When we do projects, we usually link the front and back ends through data transmission, so if we encounter sensitive data, encryption is very important. In order to protect the security and confidentiality of the data, we usually use encryption to encrypt the data. A common encryption algorithm is AES encryption. The following will introduce in detail how to use AES encryption at the front end and back end to protect data security.
Introduction to AES encryption
AES (Advanced Encryption Standard) is a symmetric encryption algorithm in which the same key is used to encrypt and decrypt data. In AES encryption, data is divided into blocks and encrypted one by one, each block is encrypted with the same key, and then transmitted to the recipient for decryption. That is to say, encryption and decryption use the same key. The AES encryption algorithm has the characteristics of high efficiency, security, and reliability, and is widely used in the field of data encryption. The AES algorithm has three key lengths: 128 bits, 192 bits, and 256 bits. Among them, 128-bit key length is widely used because it provides sufficient security and has high encryption efficiency.
An example of encrypting data on the Android frontend and encrypting data on the PHP backend:
In Android, you can use the AES encryption algorithm in the javax.crypto library. The following is a sample code snippet to encrypt and send string data to backend server:
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import android.util.Base64;
public class AES {
private static final String AES_ALGORITHM = "AES/CBC/PKCS5Padding";
private static final String CHARSET = "UTF-8";
public static String encrypt(String input, String key, String iv) throws Exception {
Cipher cipher = Cipher.getInstance(AES_ALGORITHM);
SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(CHARSET), "AES");
IvParameterSpec ivSpec = new IvParameterSpec(iv.getBytes(CHARSET));
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
byte[] encrypted = cipher.doFinal(input.getBytes(CHARSET));
return Base64.encodeToString(encrypted, Base64.DEFAULT);
}
}In the above code snippet, we first define the AES encryption algorithm and character set, and then define a static method "encrypt" for encrypting the input string. The method accepts three parameters: an input string, a secret key, and an initialization vector (IV). Then, we initialize the AES encryption algorithm using the Cipher class in the javax.crypto library, and specify the key and IV using the SecretKeySpec and IvParameterSpec classes. Finally, we encode the encrypted data into Base64 format and return the result.
In the backend PHP, the same AES encryption algorithm can also be used to decrypt the data sent by the frontend. Here is an example code snippet to receive encrypted data and decrypt it:
function decrypt($input, $key, $iv) {
$data = base64_decode($input);
$decrypted = openssl_decrypt($data, 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);
return $decrypted;
}In the above code snippet, we first decode the encrypted data sent by the front-end into binary format, and then use the openssl_decrypt function to decrypt the data. The function accepts five parameters: encrypted data, encryption algorithm, key, options, and IV. Finally, we return the decrypted data to the caller.
An example of encrypting data on the PHP backend and decrypting data on the Android frontend:
Encrypt data in PHP backend:
function encrypt($data, $key, $iv) {
$method = "AES-256-CBC";
$options = OPENSSL_RAW_DATA;
$encrypted = openssl_encrypt($data, $method, $key, $options, $iv);
return base64_encode($encrypted);
}
function generateIV() {
$ivLength = openssl_cipher_iv_length("AES-256-CBC");
return openssl_random_pseudo_bytes($ivLength);
}
$key = "0123456789abcdef0123456789abcdef";
$iv = generateIV();
$data = array(
"name" => "John Doe",
"email" => "johndoe@example.com",
"age" => 30
);
$jsonData = json_encode($data);
$encryptedData = encrypt($jsonData, $key, $iv);
echo "Encrypted JSON data: ".$encryptedData."";
echo "IV: ".base64_encode($iv)."";Decrypt the JSON data on the Android frontend:
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import android.util.Base64;
import org.json.JSONObject;
public class AES {
public static String decrypt(String encryptedData, String key, String iv) throws Exception {
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
byte[] keyBytes = key.getBytes("UTF-8");
byte[] ivBytes = Base64.decode(iv, Base64.DEFAULT);
SecretKeySpec secretKeySpec = new SecretKeySpec(keyBytes, "AES");
IvParameterSpec ivParameterSpec = new IvParameterSpec(ivBytes);
cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivParameterSpec);
byte[] decryptedBytes = cipher.doFinal(Base64.decode(encryptedData, Base64.DEFAULT));
return new String(decryptedBytes, "UTF-8");
}
public static void main(String[] args) throws Exception {
String encryptedJSONData = "ENCIPHERED_JSON_DATA";
String iv = "INITIALIZATION_VECTOR";
String key = "0123456789abcdef0123456789abcdef";
// Decrypt JSON data
String decryptedJSONData = decrypt(encryptedJSONData, key, iv);
// Convert to JSON object
JSONObject jsonObject = new JSONObject(decryptedJSONData);
// Output the fields of the JSON object
System.out.println(jsonObject.getString("name"));
System.out.println(jsonObject.getString("email"));
System.out.println(jsonObject.getInt("age"));
}
}In the above code, the PHP backend uses the openssl_encrypt function to encrypt data. This function encrypts data using the specified encryption algorithm, key, and initialization vector, and returns the encrypted data. The encryption algorithm uses the AES-256-CBC algorithm, which is a symmetric encryption algorithm with a key length of 256 bits and uses CBC mode for encryption.
