How do encryption methods work?
Well, I read on encryption techniques. I found out that there are 3 types.
- Hashing encryption
- Symmetric methods
- Asymmetrical shapes
I don't understand hasing Encryption and some parts of AES in Symmetric method.
Hashing Problem Encryption :: I read - "once the data is encrypted, the process cannot be canceled or decrypted." What is my question, why would anyone use this method if you can only encrypt the data but cannot decrypt it? or I'm wrong?
The problem with AES :: Below is the code I found:
public class AES {
private static SecretKeySpec secretKey;
private static byte[] key;
private static String decryptedString;
private static String encryptedString;
public static void setKey(String myKey) {
MessageDigest sha = null;
try {
key = myKey.getBytes("UTF-8");
System.out.println(key.length);
sha = MessageDigest.getInstance("SHA-1");
key = sha.digest(key);
key = Arrays.copyOf(key, 16); // use only first 128 bit
System.out.println(key.length);
System.out.println(new String(key, "UTF-8"));
secretKey = new SecretKeySpec(key, "AES");
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
public static String getDecryptedString() {
return decryptedString;
}
public static void setDecryptedString(String decryptedString) {
AES.decryptedString = decryptedString;
}
public static String getEncryptedString() {
return encryptedString;
}
public static void setEncryptedString(String encryptedString) {
AES.encryptedString = encryptedString;
}
public static String encrypt(String strToEncrypt) {
try {
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
setEncryptedString(Base64.encodeBase64String(cipher.doFinal(strToEncrypt.getBytes("UTF-8"))));
} catch (Exception e) {
System.out.println("Error while encrypting: " + e.toString());
}
return null;
}
public static String decrypt(String strToDecrypt) {
try {
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
cipher.init(Cipher.DECRYPT_MODE, secretKey);
setDecryptedString(new String(cipher.doFinal(Base64.decodeBase64(strToDecrypt))));
} catch (Exception e) {
System.out.println("Error while decrypting: " + e.toString());
}
return null;
}
}
Each cipher encrypts and decrypts data in blocks of 128 bits using cryptographic keys of 128, 192 and 256 bits, respectively.
So in the code:
key = Arrays.copyOf(key, 16);
its using 128 bit keys, right?
But what is base64 inside encryption and decryption methods?
public static String encrypt(String strToEncrypt) {
try {
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
setEncryptedString(Base64.encodeBase64String(cipher.doFinal(strToEncrypt.getBytes("UTF-8"))));
}
}
source to share
Hashes are mainly used to validate text.
Example 1:
You have a hashed password. The person gives you a password. You want to check if it gave you the correct one. So you use his password using the same algorithm. If you have the same hash you have, this is the correct password.
The advantage of a hash : You don't store real passwords, so if people hack your database, they can't guess the real password.
Example 2:
You are downloading a large file. You want to make sure that there are no communication errors and that no one has replaced the file with another file that may contain malware.
The vendor who wrote the file gives you the hash of the file separately from the file.
Once you upload the file, you run the same hashing algorithm on it. If you have the same hash the vendor gave you, you know you downloaded the correct file and there were no communication errors (very likely).
The hash has the advantage : it has few real collisions, so it is unlikely that a small change in the file will give you the same hash.
Example 3:
Your company keeps all the documents and files that employees use on disk and don't want to keep duplicates as they waste resources. Therefore, whenever an employee stores a file in the company's documents directory, it needs to be checked to make sure it is not a duplicate of an existing file.
For each file in a directory, you store its hash along with its details. When employees add a new file, you run a hash algorithm on the file. If the hash matches any of the existing hashes, it is (most likely) a duplicate. If not, this is a new file and can be saved.
The advantage of a hash is that it is much smaller than a file. Instead of comparing the entire file against all existing files, you can compare short hash strings.
The reason you use base64 when encrypting text is because encryption algorithms work on bytes, not texts.
You are converting the original text to bytes using the appropriate character encoding (in this case UTF-8
). But after running the encryption algorithm, the bytes you return do not necessarily match any standard character encoding. There may be bytes that represent control characters, etc., or invalid values UTF-8
.
So, to get some kind of readable string out of it, you use base64 - which converts the encrypted bytes to text that can be used even in older environments that only support ASCII.
To decrypt a text, you first need to convert it back to bytes using the base64 algorithm, and then you can decrypt it and convert the decrypted bytes to text using UTF-8
.
Real text ➞ [UTF-8] ➞ bytes ➞ [CIPHER] ➞ encrypted bytes ➞ [BASE64] ➞ encrypted text
Cipher text ➞ [BASE64] ➞ encrypted bytes ➞ [DECIPHER] ➞ bytes ➞ [UTF-8] ➞ real text
Don't confuse "64" in the name of this encoding algorithm with the key and block sizes you use in your cipher. This "64" simply means the bytes are translated into 64 possible characters (plus =
as a special padding).
source to share
I am not going through the code you provided, but I will answer your question in the simplest way possible.
We will use a hashing algorithm if we want to store the password somewhere and encrypt it. Your question still holds, why should we do this? There is a slight twist in the plot, now when we need to authenticate using a hashed password, we do not change the hash, but hash the entered password and match it with the hash we have. This gives us the ability to store the password somewhere in such a way that the text read by the user cannot be reproduced (hash-reversible).
Hope this clears up your confusion.
Base64 is an encryption method used to standardize many digital data as well as change the text in bytes to make it simpler, it is a class that converts strings that you store into strings consisting of only 64 different characters (characters) and combinations thereof. To read more about base64, definitely google
source to share