Specifically everyone can Google.

1, md5

package com.amuro.strategy.message_digest;
import java.security.messagedigest;
import java.security.nosuchalgorithmexception;
import org.apache.commons.codec.binary.hex;
import com.amuro.strategy.istrategy;
/**
 * Message Digest Algorithm
 * @author amuro
 *
 * /
public class md5strategy implements istrategy
{
 public string encode (string src)
 {
 try
 {
  messagedigest md=messagedigest.getinstance ("md5");
  byte [] encodebytes=md.digest (src.getbytes ());
  return hex.encodehexstring (encodebytes);
 }
 catch (nosuchalgorithmexception e)
 {
  e.printstacktrace ();
 }
 return null;
 }
 public string decode (string src)
 {
 throw new runtimeexception ("md5 no decode");
 }
}

Sha

package com.amuro.strategy.message_digest;
import java.security.messagedigest;
import java.security.nosuchalgorithmexception;
import org.apache.commons.codec.binary.hex;
import com.amuro.strategy.istrategy;
/**
 * Secure Hash Algorithm
 * @author amuro
 *
 * /
public class shastrategy implements istrategy
{
 public string encode (string src)
 {
 try
 {
  messagedigest md=messagedigest.getinstance ("sha");
  md.update (src.getbytes ());
  return hex.encodehexstring (md.digest ());
 }
 catch (nosuchalgorithmexception e)
 {
  e.printstacktrace ();
 }
 return null;
 }
 public string decode (string src)
 {
 throw new runtimeexception ("sha no decode");
 }
}

Fourth, symmetric encryption

Encryption method using single key cryptosystem,The same key can be used for both encryption and decryption of information,This encryption method is called symmetric encryption,Also called single key encryption.And because both encryption and decryption use the same key,How to securely pass the key to the decryptor becomes a problem that must be solved.Of course, the advantages of lower security are small calculation volume, fast encryption speed, and high encryption efficiency.

Of course, modern computers don't care about this level of calculation for a long time. Security is the most important.

1.des

des, the full name is "data encryption standard", the Chinese name is "data encryption standard", is a block algorithm using key encryption.des algorithm is a symmetric cryptosystem in cryptosystem,Also known as the American Data Encryption Standard,It is a symmetric cryptosystem encryption algorithm developed by the American IBM Corporation in 1972. Plain text is grouped by 64 bits,The key is 64 bits long. The key is actually 56 bits. Make each key have an odd number. 1) The grouped plaintext group and the 56-bit key are replaced or exchanged by bits to form a ciphertext group encryption method.

package com.amuro.strategy.des;
import javax.crypto.cipher;
import javax.crypto.keygenerator;
import javax.crypto.secretkey;
import javax.crypto.secretkeyfactory;
import javax.crypto.spec.deskeyspec;
import org.apache.commons.codec.binary.hex;
import com.amuro.strategy.istrategy;
/**
 *
 * @author amuro
 *
 * /
public class desstrategy implements istrategy
{
 private cipher cipher;
 private secretkey generatekey;
 public string encode (string src)
 {
 try
 {
  keygenerator keygenerator=keygenerator.getinstance ("des");
  keygenerator.init (56);//size
  secretkey secretkey=keygenerator.generatekey ();
  byte [] keybytes=secretkey.getencoded ();
  deskeyspec deskeyspec=new deskeyspec (keybytes);
  secretkeyfactory secretkeyfactory=secretkeyfactory.getinstance ("des");
  generatekey=secretkeyfactory.generatesecret (deskeyspec);
  cipher=cipher.getinstance ("des/ecb/pkcs5padding");
  cipher.init (cipher.encrypt_mode, generatekey);
  byte [] resultbytes=cipher.dofinal (src.getbytes ());
  return hex.encodehexstring (resultbytes);
 }
 catch (exception e)
 {
  e.printstacktrace ();
 }
 return null;
 }
 public string decode (string src)
 {
 try
 {
  cipher.init (cipher.decrypt_mode, generatekey);
  byte [] result=hex.decodehex (src.tochararray ());
  return new string (cipher.dofinal (result));
 }
 catch (exception e)
 {
  e.printstacktrace ();
 }
 return null;
 }
}

