When developing applications, the security of the data is critical, and only by submitting the user’s private data with POST requests, the security problem can not be completely solved.
Classification of encryption algorithms
1. symmetric encryption algorithm
Symmetric encryption algorithm, both sides of the information receiving need to know in advance the encryption and decryption algorithm, and its key is the same, then the data encryption and decryption.
2. asymmetric encryption algorithm
Unlike asymmetric algorithms, both A and B generate a bunch of keys in advance, and then A sends its own public key to B, and B sends its own public key to A,
If the A to send messages to B, then you need to use the B public key encrypt messages, and then send to the B terminal, the B terminal with their own private key to decrypt the message, send messages to A B for the same reason. To sum up: the function of public key and private key is that the content encrypted with public key can be decrypted only by private key, and the content encrypted with private key can be decrypted only by public key.
Analysis of common encryption schemes
Base64 encoding can be used to deliver longer identification information in a HTTP environment.
Security principle: any message that involves private information can not send plaintext, which needs to be encrypted before it is sent
Base64: handles the original 8 bit bytes of data and 6 bit as one unit. This results in an increase in the amount of data that will increase (8-6) /6 = 1/3., and the insufficient part is filled with 0. Each two is represented by one = 0
Using Base64 encoding is not only brief, but also unreadable, that is, the encoded data will not be seen directly by the naked eye.
Base64 can encrypt any file
The base64 process is reversible. It can be decrypted back
MD5 (information digest algorithm) hash operation. ——>. Generates a fixed string
General use – file check!
The algorithm is open and the process is irreversible
The result of any two different files is different, and the length of the string is the same
MD5 declassified web site: http://www.cmd5.com
Using salt (after MD5 decryption, it’s easy to spot the rules)
Many times MD5 encryption (after using MD5 decryption, found or ciphertext, then MD5 decryption)
First encrypt, then disorderly (crack difficult to increase)
Fundamentals of RSA
RSA uses “secret key pairs” to encrypt and decrypt data. Before encrypting and decrypting data, public and key keys (private, key) are required
Public key (public key): used to encrypt data. Used for public, generally stored in the data provider, such as the iOS client. Private key (private key): used to decrypt data. Must be kept secret, private key disclosure will cause security problems
Dynamic password: the same password plaintext, each sent to the server, passwords are different. Can be understood as the first ordinary password encryption, plus a period of change of data (such as time), and then encrypted.
Token identity token
Concepts: digital signatures and digital certificates
A message with a fixed number of bits is computed according to the HASH algorithm agreed upon by both parties. Mathematically, the message digest value will be inconsistent with the original value as long as any bit of the message is modified. This ensures that the message cannot be changed. The message digest value is encrypted with the sender’s private key, and then sent to the receiver along with the original message, and the resulting message is called a digital signature.
A series of data communication parties sign digital certificate is the identity information in Internet communication, provides a validation of your identity on Internet, its function is similar to the driver’s license or ID card in daily life. It is issued by an authority, the —–CA agency, also known as Certificate Authority, where people can identify each other on the internet. A digital certificate is a document that contains a public key, owner information, and public key, digitally signed by a certificate authority. The simplest certificate contains a public key, name, and digital signature of the certificate authority.