Recently I am writing a Java message server, and I also need to make a .NET version of the client. They need to communicate securely, based on some simple cryptographic protocols, using public key encryption, symmetric encryption, and Hash algorithms. During this process, I gained a certain understanding of the encryption parts of these two platforms. Here are some of my new understandings.
1. Symmetric encryption
1) Java 1.5’s symmetric encryption is very simple and provides more algorithms. It can be said that it is simple to use, fool-proof, and fully functional.
For example:
SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, skeySpec);
byte[] decryptText = cipher.doFinal(data);
2) For symmetric encryption of .NET 2.0, the default encryption mode is CBC. When encrypting CBC, a key and an initialization vector IV are required, which will make it inconvenient for beginners to use. This problem is very serious. It's easy to deal with, just modify the configuration.
SymmetricAlgorithm algorithm = SymmetricAlgorithm.Create(algorithmName);
algorithm.Mode = CipherMode.ECB;
algorithm.Key = key;
algorithm.Padding = PaddingMode.PKCS7; After this setting, you can communicate with Java and encrypt and decrypt each other.
3) In terms of .NET 2.0 and Java 1.5, the names of encryption algorithms are slightly different in some places.
AES <==> Rijndael
DESede <==> TripleDES
This seems to be common sense.
2. Public key encryption algorithm RSA
1) In Java 1.5, the byte array obtained by performing getEncoded() on RSAPublicKey is ASN.1 encoded. To reverse it, you need to use X509EncodedKeySpec. You need to read the document details or have a certain understanding of cryptography to know this detail. For example:
//public key ==> bytes
PublicKey publicKey =
byte[] rawPublicKey = publicKey.getEncoded();
// bytes ==> public key
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(rawPublicKey);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
Key newPublicKey = keyFactory.generatePublic(x509KeySpec);
In addition, the public key encryption part of Java is quite easy to use. The style is still simple in function, fool-proof to use, and fully functional.
In Java, ASN.1 encoding is supported, but it is hidden and completely invisible to users.
2) In .NET 2.0, the design is a bit confusing and does not support ASN.1 encoding. But Mono seems to be doing ASN.1 encoding support. For this reason, I borrowed a Java Kaiyuan JCE implementation and implemented a .NET version of ASN Parser and ASN Builder, which took two days. as follows:
public static RSAParameters ASN1ToPublicKey(byte[] rawPublicKey)
{
ASN1InputStream asnInput = new ASN1InputStream(rawPublicKey);
ASN1Sequence asnSeq = (ASN1Sequence)asnInput.ReadObject();
SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(asnSeq);
DERObjectIdentifier algOid = subjectPublicKeyInfo.AlgorithmId.ObjectId;
RSAPublicKeyStructure pubKey = new RSAPublicKeyStructure(
(ASN1Sequence)subjectPublicKeyInfo.PublicKey);
byte[] modulus = pubKey.Modulus;
byte[] publicExponent = pubKey.PublicExponent;
RSAParameters pram = new RSAParameters();
pram.Modulus = modulus;
pram.Exponent = publicExponent;
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
rsa.ImportParameters(pram);
return pram;
}
public static byte[] PublicKeyToASN1(RSAParameters pram)
{
SubjectPublicKeyInfo info = new SubjectPublicKeyInfo(
new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption,
new DERNull()), new RSAPublicKeyStructure(pram.Modulus, pram.Exponent).DERObject);
byte[] rawPublicKey = info.GetDEREncoded();
return rawPublicKey;
}
3. Overall feeling
1) Java's security module is well designed, simple and easy to use, and has complete functions.
2) .NET 2.0 is a bit messy, the naming style and system framework are somewhat inconsistent, the functions are lacking, and the code organization is not ideal.
3) In Mono, the security support is better than what Microsoft has released. You can see from the Internet that some features of .NET Framework 2.0 are also borrowed from Mono.
4) It can even be considered that the development team of the .NET encryption module may not be very capable. As the saying goes, "Writing bad code is not ours."
http://www.cnblogs.com/jobs/archive/2006/09/22/512297.html