2, 3des3des, also known as "triple des", Chinese name "triple data encryption algorithm", it is equivalent to apply three times to each data block des encryption algorithm.Due to the increased computing power of computers,The key length of the original des password becomes vulnerable to brute force cracking;3des is designed to provide a relatively simple method,That is to avoid similar attacks by increasing the key length of des,Instead of designing a new block cipher algorithm.

package com.amuro.strategy.des;
import javax.crypto.cipher;
import javax.crypto.keygenerator;
import javax.crypto.secretkey;
import javax.crypto.secretkeyfactory;
import javax.crypto.spec.desedekeyspec;
import org.apache.commons.codec.binary.hex;
import com.amuro.strategy.istrategy;
public class _3desstrategy implements istrategy
{
 private cipher cipher;
 private secretkey generatekey;
 public string encode (string src)
 {
 try
 {
  keygenerator keygenerator=keygenerator.getinstance ("desede");
  keygenerator.init (168);//size
  secretkey secretkey=keygenerator.generatekey ();
  byte [] keybytes=secretkey.getencoded ();
  desedekeyspec deskeyspec=new desedekeyspec (keybytes);
  secretkeyfactory secretkeyfactory=secretkeyfactory.getinstance ("desede");
  generatekey=secretkeyfactory.generatesecret (deskeyspec);
  cipher=cipher.getinstance ("desede/ecb/pkcs5padding");
  cipher.init (cipher.encrypt_mode, generatekey);
  byte [] resultbytes=cipher.dofinal (src.getbytes ());
  return hex.encodehexstring (resultbytes);
 }
 catch (exception e)
 {
  e.printstacktrace ();
 }
 return null;
 }
 public string decode (string src)
 {
 try
 {
  cipher.init (cipher.decrypt_mode, generatekey);
  byte [] result=hex.decodehex (src.tochararray ());
  return new string (cipher.dofinal (result));
 }
 catch (exception e)
 {
  e.printstacktrace ();
 }
 return null;
 }
}

3, aesaes, full name is "advanced encryption standard", Chinese name "advanced encryption standard", also known as rijndael encryption method in cryptography, is a block encryption standard adopted by the US federal government.The aes encryption algorithm, as a new generation of data encryption standard, combines the advantages of strong security, high performance, high efficiency, ease of use and flexibility.aes is designed with three key lengths:128, 192, 256 bits. Relatively speaking,aes '128 key is 1021 times stronger than des' 56 key.

package com.amuro.strategy.des;
import javax.crypto.cipher;
import javax.crypto.keygenerator;
import javax.crypto.secretkey;
import javax.crypto.spec.secretkeyspec;
import org.apache.commons.codec.binary.hex;
import com.amuro.strategy.istrategy;
public class aesstrategy implements istrategy
{
 private cipher cipher;
 private secretkey generatekey;
 public string encode (string src)
 {
 try
 {
  keygenerator keygenerator=keygenerator.getinstance ("aes");
  keygenerator.init (128);//size
  secretkey secretkey=keygenerator.generatekey ();
  byte [] keybytes=secretkey.getencoded ();
  generatekey=new secretkeyspec (keybytes, "aes");
  cipher=cipher.getinstance ("aes/ecb/pkcs5padding");
  cipher.init (cipher.encrypt_mode, generatekey);
  byte [] resultbytes=cipher.dofinal (src.getbytes ());
  return hex.encodehexstring (resultbytes);
 }
 catch (exception e)
 {
  e.printstacktrace ();
 }
 return null;
 }
 public string decode (string src)
 {
 try
 {
  cipher.init (cipher.decrypt_mode, generatekey);
  byte [] result=hex.decodehex (src.tochararray ());
  return new string (cipher.dofinal (result));
 }
 catch (exception e)
 {
  e.printstacktrace ();
 }
 return null;
 }
}

4, pbe

pbe, full name "password base encryption", Chinese name "password-based encryption", is a password-based encryption algorithm,Its feature is the use of passwords instead of keys,The password is in the hands of the user,Use random number hash multiple encryption and other methods to ensure data security.

