uMgangatho woShicilelo olukwinqanaba eliphezulu (AES) yi-symmetric encryption algorithm. I-AES ngumgangatho weshishini okwangoku njengoko ivumela i-128 bit, i-192 bit kunye ne-256 bits encryption. Ubhalo lwe-Symmetric lukhawuleza xa kuthelekiswa ne-asymmetric encryption kwaye lusetyenziswa kwiinkqubo ezifana nenkqubo yedatha. Okulandelayo sisixhobo esikwi-intanethi sokwenza uguqulelo oluntsonkothileyo lwe-AES kunye nokuguqulelwa kwekhowudi kuyo nayiphi na isicatshulwa esicacileyo okanye igama eliyimfihlo.
Isixhobo sibonelela ngeendlela ezininzi zofihlo kunye noguqulelo oluntsonkothileyo njenge I-ECB, i-CBC, i-CTR, i-CFB kunye nemodi ye-GCM. GCM ithathwa njengekhuseleke ngakumbi kunemo ye-CBC kwaye yamkelwa ngokubanzi ekusebenzeni kwayo.
Ngolwazi oluthe kratya malunga ne-AES encryption, ndwendwela le ngcaciso kwi-AES Encryption. Apha ngezantsi kukho ifom yokuthatha amagalelo oguqulelo oluntsonkothileyo kunye noguqulelo oluntsonkothileyo.
Naliphi na ixabiso eliyimfihlo eliyimfihlo olifakayo, okanye esilivelisayo aligcinwanga kule ndawo, esi sixhobo sinikezelwa nge-URL ye-HTTPS ukuqinisekisa ukuba naziphi na izitshixo ezifihlakeleyo azikwazi ukubiwa.
Ezona mpawu
- I-Symmetric I-algorithm engundoqo: Iqhosha elifanayo lisetyenziselwa zombini uguqulelo kunye nokuguqulela.
- Block Cipher: I-AES isebenza kwiibhloko zedatha ezinobungakanani obusisigxina. Ubungakanani bebhloko obuqhelekileyo buyi-128 bits.
- Ubude obuphambili: I-AES isekela ubude obuphambili be-128, i-192, kunye ne-256 bits. Okukhona iqhosha lide, kokukhona ufihlo lomelele.
- Ukhuseleko: I-AES ithathwa njengekhuselekile kakhulu kwaye isetyenziswa ngokubanzi kwiiprotocol ezahlukeneyo kunye nezicelo.
Imiqathango ye-AES Encryption & Terminology
Kuguqulelo oluntsonkothileyo, ungangenisa okubhaliweyo okungenanto okanye igama lokugqitha ofuna ukulifihla. Ngoku khetha indlela yebhloko ye-cipher yoguqulelo oluntsonkothileyo.
Iindlela ezahlukeneyo ezixhaswayo ze-AES Encryption
I-AES ibonelela ngeendlela ezininzi zoguqulelo oluntsonkothileyo njenge-ECB, i-CBC, i-CTR, i-OFB, i-CFB kunye nemo ye-GCM.
-
I-ECB (iNcwadi yeKhowudi yeKhowudi) yeyona ndlela ilula yofihlo kwaye ayifuni i-IV yoguqulelo oluntsonkothileyo. Igalelo elicacileyo lombhalo lizakwahlulwa libe ziibhloko kwaye ibhloko nganye iya kuguqulelwa ngokuntsonkothileyo ngesitshixo esinikiweyo kwaye kungoko iibhloko zeteksti ezifanayo ezingenanto ziguqulelwa ngokuntsonkothileyo kwiibhloko zeteksti ze-cipher ezifanayo.
-
Imo ye-CBC(Cipher Block Chaining) iyacetyiswa kakhulu, kwaye luhlobo oluphambili lwebhloko yoguqulelo oluntsonkothileyo. Ifuna i-IV ukwenza intsingiselo yomyalezo ngamnye ibe yodwa iibhloko zeteksti ezicacileyo ezifanayo zifihlwa zibe ziibhloko zokubhaliweyo ezingafaniyo. Ke ngoko, ibonelela ngoguqulelo oluluqilima ngakumbi xa kuthelekiswa nemowudi ye-ECB, kodwa iyacotha xa kuthelekiswa nemo ye-ECB. Ukuba akukho IV ifakiweyo ngoko kungagqibekanga kuya kusetyenziswa apha kwimo ye-CBC kwaye oko kungagqibekanga kwi-byte esekwe kwi-zero[16].
-
Imowudi ye-CTR(Ikhawuntara) ye-CTR (CM) ikwabizwa ngokuba yimowudi ye-counter counter (ICM) kunye nemowudi ye-segmented integer counter (SIC). I-counter-mode ijika ibhloko ye-cipher ibe yi-stream cipher. Imo ye-CTR ineempawu ezifanayo ne-OFB, kodwa ikwavumela ipropathi yofikelelo olungakhethiyo ngexesha lokuguqulelwa kwekhowudi. Imowudi ye-CTR ifanelekile ukusebenza kumatshini we-multiprocessor, apho iibhloko zinokuguqulelwa ngokuntsonkothileyo ngokuhambelanayo.
-
I-GCM(Galois/Indlela yokuBala) yindlela yokusebenza yebhloko ye-symmetric-key ye-cipher esebenzisa i-hashing jikelele ukunika ufihlo oluqinisekisiweyo. I-GCM ithathwa njengekhuseleke ngakumbi kunemowudi ye-CBC kuba inobungqina obakhelwe ngaphakathi kunye nokuhlolwa kwemfezeko kwaye isetyenziswa ngokubanzi ekusebenzeni kwayo.
Ukupakisha
Kwiindlela ze-AES ze-CBC kunye ne-ECB, i-padding ingaba yi-PKCS5PADDING kunye ne-NoPadding. Nge-PKCS5Padding, umtya we-16-byte uya kuvelisa imveliso ye-32-byte (i-multiple elandelayo ye-16).
I-AES GCM PKCS5Padding sisithetha-ntonye se-NoPadding kuba i-GCM yindlela yokusasaza engadingi kukhuselwa. I-ciphertext kwi-GCM mde kuphela njengombhalo ongenanto. Ke ngoko, i-nopadding ikhethwa ngokungagqibekanga.
Ubungakanani obungundoqo be-AES
I-algorithm ye-AES inobungakanani bebhloko ye-128-bit, kungakhathaliseki ukuba ubude bakho obuphambili bu-256, 192 okanye i-128 bits. Xa imowudi ye-symmetric cipher ifuna i-IV, ubude be-IV kufuneka bulingane nobungakanani bebhloko ye-cipher. Kungoko, kufuneka usoloko usebenzisa i-IV ye-128 bits (16 bytes) nge-AES.
I-AES Secret Key
I-AES ibonelela ngamasuntswana angama-128, iibhithi ezingama-192 kunye neebhithi ezingama-256 zesayizi eyimfihlo yokufihla. Ukuba ukhetha amasuntswana angama-128 kuguqulelo oluntsonkothileyo, ngoko ke iqhosha eliyimfihlo kufuneka libe libhithi ezili-16 ubude kunye namasuntswana angama-24 nama-32 we-192 kunye namasuntswana angama-256 obungakanani beqhosha ngokulandelelanayo. Umzekelo, ukuba isayizi yesitshixo yi-128, ngoko ke iqhosha elisebenzayo eliyimfihlo kufuneka libe noonobumba abali-16, oko kukuthi, 16*8=128 bits.