C# | Beginner's Guide to Host Computer Development (8) Encryption Algorithm——AES
Article Directory
foreword
AES - This is a very important encryption method in the encryption algorithm!
Although asymmetric encryption algorithms (such as RSA, ECC, etc.) already exist in this world, AES still plays an important role in symmetric encryption algorithms. Unlike asymmetric encryption algorithms, symmetric encryption algorithms use the same key to encrypt and decrypt data, so encryption and decryption are faster and more efficient. Among the symmetric encryption algorithms, AES is currently one of the safest and most reliable encryption algorithms, and its encryption strength and operating efficiency are very high. Therefore, whether in personal computers, mobile devices, or in the fields of servers and cloud computing, AES is widely used in the process of data encryption and decryption.
Characteristics of AES
block encryption
AES is a block encryption algorithm that divides plaintext into fixed-length data blocks, each of which is 128 bits long. Each block of data is encrypted independently, so it is more secure. The advantage of the block encryption algorithm is that the result of data encryption is more stable and secure, and the encryption result will not be completely changed due to slight changes in the plaintext, thereby better protecting the integrity of the data.
block cipher
AES is a block cipher that uses the same key to encrypt and decrypt data. The encryption and decryption process is completed in a fixed-length data block, so the encryption and decryption speed is faster and more efficient. The advantage of the block cipher is that its encryption and decryption speed is very fast, and the key length used is shorter, which is more convenient to use.
Symmetric encryption
AES is a symmetric encryption algorithm, which means that both the sender and receiver use the same key to encrypt and decrypt data. In this way, the key can be prevented from being obtained by eavesdroppers during the transmission process, thereby ensuring the security of the data. The advantage of symmetric encryption is that the encryption speed is fast, and after the encrypted data is encrypted, no one can decrypt it without knowing the key.
high strength
The key length used by AES can be 128 bits, 192 bits or 256 bits, the longer the key, the higher the encryption strength. As a result, AES is widely regarded as one of the safest and most reliable encryption algorithms available today. The longer the key length used by AES, the more difficult it is to crack it, thus ensuring the security of data.
Efficiency
The efficiency of the AES encryption and decryption process is very high, which is due to the characteristics of the block cipher and block encryption algorithm it uses. Therefore, AES is widely used in personal computers, mobile devices, servers, and cloud computing. The AES encryption and decryption speed is fast, and a large amount of data can be encrypted and decrypted quickly, thereby improving the efficiency of data encryption.
Parameters of the AES algorithm
The parameters that can be configured in AES encryption include the following:
Key Length
The AES algorithm supports three different key lengths: 128 bits , 192 bits , and 256 bits . When choosing the key length, the security and performance of the encryption need to be considered. Generally speaking, the longer the key length, the higher the security of the encryption, but the performance will also be affected.
Encryption Mode
The AES algorithm supports multiple encryption modes, including ECB, CBC, CFB, OFB, and CTR. Different encryption modes have different characteristics and security, and choosing an appropriate encryption mode can improve the strength and security of encryption.
ECB mode
ECB mode is the simplest encryption mode, which divides the plaintext into several blocks, and each block is encrypted independently. The advantage of this mode is that the encryption and decryption speed is fast, but the disadvantage is that for the same plaintext block, the encrypted ciphertext block is also the same, which is vulnerable to attack.
CBC mode
CBC mode is a commonly used encryption mode, which divides plaintext into several blocks, and each block is XORed with the ciphertext of the previous block before encryption. In this way, the ciphertext blocks obtained after encrypting the same plaintext block are different, which increases security. However, CBC mode encryption and decryption are slow and do not support parallel encryption.
CFB mode
The CFB mode is a more flexible encryption mode. It divides the plaintext into several blocks, and each block obtains a ciphertext block through the encryptor, and then XORs a part of the ciphertext block with the plaintext block to obtain the ciphertext. The advantage of this mode is that it supports data stream encryption of any length, but the disadvantage is that the speed of encryption and decryption is slow.
OFB mode
The OFB mode is an encryption mode similar to the CFB mode. It divides the plaintext into several blocks, and each block obtains a ciphertext block through the encryptor, and then uses the ciphertext block as the input of the encryptor to obtain the next ciphertext block. The advantage of this mode is that it supports data stream encryption of any length, and the encryption and decryption speed is fast. The disadvantage is that it does not support error propagation during the encryption and decryption process.
CTR mode
The CTR mode is a relatively new encryption mode. It divides the plaintext into several blocks. Each block is passed through an encryptor to obtain a ciphertext block, and then the ciphertext block and the plaintext block are XORed to obtain the ciphertext. The advantage of CTR mode is that it supports parallel encryption, and the speed of encryption and decryption is faster. The disadvantage is that the key can only be used once.
Filling mode (Padding Mode)
In an encryption algorithm, padding is a way of stuffing data into fixed-length blocks. The AES algorithm supports multiple padding methods, including PKCS#5, PKCS#7, ISO/IEC 7816-4 and ANSI X.923, etc. Different padding methods have different characteristics and security, and choosing an appropriate padding method can improve the security and efficiency of encryption.
PKCS#5和PKCS#7
Both fills are 往数据末尾补0true. PKCS#5 is generally used for encryption with a block length of 8 bytes, while PKCS#7 can support encryption with a block length of 1 to 255 bytes.
Although these two filling methods are simple and easy to use, they are also easy to be attacked by attackers, because the filling methods are fixed and there is no randomness, so the security is not very high. In addition, if the data ends with 0, it may be confused with the original data after padding, and there will be problems when decrypting.
ISO/IEC 7816-4
This kind of filling is a more commonly used filling method, and it is 基于ASN.1编码the best way to fill. This filling method is more flexible, the length of the filled data is also variable, and can be filled according to needs, and the filled data and the original data can be distinguished, and there will be no problem when decrypting.
However, it is filled based on ASN.1 encoding, so it may be more complicated to implement.
ANSI X.923
This filling method is also to add 0 to the end of the data, however 只在最后一个块里添加填充数据. This filling method is simple and easy to use, and can avoid the problem of data confusion, but since the filling data is only added in the last block, security may be a bit problematic.
Initialization Vector
Abbreviated as IV, the number of bits in the initial vector depends on the encryption algorithm and encryption mode used.
ECB mode does not need to use the initial vector; the initial vector of CBC mode and CFB mode is usually 128 bits; the initial vector of OFB mode and CTR mode is usually 64 bits or 128 bits.
Number of Rounds
The AES algorithm uses a round function to encrypt and decrypt data. The number of rounds refers to the number of times the round function needs to be executed, which is related to the key length and encryption mode.
In general, the more rounds you have, the more secure your encryption will be, but performance will also suffer.
Key (Key)
The AES algorithm uses the same key to encrypt and decrypt data. The key is a randomly generated string of the same length as the chosen key length. Choosing a key of sufficient strength is critical to keep the encryption secure.
Example of Symmetric Encryption Application Scenario
The following is an example of a scenario where messages are delivered using symmetric encryption:
- User1 enters plaintext and key and sends it to ProgramA.
- ProgramA encrypts the plaintext with the key and sends the encrypted ciphertext to ProgramB.
- ProgramB sends a new message prompt to User2, prompting it to have a new encrypted message.
- User2 enters the corresponding key to decrypt the ciphertext.
- ProgramB uses the key to decrypt the ciphertext, and sends the plaintext to User2, and User2 obtains the plaintext.
AES encryption and decryption example
Please refer to this article: https://blog.csdn.net/lgj123xj/article/details/126300322