With the rapid development of the Internet, the wave of e-commerce is unstoppable. Daily work and data transmission are placed on the Internet for transmission, which greatly improves efficiency, reduces costs, and creates good benefits. However, because the Internet network protocol itself has important security issues (the IP packet itself does not inherit any security features, it is easy to forge the address of the IP packet, modify its content, replay previous packets, and intercept and view the packet during transmission). content), causing huge security risks in online information transmission. The security issues of e-commerce are also becoming more and more prominent. Encryption is the most important security technology in e-commerce. The choice of encryption method directly affects the security of information in e-commerce activities. In e-commerce systems, major security issues can be solved through encryption. Data confidentiality can be achieved by encrypting data using different encryption algorithms.
Although my country can import a lot of foreign equipment, encryption equipment cannot be imported because it involves network security and the security of national confidential information, so it must be developed by itself. There are currently many encryption algorithms in the world, among which DES (Data Encryption Standard) is the earliest invented and most widely used group symmetric encryption algorithm. DES uses a 56-bit honey key to encrypt 64-bit plaintext and output 64-bit ciphertext. The 56-bit DES There are 256 possible keys, but brute force attacks have been used to crack DES keys in history. In 1998, the Electronic Frontier Foundation (EFF) spent 250,000 US dollars on a special computer to crack the DES key in 56 hours. DES key, in 1999, EFF took 22 hours to complete the cracking work, which severely affected the DES algorithm and seriously threatened its security. Because the JAVA language has strong security and network processing capabilities, this article mainly introduces the use of IDEA (Internation Data Encryption Algorithm) data encryption algorithm to achieve secure data transmission in the Java environment.
1. IDEA data encryption algorithm
The IDEA data encryption algorithm was jointly proposed in 1990 by Chinese scholar Dr. Lai Xuejia and the famous cryptography expert James L. Massey. Its plaintext and ciphertext are both 64 bits, but the key length is 128 bits. IDEA is implemented as an iterative block cipher, using a 128-bit key and 8 cycles. This provides more security than DES, but when selecting keys for use with IDEA, those known as "weak keys" should be excluded. DES has only four weak keys and 12 sub-weak keys, while the number of weak keys in IDEA is considerable, 2 to the 51st power. However, if the total number of keys is very large, 2^128, then there are still 2^77 keys to choose from. IDEA is considered extremely safe. With a 128-bit key, the number of tests required in a brute force attack is significantly larger compared to DES, allowing even testing of weak keys. Moreover, it has shown itself to be particularly resistant to professional forms of analytical attacks.
2. Java cryptographic system and Java cryptographic extensions
Java is an object-oriented programming language developed by Sun Company, and is widely used on the Internet due to its platform independence. development. Java Cryptozoology (JCA) and Java Cryptozoology Extensions (JCE) are designed to provide implementation-independent cryptographic function APIs for Java. They all use the factory method to create class routines, and then delegate the actual encryption function to the underlying engine specified by the provider. The engine provides a service provider interface for the class to implement data encryption/decryption in Java, using its This is implemented using the built-in JCE (Java Encryption Extension).
Java Development Toolset 1.1 introduces a new, flexible, vendor-based application programming interface for cryptographic functions including digital signatures and message digests. The Java cryptographic architecture supports vendor interoperability, supporting both hardware and software implementations. Java cryptography structure design follows two principles: (1) Algorithm independence and reliability. (2) Independence and interaction of realization. Algorithm independence is achieved by defining cryptographic service classes. Users only need to understand the concepts of cryptographic algorithms and do not need to care about how to implement these concepts. Implementation independence and interoperability are achieved through cryptographic service providers. A cryptographic service provider is one or more packages that implement one or more cryptographic services. Software developers implement various algorithms according to certain interfaces and package them into a provider, and users can install different providers. To install and configure the provider, you can place the ZIP and JAR files containing the provider under CLASSPATH, and then edit the Java security properties file to set and define a provider. When the Java running environment is Sun version, a default provider Sun is provided.
3. Implementation in Java environment
1. Implementation of the encryption process
void idea_enc( int data11[], /*The first address of the 64-bit data to be encrypted*/ int key1[]){
int i;
int tmp, x;
int zz[]=new int[6];
for ( i = 0 ; i lt ; 48 ; i = 6) { /*Perform 8 rounds of loop*/
for(int j=0, box=i; jlt; 6; j, box){
zz[j]=key1[box ];
}
x = handle_data(data11,zz);
tmp = data11[1]; /*Exchange the middle two*/
data11[1] = data11[2];
data11[2] = tmp;
}
tmp = data11[1] ; /*No exchange in the last round*/
data11[1] = data11[2];
data11[2] = tmp;
data11[ 0] = MUL(data11[0], key1[48]);
data11[1] =(char)((data11[1] key1[49])0x10000);
data11[2] =(char)((data11[2] key1[50])0x10000);
data11[3] = MUL(data11[3], key1[51]);
}
2. Implementation of the decryption process
void key_decryExp(int outkey[])/*Inversion processing of the decryption key*/
{ int tmpkey[] = new int[52];
int i;
for ( i = 0; i lt; 52; i) {
tmpkey[i] = outkey[ wz_spkey[i] ]; /*Transposition*/
}
for ( i = 0 ; i lt ; 52 ; i ) {
outkey[i] = tmpkey[i ];
}
for ( i = 0 ; i lt; 18 ; i ) {
outkey[wz_spaddrever[i]] = (char)( 65536-outkey[wz_spaddrever[i]]);/*Replace with additive inverse*/
}
for (i = 0; i lt; 18; i){
outkey[wz_spmulrevr[i]] =(char)(mulInv(outkey[wz_spmulrevr[i]] ));/*Replace with multiplicative inverse*/
}
}
4. Summary
In practical applications, we can use the built-in support for Socket communication in the Java Development Kit (JDK) through the Java stream in JCE and linked list, encrypting Socket-based network communication. We know that encryption/decryption
It is a common method to ensure data integrity in data transmission. The Java language is widely used on the Internet because of its platform independence. Using Java to implement data encryption transmission based on IDEA can be implemented on different platforms and has the simplicity and simplicity of implementation. Strong security and other advantages.