I. Preface
AES, Advanced Encryption Standard (English: Advanced Encryption Standard). It is used to replace DES, which is currently a more popular encryption algorithm.
It is a symmetric encryption algorithm, and unlike the RSA asymmetric algorithm, which was mentioned in the previous blog post, AES has only one key, which is used for both encryption and decryption.
AES is just a basic algorithm, there are several modes to implement AES, the main ones being ECB, CBC, CFB and OFB (there is actually a CTR):
Mode (Electronic codebook mode: Electronic codebook)
ECB is the simplest block cipher encryption mode, before encryption according to the size of the encryption block (e.g., AES is 128 bits) is divided into a number of blocks, and then each block will be encrypted individually using the same key, and decrypted in the same way.
Patterns (Cipher-block linking: Cipher-block chaining)
CBC mode for each cipher block to be encrypted will first be dissimilar to the ciphertext of the previous cipher block before it is encrypted with the encryptor. The first block of plaintext is dissimilar to a block of data called the initialization vector.
Mode (Cipher feedback)
Unlike ECB and CBC modes, which are only capable of encrypting block data, CFB is capable of converting Block Cipher to Stream Cipher.
Mode (Output feedback)
OFB is to generate a keystream with a block encryptor, and then dissimilate the keystream with the plaintext stream to get the ciphertext stream, decryption is to generate a keystream with a block encryptor, and then dissimilate the keystream with the ciphertext stream to get the plaintext, because of the symmetry of the dissimilarity operation, so the process of encryption and decryption is exactly the same.
Second, code implementation and analysis
As usual, the code is up first:
from import AES
import base64
class AEScoder():
def __init__(self):
self.__encryptKey = "iEpSxImA0vpMUAabsjJWug=="
self.__key = base64.b64decode(self.__encryptKey)
# AES encryption
def encrypt(self,data):
BS = 16
pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
cipher = (self.__key, AES.MODE_ECB)
encrData = (pad(data))
#encrData = base64.b64encode(encrData)
return encrData
# AES decryption
def decrypt(self,encrData):
#encrData = base64.b64decode(encrData)
#unpad = lambda s: s[0:-s[len(s)-1]]
unpad = lambda s: s[0:-s[-1]]
cipher = (self.__key, AES.MODE_ECB)
decrData = unpad((encrData))
return ('utf-8')
Brief Analysis 1:Here the object-oriented writing method is used to create a class, but also lazy directly write the key as a property of the class. If you have the need to modify the key flexibly, just pass the key as a parameter.
Brief Analysis 2:The example uses the ECB mode, which is the simplest and very common mode for AES encryption. Another common mode is CBC, which will have one more initial offset vector iv than ECB mode:cipher = (self.__key, AES.MODE_CBC, iv)。
Brief Analysis 3:pad and unpad are padding and inverse padding functions, respectively. Because AES encryption has a length requirement for the encrypted text, which must be a multiple of the number of key bytes. HereencryptKeyThe length after base64 decoding is 16 bytes.
Brief Analysis 3 Expansion:In fact, there are three kinds of AES encryption: AES-128, AES-192, and AES-256, which correspond to three kinds of key lengths 128bits (16 bytes), 192bits (24 bytes), and 256bits (32 bytes) respectively. Of course, the longer the key, the higher the security, and the longer the encryption and decryption time. The default is AES-128, which is perfectly secure enough.
Filling Algorithm Expansion
The padding algorithm used here actually has a proper name, called pkcs7padding.
The simple explanation is to fill in the missing bits: the padded string consists of a sequence of bytes, each byte fills the length of the padded byte sequence.
If you want to fill 8 bytes, then the value of the filled byte is 0x08; to fill 7 bytes, then the value of the filled byte is 0x07; and so on.
If the text length is exactly a multiple of the BlockSize length, it will also be filled with a BlockSize length value. The advantage of this is that the number of bytes filled is known from the last Byte filled value.
In fact, the default mode for implementing the AES encryption algorithm in java is("AES/ECB/PKCS5Padding")
PKCS#5 is a subset of PKCS#7 in terms of padding: PKCS#5 is only padded for 8 bytes (BlockSize=8), with padding from 0x01-0x08; but PKCS#7 is not only padded for 8 bytes, with a BlockSize range of 1-255 bytes.
However, since AES does not have 64-bit (8-byte) blocks, if you use PKCS5, you are essentially using PKCS7.
This is the whole content of this article.