Java data security

It Maple fighter 2022-01-15 03:46:42 阅读数:918

java data security

Data security

Ensure data security

Three problems need to be solved :

Confidentiality 、 integrity 、 Authentication ( Non repudiation )

  • Confidentiality : The transmission content is not clear text , Even if the data is intercepted by the outside world , Nor can it be explained or cracked by others
  • integrity : The content cannot be tampered with during transmission , If the information is tampered with or incomplete , The receiving party can know
  • Authentication ( Non repudiation ): The receiver can verify the actual sender of the data , Make sure that the data is not being “ take another's place by counterfeiting ” And fake

give an example

  • nail 、 The armies of Party B attacked Party C , Party C is relatively strong , Therefore, Party A and Party B must use reasonable cooperation tactics , And attack together , To win , And Party A and Party B are no longer in the same place , They must communicate secretly

  • When Party A's military division studies the cooperation tactics and determines the attack time , So he wrote a letter to Party B's military division . Now comes the question , How can this letter be safe

  • The contents of the letter must be transmitted in encrypted form , Only the military division of Party B can understand . Otherwise, in case this letter is intercepted by Party C , Then Party C will know the tactical arrangements of Party A and Party B , This is confidentiality

  • [ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-oi5g0ehN-1635041318138)(C:\Users\admin\AppData\Roaming\Typora\typora-user-images\1635040735735.png)]

  • If this letter is intercepted by Party C , If Party C wants to make every effort to secretly modify the contents of the letter , Then send it to Party B , Then Party B must know that the letter has been tampered with halfway , This is integrity

    • [ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-ODdg3c7m-1635041318143)(C:\Users\admin\AppData\Roaming\Typora\typora-user-images\1635040770116.png)]
  • When Party B's military division receives this letter , It must be confirmed that it was written by Party A's military division , Instead of Party C's forged letter , This is authentication

    • [ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-zyHdWUnY-1635041318145)(C:\Users\admin\AppData\Roaming\Typora\typora-user-images\1635040816589.png)]

Confidentiality

  • Confidentiality It can be done by encryption algorithm Guarantee , The encryption algorithm defines the plaintext 、 How to convert between ciphertext , That is, the process of encryption and decryption . Encryption algorithms are divided into : Symmetric encryption and Asymmetric encryption

Symmetric encryption algorithm

  • Symmetric encryption refers to the use of encryption and decryption Same key Encryption algorithm . Sometimes it's called the traditional cryptographic algorithm , That is, the encryption key can be calculated from the decryption key , At the same time, the decryption key can also be calculated from the encryption key . And in most symmetry algorithms , The encryption key and decryption key are same , So it is also called secret key algorithm or single key algorithm . It requires the sender and the receiver to communicate securely before , Agree on a key . The security of symmetric algorithm depends on the key , Leaking the key means that anyone can send them Or decrypt the received message , So the confidentiality of the key is very important to the communication . Common symmetric encryption algorithms mainly include DES,AES,3DES、RC2、RC4 and RC5 etc.

Asymmetric encryption algorithm

  • Asymmetric encryption algorithms require Two keys : public key (public key) And private key (private key). Public key and private key are a pair , If public key is used to encrypt data , Can only be decrypted with the corresponding private key ; If you add a private key to the data The secret , Then only the corresponding public key can be used to decrypt . Because encryption and decryption use two different keys , So this algorithm is called asymmetric encryption algorithm
  • The basic process of secret information exchange by asymmetric encryption algorithm is : Party A generates a pair of keys and publishes one of them as a public key to other parties ; Party B who obtains the public key uses the key to encrypt the confidential information and then sends it to Party A ; Party A uses another private key saved by itself to decrypt the encrypted information . Common asymmetric encryption algorithms :RSA、DSA、ECC etc.

integrity

  • Information integrity By extracting and comparing A summary of the news The way to achieve . A summary of the news It is to extract some form of information from the original data according to certain operation rules , The length of the message digest after passing the message digest is always fixed , It's also called data fingerprinting , Because it can uniquely identify a piece of data . Common summary algorithms are :sha1、sha256、md5、crc32 etc.

  • [ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-3G228EdX-1635041318148)(C:\Users\admin\AppData\Roaming\Typora\typora-user-images\1635040980214.png)]

Authentication

  • Even if we guarantee the confidentiality and integrity of the data , There are still some problems :

    • The receiving party To verify message integrity , Must get The sender Summary of the message , If a third party knows Abstract algorithm , That abstract can also be forged , Therefore, the digest itself needs to be encrypted
    • How to determine the source of the message , How to make sure it's not forged by a third party ?
  • The sender uses the digest algorithm to generate the digest of the original message , Then encrypt the digest with the private key , Generate digital signature , The content is then transmitted with a digital signature

    • [ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-k8uaB8su-1635041318149)(C:\Users\admin\AppData\Roaming\Typora\typora-user-images\1635041072162.png)]
  • When the receiver receives the message , Decrypt the digital signature with the sender's public key ( If it can be decrypted successfully, the authentication of the sender is completed ), Get a summary A, Then use the summary algorithm to generate the summary of the original text B, Comparison summary A and B Are they the same? , The same indicates that the content has not been tampered with

    • [ Failed to transfer the external chain picture , The origin station may have anti-theft chain mechanism , It is suggested to save the pictures and upload them directly (img-2uPWrBeP-1635041318150)(C:\Users\admin\AppData\Roaming\Typora\typora-user-images\1635041143117.png)]

summary

  • adopt encryption algorithm Encryption of the original data 、 Decrypt , We can ensure that... In the process of data transmission Confidentiality

  • adopt digital signature Mechanism , We can guarantee that the data integrity , Data sources can also be Authentication

  • For non Symmetric encryption technology Application , We usually use two ways :

    • Data encryption during transmission , We use the receiver's public key encryption , Receiver private key decryption , Ensure that the data is ciphertext during transmission
    • The recipient's confirmation of the source of the information , The sender will use the private key to sign the data , The receiver uses the sender's public key for signature verification
版权声明:本文为[It Maple fighter]所创,转载请带上原文链接,感谢。 https://javamana.com/2021/12/202112122326534702.html