When generating a random initialization vector, the openssl_cipher_iv_length function is used to obtain the length of the initialization vector required by the specified encryption algorithm, and then the openssl_random_pseudo_bytes function is called to generate a random initialization vector.
When encrypting data, first convert the data to JSON format, and then call the encrypt function to encrypt it. This function accepts three parameters: the data to be encrypted, the key, and the initialization vector. After the encryption is completed, the encrypted data and initialization vector are output.
In the Android front end, the code for decrypting data uses Java's encryption library javax.crypto. The decryption function decrypt accepts three parameters: encrypted data, key and initialization vector. In the function, first use the Cipher.getInstance function to obtain the Cipher instance, then use the key and initialization vector to initialize the SecretKeySpec and IvParameterSpec objects, and finally call the Cipher's doFinal function to decrypt the data.
After the decryption is complete, convert the decrypted data into JSON format, and output the values of each field.
It should be noted that the encryption algorithms, keys and initialization vectors of PHP and Android must be consistent in order to perform encryption and decryption correctly. In the sample code, the same encryption algorithm (AES-256-CBC), key, and initialization vector are used, so encryption and decryption can be done correctly. Be sure to be consistent if you want to use encryption and decryption in other contexts. At the same time, since encryption and decryption may involve sensitive data, please be sure to take security measures to protect data security during encryption and decryption.
When using the AES encryption algorithm to transmit data, you need to pay attention to the following:
1. Key management: It is very important to protect the security of the key, because the leakage of the key will lead to the leakage of encrypted data. Therefore, it is necessary to use a secure key management system to manage keys, and adopt a policy of periodically changing keys to improve security.
2. Initialization vector (IV): IV is another important part of the encryption algorithm, which is used to enhance the security of the encryption algorithm. Every time you encrypt data, you should use a different IV for added security.
3. Choose an appropriate encryption algorithm: AES encryption algorithm is a popular symmetric encryption algorithm, but it is not the only encryption algorithm available. According to the needs of data transmission, an appropriate encryption algorithm should be selected to improve security.
4. Use digital signature verification: In order to further protect the integrity of the data, you can use digital signature verification to verify whether the data has been tampered with during transmission. Digital signature verification is implemented using an asymmetric encryption algorithm, which can prevent man-in-the-middle attacks and data tampering.
5. Avoid Weak Passwords: Avoid using weak and predictive passwords as these can be easily guessed and cracked by attackers.
6. Prevent man-in-the-middle attacks: In order to prevent man-in-the-middle attacks, it is necessary to use the HTTPS protocol for data transmission to ensure the security of data transmission.
In addition, in actual use, in order to facilitate the management of keys and IVs, some key management systems (KMS) or key exchange protocols, such as the Diffie-Hellman key exchange protocol, can be used. These systems can help you manage keys and IVs more easily and provide a higher level of security.
In addition to the AES encryption algorithm, there are other encryption algorithms that can also be used to protect the security of data transmission. For example, the RSA asymmetric encryption algorithm can be used to encrypt and decrypt data without using the same key. However, since the RSA encryption algorithm is generally slower than the AES encryption algorithm, it may affect performance when transferring large amounts of data.
To sum up, encryption of data transmission is essential to keep sensitive data safe. Using the AES encryption algorithm can provide a reliable encryption and decryption mechanism and ensure the security of data transmission. In actual use, you need to pay attention to the security management of the key and IV, and change the key regularly to further improve security. At the same time, some key management system or key exchange protocol can be considered to manage keys and IVs and provide a higher level of security protection.
0 Comments