1、对称加密介绍
对称加密算法用来对敏感数据等信息进行加密,常用的算法包括:
DESECBCBCCFBOFB对称加密又分为分组加密和序列密码
block cyphersstream cyphers对称加密的特点
-
加密过程每一步都是可逆的
-
加密和解密用的是同一组密钥
2、DES
2.1 概述
Data Encryption Standard1977FIPSAES与3DES的比较
| 算法名称 | 算法类型 | 密钥长度 | 速度 | 解密时间(建设机器每秒尝试255个密钥) | 资源消耗 |
|---|---|---|---|---|---|
| AES | 对称block密码 | 128、192、256位 | 高 | 1490000亿年 | 低 |
| 3DES | 对称feistel密码 | 112位或168位 | 低 | 46亿年 | 中 |
破解历史
DES1997796DES19982556DESEFF22152.2 主要思路
64bit64DES2.3 DES子密钥生成
- 第一步
645671648571492- 第二步
左旋右旋,再次置换56——>48
2.4 DES加密过程
3232S4832864S8S
3232642.5 使用示例
/DesEncrypt DES加密
//密钥必须是64位,所以key必须是长度为8的byte数组
func DesEncrypt(text string, key []byte) (string, error) {
if len(key) != 8 {
return "", fmt.Errorf("DES加密算法要求key必须是64位bit")
}
block, err := des.NewCipher(key) //用des创建一个加密器cipher
if err != nil {
return "", err
}
src := []byte(text)
blockSize := block.BlockSize() //分组的大小,blockSize=8
src = common.ZeroPadding(src, blockSize) //填充成64位整倍数
out := make([]byte, len(src)) //密文和明文的长度一致
dst := out
for len(src) > 0 {
//分组加密
block.Encrypt(dst, src[:blockSize]) //对src进行加密,加密结果放到dst里
//移到下一组
src = src[blockSize:]
dst = dst[blockSize:]
}
return hex.EncodeToString(out), nil
}
//DesDecrypt DES解密
//密钥必须是64位,所以key必须是长度为8的byte数组
func DesDecrypt(text string, key []byte) (string, error) {
src, err := hex.DecodeString(text) //转成[]byte
if err != nil {
return "", err
}
block, err := des.NewCipher(key)
if err != nil {
return "", err
}
blockSize := block.BlockSize()
out := make([]byte, len(src))
dst := out
for len(src) > 0 {
//分组解密
block.Decrypt(dst, src[:blockSize])
src = src[blockSize:]
dst = dst[blockSize:]
}
out = common.ZeroUnPadding(out) //反填充
return string(out), nil
}
2.6 分组模式
- CBC(Cipher Block Chaining)密文分组链接模式,将当前明文分组与前一个密文分组进行异或运算,然后再进行加密
- 其他分组模式还有ECB、CTR、CFR、OFB
分组模式使用示例
func DesEncryptCBC(text string, key []byte) (string, error) {
src := []byte(text)
block, err := des.NewCipher(key) //用des创建一个加密器cipher
if err != nil {
return "", err
}
blockSize := block.BlockSize() //分组的大小,blockSize=8
src = common.ZeroPadding(src, blockSize) //填充
out := make([]byte, len(src)) //密文和明文的长度一致
encrypter := cipher.NewCBCEncrypter(block, key) //CBC分组模式加密
encrypter.CryptBlocks(out, src)
return hex.EncodeToString(out), nil
}
func DesDecryptCBC(text string, key []byte) (string, error) {
src, err := hex.DecodeString(text) //转成[]byte
if err != nil {
return "", err
}
block, err := des.NewCipher(key)
if err != nil {
return "", err
}
out := make([]byte, len(src)) //密文和明文的长度一致
encrypter := cipher.NewCBCDecrypter(block, key) //CBC分组模式解密
encrypter.CryptBlocks(out, src)
out = common.ZeroUnPadding(out) //反填充
return string(out), nil
}
3、AES
Advanced Encryption StandardDES200010NIST15RijndaelAESRijndael1999Joan DaemenVincent RijmenAES2002526AES算法原理
AESAESAES12819225612816AESAESDESAESpackage main
import (
"crypto/aes"
