1、Data encryption First Synopsis In the open correspondence and in the computer system, builds the safe reliable electronic commerce platform is very important. Usually needs through the encryption method to the customer related information, like the password, the contract and so on to protect, causes
2、 it not to steal or the distortion. When the customer hands in the service application, must to the customer status validity, the text integrity carry on the confirmation. HMAC (Keyed-Hashing for Message Authentication) is a public agreement. It is one kind based on keys text complete proof techniqu
3、e, its security is the establishment in the Hash algorithm foundation. It requests the correspondence both sides shared system key, the agreement algorithm, to carry on the Hash operation to the text, like MD5, SHA, RIPEMD and so on, form the fixed length the authentication code. Correspondence both
4、 sides determine the text through the authentication codes verification the validity. This agreement may use for to make the encryption, the digital signature, the text confirmation and so on. HMAC may with any iteration hashing function bundle use. MD5 and SHA-1 are this kind of hashing functions.
5、This kind of structures leading role is: 1. Does not need the revision to be possible to use the suitable hashing function. Moreover the hashing function displays in the software aspect is very good. And the sound code is public and general. 2. Maintain the hashing function original performance, but
6、 does not cause its degeneration. 3. Cause reasonably based on about first floor hashing function supposition message discrimination mechanism encryption strength analysis. 4. When discovers either needs the operating speed is quicker or the safer hashing function, may very easy realize the first fl
7、oor hashing function replace. Annotation: When comp book documents, MD5 and SHA-1 are use the most widespread encryption to use the hashing function. Second HMAC algorithm principles 2.1 HMAC algorithm definition: Expresses as follows with the formula: HMAC=H(key or opad ,H(key or ipad,text) H(X, Y)
8、 expression carries on one kind of Hash operation to X + Y news. Representative Ipad is redundant B time single byte hexadecimal system system constant OX36; Representative Opad is redundant B time single byte hexadecimal system constant OX5C; key represents 64 bytes strings of character, is compose
9、d of the key, insufficient makes up 0; Text represents the random length text; Key length L byte. When is bigger than B, passes through the Hash computation to form L byte Peru key (B is first in the Hash algorithm an iterative computation block data byte count; L is the Hash algorithm forms the tex
10、t abstract the byte count, in MD5 is in 16, SHA-1 is 20). 2.2 Algorithm step (1) Increases behind key K 0 founds a word length is the B string of character. (e.g., if the K word length is 20 bytes, B=60 byte, then after K, will join 44 zero byte 0x00), if the K length will be bigger than time B, sho
11、uld undergo hashing function processing. if (key_len 64) MD5_CTX tctx; MD5Init(&tctx); MD5Update(&tctx, key, key_len); MD5Final(tk, &tctx); key = tk; key_len = 16; (2) On one step will produce the B word lengths string of character and ipad make the or else. k_ipadi = 0x36; (3) Fills data stream tex
12、t to the second step result string of character. (4) Affects with H in the data stream which third step produces. transfer hashing function (MD5, SHA-1) (5) The B word length string of character which and opad first step produces does the or else. k_opadi = 0x5c; (6) Enters again the fourth step res
13、ult packing in the fifth step result. (7) Affects with H in the data stream which sixth step produces, the output final outcome. 2.3 MD5 algorithm The MD5 algorithm by circulates many times to the random length news the iterative hash operation, forms 16 Byte text abstract finally. This abstract has
14、 uniqueness to the text, may take the authentication code. Under target computers computation speed, this abstract is difficulty with explains (1) the text fills The MD5 algorithm request carries on the packing to the random length text, the constitution N64 Byte news grouping, N is an integer. And
15、each grouping padding data is divided 2 steps. First, the packing causes the data position length exactly for (N64-8) the Byte number, namely in text valid data replacement 1 0x1, other makes up 0x0 to satisfy the above request. Then, again on replacement 8 bytes (64) before text data length (packin
16、g, byte count). Thus, the data by the packing is 64Byte (512bit) integral multiple. Also divides 16 4 byte sub-groupings. (2) initialization MD5 parameter The 4 4 byte shift quantity (A, B, C, D) use for to take the text abstract the starting value: A=0x01234567 B=0x89abcdef C=0xfedcba98 D=0x7654321
17、0 (3) algorithm The MD5 algorithm is to the news grouping in turn iterative algorithm. 1st time operates the starting value is ABCD, each iterative computations result will replace later ABCD to take the next time starting value, altogether will undergo N time iterative computation, will obtain this news text abstract. 2.4 realize the step The first step: Increases fills