The pbe algorithm has no concept of a key.Think of the password as a key.Because the length of the key affects the security of the algorithm,Not easy to remember,Here we directly change to our own commonly used passwords, which is greatly different.Facilitate our memory.But simple passwords are easily listed by the dictionary.So here we add a bit of "salt" to the password, this salt and password combination,It is difficult to crack.At the same time, we combined the salt and password and used the message digest algorithm to iterate many times to build the basic materials of the key initialization vector.Makes deciphering more difficult.

package com.amuro.strategy.pbe;
import java.security.securerandom;
import javax.crypto.cipher;
import javax.crypto.secretkey;
import javax.crypto.secretkeyfactory;
import javax.crypto.spec.pbekeyspec;
import javax.crypto.spec.pbeparameterspec;
import org.apache.commons.codec.binary.hex;
import com.amuro.strategy.istrategy;
/**
 * Password-based encryption (password), symmetric+ message digest
 * @author amuro
 *
 * /
public class pbestrategy implements istrategy
{
 private cipher cipher;
 private secretkey generatekey;
 private pbeparameterspec pbeparameterspec;
 public string encode (string src)
 {
 try
 {
  securerandom securerandom=new securerandom ();
  byte [] salt=securerandom.generateseed (8);
  string password="amuro";
  pbekeyspec pbekeyspec=new pbekeyspec (password.tochararray ());
  secretkeyfactory secretkeyfactory=secretkeyfactory.getinstance ("pbewithmd5anddes");
  generatekey=secretkeyfactory.generatesecret (pbekeyspec);
  pbeparameterspec=new pbeparameterspec (salt, 100);
  cipher=cipher.getinstance ("pbewithmd5anddes");
  cipher.init (cipher.encrypt_mode, generatekey, pbeparameterspec);
  byte [] resultbytes=cipher.dofinal (src.getbytes ());
  return hex.encodehexstring (resultbytes);
 }
 catch (exception e)
 {
  e.printstacktrace ();
 }
 return null;
 }
 public string decode (string src)
 {
 try
 {
  cipher.init (cipher.decrypt_mode, generatekey, pbeparameterspec);
  byte [] result=hex.decodehex (src.tochararray ());
  return new string (cipher.dofinal (result));
 }
 catch (exception e)
 {
  e.printstacktrace ();
 }
 return null;
 }
}

Five, asymmetric encryption

Asymmetric encryption algorithms require two keys for encryption and decryption.Public and private keys, respectively.One thing to note,This public and private key must be a pair,If the data is encrypted with a public key,Then only using the corresponding private key can be decrypted,vice versa.Since encryption and decryption use two different keys,Therefore, this algorithm is called asymmetric encryption algorithm.

1.rsa

Actually, back in 1978,rsa has already appeared,It is the first algorithm that can be used for both data encryption and digital signatures.It is easy to understand and operate,Also very popular.The principle is as described in the working process above.The rsa algorithm is based on a very simple number theory fact:it is easy to multiply two large prime numbers,But it is extremely difficult to factorize their product,Therefore, the product can be made public as an encryption key.