"crypto/cipher"
"fmt"
)
var commonIV = []byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}
func encrypt(plainText string, keyText string) (cipherByte []byte, err error) {
// 转换成字节数据, 方便加密
plainByte := []byte(plainText)
keyByte := []byte(keyText)
// 创建加密算法aes
c, err := aes.NewCipher(keyByte)
if err != nil {
return nil, err
}
//加密字符串
cfb := cipher.NewCFBEncrypter(c, commonIV)
cipherByte = make([]byte, len(plainByte))
cfb.XORKeyStream(cipherByte, plainByte)
return
}
func decrypt(cipherByte []byte, keyText string) (plainText string, err error) {
// 转换成字节数据, 方便加密
keyByte := []byte(keyText)
// 创建加密算法aes
c, err := aes.NewCipher(keyByte)
if err != nil {
return "", err
}
// 解密字符串
cfbdec := cipher.NewCFBDecrypter(c, commonIV)
plainByte := make([]byte, len(cipherByte))
cfbdec.XORKeyStream(plainByte, cipherByte)
plainText = string(plainByte)
return
}
func main() {
plain := "The text need to be encrypt."
// AES 规定有3种长度的key: 16, 24, 32分别对应AES-128, AES-192, or AES-256
key := "abcdefgehjhijkmlkjjwwoew"
// 加密
cipherByte, err := encrypt(plain, key)
if err != nil {
fmt.Println(err)
}
fmt.Printf("%s ==> %x\n", plain, cipherByte)
// 解密
plainText, err := decrypt(cipherByte, key)
if err != nil {
fmt.Println(err)
}
fmt.Printf("%x ==> %s\n", cipherByte, plainText)
}
4、CBC
block cyphersstream cyphersECBCBCCFBOFBCBCCBCCipher Block Chaining加密步骤如下:
D1D2......DnPADDINGD1DESC1D2C1DESC2CnC1C2C3......Cn// aesCBCEncrypt aes加密,填充秘钥key的16位,24,32分别对应AES-128, AES-192, or AES-256.
func aesCBCEncrypt(rawData, key []byte) ([]byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
//填充原文
blockSize := block.BlockSize()
rawData = pkcs7Padding(rawData, blockSize)
//初始向量IV必须是唯一,但不需要保密
cipherText := make([]byte, blockSize+len(rawData))
//block大小 16
iv := cipherText[:blockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
return nil, err
}
//block大小和初始向量大小一定要一致
mode := cipher.NewCBCEncrypter(block, iv)
mode.CryptBlocks(cipherText[blockSize:], rawData)
return cipherText, nil
}
解密是加密的逆过程,步骤如下:
8C1C2C3......CnID1C2D2DnD1D2D3......Dnfunc aesCBCDecrypt(encryptData, key []byte) ([]byte, error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
blockSize := block.BlockSize()
if len(encryptData) < blockSize {
return nil, errors.New("ciphertext too short")
}
iv := encryptData[:blockSize]
encryptData = encryptData[blockSize:]
// CBC mode always works in whole blocks.
if len(encryptData)%blockSize != 0 {
return nil, errors.New("ciphertext is not a multiple of the block size")
}
mode := cipher.NewCBCDecrypter(block, iv)
// CryptBlocks can work in-place if the two arguments are the same.
mode.CryptBlocks(encryptData, encryptData)
//解填充
encryptData = pkcs7UnPadding(encryptData)
return encryptData, nil
}
这里要注意的是,解密的结果并不一定是我们原来的加密数据,可能还含有补位,一定要把补位去掉才是原来的数据
特点:
ECBSSLIPSecSee you ~
关注公众号加群,更多原创干货与你分享 ~