Yongqiang teaches you encryption and decryption: Symmetry (1)

Hello, everyone, I am Yongqiang, who is Zhao Yongqiang, Lao Li used to tell you about the great god of block chain, the boss of iOS, who is still a big company after graduating from college, and who only lives in Lao Li’s mouth and has not yet appeared in real life. There is no strong connection between Nicholas Zhao Si and me. I only know him unilaterally.

Before, Lao Li tried to make me publish some tutorials on how to cheat high-end wages and money, but I just refused them verbally.

                   毕竟是毕生绝学,不能就这么轻而易举地教给你们

However, I can give you some entry-level tutorials on “how to get a promotion and a raise while living in the company” later on. I can pass on the male to the female, with unique skills! Please look forward to it!

图片描述

To get back to the point, I’ve always been bitter about encryption and decryption technology, because this thing was dropped in an interview many years ago, although I later consulted the other party about some things I didn’t know about encryption and decryption and he didn’t tell me clearly …

Things have been going on for several years. I feel that I have mastered some high-end encryption technology to some extent, because I have decided to install a wave of force and time is relatively tight. I plan to finish installing the force before the Chinese New Year in 2020. You should pay attention to cooperation.

I know Lao Li published some things about encryption, decryption and so on in the community before, and even got involved in DH, ECDH, prime number and elliptic curve, but this does not conflict with this series, it is not important, don’t care about these details, his too young too simple, sometimes naive… …

This will be a series of articles consisting of about four articles, so before the official start, I have to emphasize one point-the basic theoretical knowledge of the following disciplines:

  • Discrete Mathematics
  • Differential and Integral
  • “Space Geometry”
  • Probability theory

You don’t need it. . .

However, you must know any programming language except html and css. Although I am proficient in various languages from CLanguage to Perl, this article will use the best language in the world to demonstrate some programs. Later Lao Li may use CLanguage and Golang to demonstrate in other languages.

Simply put, encryption and decryption technologies are divided into two categories:

  • Symmetric encryption and decryption
  • Asymmetric encryption and decryption

Among them, the common symmetric encryption and decryption algorithms are DES, 3DES and AES;. The typical asymmetric encryption and decryption technology is RSA, which is what public key and private key certificates are at sixes and sevens.

Let’s start with symmetric encryption and decryption. Roughly speaking, symmetric encryption and decryption is “using the same password when encrypting and decrypting”. It sounds very symmetric, does it?

Let’s express it with a diagram.

图片描述

Ha ha, the sand sculpture human who likes the new and hates the old … Although DES is no longer used, it is also brilliant after all. I think it is still necessary to perform. We know that in php7, the encryption and decryption of the original mcrypt series has been abandoned. Officials suggest that we use openssl series for encryption and decryption, so make sure that the openssl standard extension is installed in your PHP environment.

<?php
// 这个函数打印出来openssl支持的所有加密方法以及模式的组合
$arr_ava_methods = openssl_get_cipher_methods();
print_r( $arr_ava_methods );

After the file is saved as test.php, execute one: PHP test.php | Grepdes. As a result, you can feel it:

图片描述

Among them, those with ede, such as des-ede* means 3DES. What does it mean to have so many strange suffixes? We’ll talk about it later … it’s not that it can’t be used.

图片描述

Screening, we see des (non-des3) has several specific methods with tail:

  • des-cbc
  • Des-cfb* (note the wildcard asterisk following)
  • des-ofb

Let’s use the traditional des method to continue the forced performance:

<?php
// 我们就选用des-ecb方法进行一次des加密
$ava_methods = openssl_get_cipher_methods();
$my_method   = 'des-ecb';
if ( !in_array( $my_method, $ava_methods ) ) {
  exit( '错误的加密方法'.PHP_EOL );
}
$key  = "123456";
$data = "helloMOTO";
echo "明文:".$data.PHP_EOL;
$enc_data  = openssl_encrypt( $data, $my_method, $key );
echo "密文:".$enc_data.PHP_EOL;
$dec_data  = openssl_decrypt( $enc_data, $my_method, $key );
echo "明文:".$dec_data.PHP_EOL;

Save it for test.php to execute:

图片描述

Perfect! Just like Lao Wang’s meshbox, perfect!

A brief analysis:

Let’s continue with another method: we use openssl_get_cipher_methods () function to obtain all des encryption methods that can be used, and then simply judge whether the method we choose is among them; Then we use 123456 as the password, helloMOTO as the plaintext content, openssl_encrypt () is the encryption function, openssl_decrypt () is the decryption function, the specific function prototype turn left to look up the manual, in short everything is so perfect!

<?php
// 我们就选用des-ecb方法进行一次des加密
$ava_methods = openssl_get_cipher_methods();
$my_method   = 'des-cbc';
if ( !in_array( $my_method, $ava_methods ) ) {
  exit( '错误的加密方法'.PHP_EOL );
}
$key  = "123456";
$data = "helloMOTO";
echo "明文:".$data.PHP_EOL;
$enc_data  = openssl_encrypt( $data, $my_method, $key );
echo "密文:".$enc_data.PHP_EOL;
$dec_data  = openssl_decrypt( $enc_data, $my_method, $key );
echo "明文:".$dec_data.PHP_EOL;

Carry out a wave, the result is as follows:

图片描述

It is not perfect. I made a mistake. A warning grade mistake does not affect encryption and decryption, but after all it was a mistake. I copied and pasted the original text of the mistake. How do you feel?

PHP Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in /home/ubuntu/lab/test.php on line 10

An empty iv that is not recommended and is not safe is used in the 10th row of test.php. When I was translating this sentence, Lao Li, who was already proficient in English, said to me beside me, “You are too hard to translate. You must learn to be humane. Watch carefully. This is the evil consequence of not having attended a full-time university undergraduate course”:

PHP Warning: OpenSSL _ ENCRYPT (): IV vector should not be empty, not recommended, and it is not safe ~

What is an iv vector? To get rid of this problem, I’ll write a piece of code so that he can run:

<?php
$ava_methods = openssl_get_cipher_methods();
$my_method   = 'des-cbc';
if ( !in_array( $my_method, $ava_methods ) ) {
  exit( '错误的加密方法'.PHP_EOL );
}
// 处理iv向量的两行代码
$iv_length = openssl_cipher_iv_length( $my_method );
$iv        = openssl_random_pseudo_bytes( $iv_length );
$key  = "123456";
$data = "helloMOTO";
echo "明文:".$data.PHP_EOL;
$enc_data  = openssl_encrypt( $data, $my_method, $key, 0, $iv );
echo "密文:".$enc_data.PHP_EOL;
$dec_data  = openssl_decrypt( $enc_data, $my_method, $key, 0, $iv );
echo "明文:".$dec_data.PHP_EOL;

Notice that the lines 8, 9, 10 and 15, 17 have all been changed for the iv vector, and then this time the code saved the run wave:

图片描述

Perfect! Just like Lao Wang’s meshbox, perfect!

So, in des encryption and decryption, we left behind two problems:

  • What do these suffixes mean?
  • What the hell is an iv vector?

Long press may surprise you.

图片描述