package com.amuro.strategy.asymmetric;
import java.security.keyfactory;
import java.security.keypair;
import java.security.keypairgenerator;
import java.security.privatekey;
import java.security.publickey;
import java.security.interfaces.rsaprivatekey;
import java.security.interfaces.rsapublickey;
import java.security.spec.pkcs8encodedkeyspec;
import java.security.spec.x509encodedkeyspec;
import javax.crypto.cipher;
import org.apache.commons.codec.binary.hex;
import com.amuro.strategy.istrategy;
public class rsastrategy implements istrategy
{
 private rsapublickey rsapublickey;
 private rsaprivatekey rsaprivatekey;
 public string encode (string src)
 {
 try
 {
  //Initialize the key
  keypairgenerator keypairgenerator=keypairgenerator.getinstance ("rsa");
  keypairgenerator.initialize (512);
  keypair keypair=keypairgenerator.generatekeypair ();
  rsapublickey=(rsapublickey) keypair.getpublic ();
  rsaprivatekey=(rsaprivatekey) keypair.getprivate ();
  //Private key encryption Public key decryption
  pkcs8encodedkeyspec pkcs8encodedkeyspec
  = new pkcs8encodedkeyspec (rsaprivatekey.getencoded ());
  keyfactory keyfactory=keyfactory.getinstance ("rsa");
  privatekey privatekey=keyfactory.generateprivate (pkcs8encodedkeyspec);
  cipher cipher=cipher.getinstance ("rsa");
  cipher.init (cipher.encrypt_mode, privatekey);
  byte [] resultbytes=cipher.dofinal (src.getbytes ());
  //Private key decryption Public key encryption
//x509encodedkeyspec x509encodedkeyspec =
//new x509encodedkeyspec (rsapublickey.getencoded ());
//keyfactory keyfactory=keyfactory.getinstance ("rsa");
//publickey publickey=keyfactory.generatepublic (x509encodedkeyspec);
//cipher cipher=cipher.getinstance ("rsa");
//cipher.init (cipher.encrypt_mode, publickey);
//byte [] resultbytes=cipher.dofinal (src.getbytes ());
  return hex.encodehexstring (resultbytes);
 }
 catch (exception e)
 {
  e.printstacktrace ();
 }
 return null;
 }
 public string decode (string src)
 {
 try
 {
  //Private key encryption Public key decryption
  x509encodedkeyspec x509encodedkeyspec =
   new x509encodedkeyspec (rsapublickey.getencoded ());
  keyfactory keyfactory=keyfactory.getinstance ("rsa");
  publickey publickey=keyfactory.generatepublic (x509encodedkeyspec);
  cipher cipher=cipher.getinstance ("rsa");
  cipher.init (cipher.decrypt_mode, publickey);
  byte [] resultbytes=cipher.dofinal (hex.decodehex (src.tochararray ()));
  //Private key decryption Public key encryption
//pkcs8encodedkeyspec pkcs8encodedkeyspec
//=new pkcs8encodedkeyspec (rsaprivatekey.getencoded ());
//keyfactory keyfactory=keyfactory.getinstance ("rsa");
//privatekey privatekey=keyfactory.generateprivate (pkcs8encodedkeyspec);
//cipher cipher=cipher.getinstance ("rsa");
//cipher.init (cipher.decrypt_mode, privatekey);
//byte [] resultbytes=cipher.dofinal (hex.decodehex (src.tochararray ()));
  return new string (resultbytes);
 }
 catch (exception e)
 {
  e.printstacktrace ();
 }
 return null;
 }
}

2.dh algorithm

dh, the full name is "diffie-hellman", he is a method to ensure that the shared key safely traverses an insecure network,This is often referred to as a key agreement protocol.An idea proposed by diffie and hellman, the founders of the public key cryptosystem.Simply put, it allows two users to exchange information on public media to generate a "consistent", shared key.That is, Party A generates a pair of keys (public key and private key), and Party B generates party B key pair (public and private key) according to Party A's public key.

Using this as a baseline,As the basis for confidentiality of data transmission,At the same time, both parties use the same symmetric encryption algorithm to construct a local key (secretkey) to encrypt the data.In this way, after exchanging the local secret (secretkey) algorithm, both parties A and B disclose their public keys.Use the public key of the other party and the private key just generated to encrypt the data.At the same time, you can use the counterpart's public key and your own private key to decrypt the data.Not only the two parties,Can be extended to share data communication with multiple parties,This completes the secure communication of network interaction data!

