Because of the efficiency problem, asymmetric encryption algorithm is only used to encrypt symmetric encryption algorithm and digital signature key.
Before the operation, both the server and the client have their own public keys.
RSA public key of Android->; Send to server
RSA public key of the server->; Send to client
For example, the client verifies the authenticity of the server.
Android client (with AES key)
Asymmetric encryption algorithm, namely RSA public key of server, is used to encrypt AES key of Android client.
Then Http Get requests and sends the AES key of the Android client to the server.
After receiving the request, the server decrypts the request with its own RSA private key to obtain the AES key of Android, and then signs the data sent to the Android client, such as byte [] datas.
Encrypt the signature and data with AES key of Android client, and then send it to Android client.
After receiving it, the Android client decrypts the whole packet with its own AES key. At this time, the data is separated to get the signature and data, and then the signature is verified. The verification method is to verify the signature with the server's public key and parameter sign.
The RSA private key of the server is used to sign, because the length of the signature is fixed (equal to the length of the initialization key), so it is easy to separate the data.
If str.substring () is executed after decryption, data and symbols can be separated.