Computer network refers to a computer system that connects multiple computers and their external devices with independent functions located in different geographical locations through communication lines, and achieves resource sharing and information transmission under the management and coordination of network operating systems, network management software, and network communication protocols. From this perspective, the security factor of the network is generally relatively small. Data encryption is an important security mechanism to ensure computer networks, but there are few practical encryption and decryption software systems that utilize public key systems, especially RSA algorithms. The largest computer network is the Internet. It is composed of a large number of computer networks interconnected through many routers. Therefore, the Internet is also known as the “network of networks”. Furthermore, from the perspective of network media, computer networks can be seen as a new medium of communication that is connected by multiple computers through specific devices and software.

The main methods of network encryption include link encryption and end-to-end encryption. The end-to-end encryption work of REX521GHHPSH51G is only carried out on the destination node and source node, so it is low-cost and flexible to use. This article adopts this approach, which is located at the application layer or presentation layer of the network OSI model.

1. Public Key Cryptosystem

Public key cryptography is a trapdoor one-way function. We say that a function f is a one-way function, that is, if any x in its domain is easy to calculate y=f (x), but it is very difficult to calculate x when y in the range of f is known. The public key cryptography is designed based on this principle, using auxiliary information (trapdoor information) as the secret key. The security strength of such passwords depends on the computational complexity of the problem they are based on.

The basic idea of public key cryptography is that keys are divided into encryption key E, decryption key D, and public key M. The encryption key E and public key M can be made public, but D cannot be made public. When encrypting, the function f1 (E, M) with E and M as parameters is used for encryption, and when decrypting, the function f2 (D, M) with D and M as parameters is used for decryption.

In traditional cryptographic algorithms, once the encryption process is known, the decryption process can be inferred. In the algorithm of public key cryptography, even if the encryption process is known, it is impossible to deduce the decryption process. Therefore, calculating the encryption key E, public key M, and decryption key D requires special algorithms and steps. To ensure that the decryption key D cannot be derived from the encryption key E and the public key M.

The RSA system is a new type of public key cryptography. The public key cryptography system is based on number theory, and the principle of REX521GHHPSH51G is that it is easy to calculate the product of two large prime numbers, but it is difficult to decompose a large composite number into two large prime numbers. The mathematical expression for RSA encryption and decryption operations is:

Exergy C=XE (mod M)

X=CD (mod M)

Among them: X is plaintext, C is ciphertext, (0 (1) M is the product of two large prime numbers P and Q, thus the Euler number of M φ (M) =(P-1) x (Q-1).

(2) D is greater than P, Q and is related to φ (M) A coprime positive integer.

(3) E is D about φ (M) The inverse of multiplication. I.e. ED=1 mod（ φ (M) ).

If the above three conditions are met, (E, M) can be used as a public key pair, and (D, M) can be used as a key pair.

For example: P=101, Q=113, then M=P x Q=11 413, φ (M) =(P-1) x (Q-1)=100 x 112=11 200, and φ (M) There are countless coprime integers E, therefore, assuming E=3 533, according to the formula ED=1mod（ φ (M) Obtain D=6 597. Assuming plaintext X=9 726, the ciphertext C=9 7263 533mod (11 413)=5 7 61 when encrypted, and the plaintext Y=5 7616 597mod (11 413)=9 726 when decrypted. Therefore, as long as the encryption key E, decryption key D, and public key M are selected correctly, the plaintext X before encryption and the plaintext Y after decryption must be the same.

2 System Design

The network information encryption and decryption system consists of two main parts, the host program and the passenger program. The host program has the following functions: selecting key parameters, encrypting and decrypting files, verifying encrypted and decrypted files, and modifying user passwords; The aircraft program only has one encryption module and a user reset encryption key E and public key M. If B sends important data to A, the node encrypts the important data using the encryption key E and public key M published by node A as parameters, and then sends the encrypted data to A. Since these data have undergone special processing, there is no need to worry about the security of the data. When many advanced users of a network need to frequently communicate information with each other, and also require advanced users to be able to encrypt the data they need to send, as well as decrypt the encrypted data they receive. This requires running the host program of the network information encryption and decryption system on the computer of advanced users on the network.