package com.amuro.strategy.asymmetric;
import java.security.keyfactory;
import java.security.keypair;
import java.security.keypairgenerator;
import java.security.privatekey;
import java.security.publickey;
import java.security.spec.x509encodedkeyspec;
import java.util.objects;
import javax.crypto.cipher;
import javax.crypto.keyagreement;
import javax.crypto.secretkey;
import javax.crypto.interfaces.dhpublickey;
import javax.crypto.spec.dhparameterspec;
import org.apache.commons.codec.binary.hex;
import com.amuro.strategy.istrategy;
public class dhstrategy implements istrategy
{
 private cipher cipher;
 private secretkey receiversecretkey;
 public string encode (string src)
 {
 try
 {
  //Initialize the sender key
  keypairgenerator senderkeypairgenerator=keypairgenerator.getinstance ("dh");
  senderkeypairgenerator.initialize (512);
  keypair senderkeypair=senderkeypairgenerator.generatekeypair ();
  privatekey senderprivatekey=senderkeypair.getprivate ();
  byte [] senderpublickeybytes=senderkeypair.getpublic (). getencoded ();//Sender's public key
  //Initialize the receiver key,Use the sender's public key
  keyfactory receiverkeyfactory=keyfactory.getinstance ("dh");
  x509encodedkeyspec x509encodedkeyspec=new x509encodedkeyspec (senderpublickeybytes);
  publickey receiverpublickey=receiverkeyfactory.generatepublic (x509encodedkeyspec);
  dhparameterspec dhparameterspec =
   ((dhpublickey) receiverpublickey) .getparams ();
  keypairgenerator receiverkeypairgenerator=keypairgenerator.getinstance ("dh");
  receiverkeypairgenerator.initialize (dhparameterspec);
  keypair receiverkeypair=receiverkeypairgenerator.generatekeypair ();
  privatekey receiverprivatekey=receiverkeypair.getprivate ();
  byte [] receiverpublickeybytes=receiverkeypair.getpublic (). getencoded ();
  keyagreement receiverkeyagreement=keyagreement.getinstance ("dh");
  receiverkeyagreement.init (receiverprivatekey);
  receiverkeyagreement.dophase (receiverpublickey, true);
  receiversecretkey=receiverkeyagreement.generatesecret ("des");
  //The sender can get encryption after receiving the public key of the receiver
  keyfactory senderkeyfactory=keyfactory.getinstance ("dh");
  x509encodedkeyspec=new x509encodedkeyspec (receiverpublickeybytes);
  publickey senderpublickey=senderkeyfactory.generatepublic (x509encodedkeyspec);
  keyagreement senderkeyagreement=keyagreement.getinstance ("dh");
  senderkeyagreement.init (senderprivatekey);
  senderkeyagreement.dophase (senderpublickey, true);
  secretkey sendersecretkey=senderkeyagreement.generatesecret ("des");
  if (objects.equals (receiversecretkey, sendersecretkey))
  {
  cipher=cipher.getinstance ("des");
  cipher.init (cipher.encrypt_mode, sendersecretkey);
  byte [] result=cipher.dofinal (src.getbytes ());
  return hex.encodehexstring (result);
  }
 }
 catch (exception e)
 {
  e.printstacktrace ();
 }
 return null;
 }
 public string decode (string src)
 {
 try
 {
  cipher.init (cipher.decrypt_mode, receiversecretkey);
  byte [] result=hex.decodehex (src.tochararray ());
  return new string (cipher.dofinal (result));
 }
 catch (exception e)
 {
  e.printstacktrace ();
 }
 return null;
 }
}

Six, digital signature certificate

Asymmetric encryption has become trivial.But there is another flaw:

Server a published its public key,My computer uses the public key of server a to encrypt the data and then sends it to server a. At this time, server b invades my computerReplaced the public key I used for encryption with its public key,So the data I sent will be cracked by the private key of server b.Is it swollen to prevent tampering with the public key?

Yes, we thought of the previous message summary,When server a threw the public key to me,At the same time go to CA to apply for a digital certificate,In fact, it is mainly the message digest of the public key.With this certificate,When I use public key encryption again,I can first verify that the current public key is determined to be sent to me by server a.

Here is a kind of rsa:

package com.amuro.strategy.signature;
import java.security.keyfactory;
import java.security.keypair;
import java.security.keypairgenerator;
import java.security.privatekey;
import java.security.publickey;
import java.security.signature;
import java.security.interfaces.rsaprivatekey;
import java.security.interfaces.rsapublickey;
import java.security.spec.pkcs8encodedkeyspec;
import java.security.spec.x509encodedkeyspec;
public class rsasign
{
 public static boolean verifysign (string src)
 {
 try
 {
  keypairgenerator keypairgenerator=keypairgenerator.getinstance ("rsa");
  keypairgenerator.initialize (512);
  keypair keypair=keypairgenerator.generatekeypair ();
  publickey rsapublickey=(rsapublickey) keypair.getpublic ();
  privatekey rsaprivatekey=(rsaprivatekey) keypair.getprivate ();
  pkcs8encodedkeyspec pkcs8encodedkeyspec
  = new pkcs8encodedkeyspec (rsaprivatekey.getencoded ());
  keyfactory keyfactory=keyfactory.getinstance ("rsa");
  privatekey privatekey=keyfactory.generateprivate (pkcs8encodedkeyspec);
  signature signature=signature.getinstance ("md5withrsa");
  signature.initsign (privatekey);
  signature.update (src.getbytes ());
  //Generate signature bytes
  byte [] signbytes=signature.sign ();
  x509encodedkeyspec x509encodedkeyspec =
   new x509encodedkeyspec (rsapublickey.getencoded ());
  keyfactory=keyfactory.getinstance ("rsa");
  publickey publickey=keyfactory.generatepublic (x509encodedkeyspec);
  signature=signature.getinstance ("md5withrsa");
  signature.initverify (publickey);
  signature.update (src.getbytes ());
  boolean isverified=signature.verify (signbytes);
  return isverified;
 }
 catch (exception e)
 {
  e.printstacktrace ();
 }
 return false;
 }
}

Regarding the use of digital signatures and asymmetric encryption algorithms,See also a great example,Share to everyone:

Alas, I bought too many books this month,By the end of the month I ca n’t open the pot.Coincidentally encountered clark on qq:

1-2-3:"clark, I need 200 two grains of silver, can you lend me?"

clark:"No problem. I'll transfer it to you.Please give me an IOU."

Then, I created a new word document and wrote an IOU.Save. Then, what then?I can't send the debit slip directly to clark for the following reasons:

1. I can't guarantee that Clark will not change "Silver 200 200" to "Silver 2000 2000" after receiving the IOU.

2. If I owe my bill,Clark couldn't prove that I wrote it.

3. Ordinary word documents cannot be used as evidence in a lawsuit.

Fortunately, I applied for a digital certificate long ago.I first encrypt the debit with my private key,Then send the encrypted ciphertext to clark using qq. After Clark received the ciphertext of the IOU,Download my public key on the website of the Digital Certificate Authority,Then use my public key to decrypt the ciphertext,I found that it was actually written "Lend the silver 200 two", Clark could lend me the silver safely,I do n’t worry that clark will tamper with my IOU.Because:

1. Since I sent clark in ciphertext,clark cannot be modified.Clark can modify the decrypted IOU,But clark doesn't have my private key,I can't imitate I encrypt the IOU.This is called tamper resistance.

2. As a result of the encrypted encryption with my private key,Yes and only my public key can be decrypted.In turn,I can decrypt it with my public key,It must be encrypted with my private key,And only I have my private key,In this way clark can prove that I wrote this IOU.This is called non-repudiation.

3. If I keep relying on not paying back my money,clark took me to courtThis word document encrypted with my private key can be used as Cheng Tang's testimony.Because China has promulgated the "Electronic Signature Law of the People's Republic of China", making digital signatures have legal effect.

You must have noticed,This IOU encrypted using my private key,Has the characteristics of anti-tampering and non-repudiation,And can serve as Cheng Tang's testimony,The effect is the same as if I "signed" this IOU.By the way, the process of "using my private key to encrypt the debit" is called digital signature.

  • Previous Yii debugging view the method of executing SQL
  • Next Yii programming development common call skills collection