The design of the system is divided into seven modules: key selection module, file encryption module, file decryption module, data verification module, password modification module, system introduction module, and system exit module.

 

Module Design of 3 Programs

3.1 Design of Key Selection Module

The key pair for choosing the RSA cryptosystem is mainly determined by E, D, and M. Because the selection of key pairs cannot be arbitrarily generated, and the more bits of P and Q, the longer it takes to break the cryptographic system, making the system more secure. But the more digits, the slower the speed. This module allows users to choose the number of prime digits themselves.

For the convenience of users, this module does not require users to directly input the values of two large prime numbers P and Q, but instead inputs their neighbors to approximate any number, and then the computer finds them near the neighboring values based on a specific algorithm. After obtaining two large prime numbers, we also obtain the public key M=P × Q, thus obtaining the Euler number of M φ (M) =(P-1) x (Q-1).

Greater than P, Q and combined with φ (M) There are countless coprime numbers, so the system still uses the user to input neighboring values, and searches for an integer E that satisfies the condition near it (where the Euclidean algorithm is used to determine whether E matches) φ (M) After obtaining the encryption key E, the final step in searching for the key is to find the decryption key D, which can be obtained according to the equation ED=1mo d（ φ (M) Obtain.

After the above three steps, the computer-aided generation of key pairs is completed. Subsequently, the computer will prompt whether to update the newly generated parameter values to the system default parameter values. Users have two options, update and not update.

3.2 Design of encryption module

Files are stored in the form of “0” and “1” in a computer, and a certain binary bit stream will represent a certain size of decimal integers. C is a decimal number (0 ≤ C ≤ M), and then the decimal number C is written to the target file.

3.3 Design of Decryption Module

The decryption operation is X=CD (mod M). The principles of the decryption module and the encryption module are basically the same, except that when reading the data to be decrypted from the file, it must be the same as the data written to the target file after being encrypted using the encryption algorithm. This is a prerequisite for the correct operation of the system. The encryption module and decryption module are the core modules of the system.

3.4 Design of Data Validation Module

Data verification is the process of comparing the MD5 values of the data you have engraved on the burning disk with the source files on your hard drive to see if they are consistent. In website development, data validation is divided into client-side validation and server-side validation. Client side validation is used to verify whether the length, type, etc. of data meet input requirements, usually implemented in JavaScript; Server side validation is to verify whether the input data matches the existing data in the database. In MVC framework development, a three-layer pattern is generally used for validation.

The data verification module is used by users to encrypt and decrypt local files on their own computer. The best way for multiple people to use a computer together is to encrypt the data with their own encryption key E and public key M as parameters, and then decrypt the encrypted data with the corresponding decryption key D and public key M. This way, other users will not be able to view the file. When this data is needed, enter the network information encryption and decryption system, enter the appropriate decryption key D and public key M, and restore the file.

3.5 Design of User Password Modification Module

To ensure the security of this system, if the user inputs incorrectly three times, the normal operation of the system will be terminated. When a user’s password is leaked, it can be resolved by modifying the user password module.

This module is also designed using the RSA algorithm, and legitimate users of the system must know the correct decryption key, public key, and user password of the module in order to enter the system. Otherwise, the system will refuse entry.

Due to the fact that the decryption key, public key, and user password can be changed at any time, it increases the difficulty for illegal users to enter the system, minimizing the system’s insecurity and ensuring its security.

4 Conclusion

The Java application programming interface provides a standard interface independent of the operating system for Java applications, which can be divided into the basic part and the extension part. After installing a Java platform on the hardware or operating system platform, Java applications can run. Nowadays, the Java platform has embedded almost all operating systems. This way, Java programs can be compiled only once and run on various systems. The network transmission information encryption and decryption system has been tested in actual network environments and shows that it is easy to install, has a good human-machine interface, high confidentiality, strong practicality, and can encrypt and decrypt any type of file.