Secure Your Data with Hybrid Encryption and Decryption method used by banking sector

Secure Your Data with Hybrid Encryption and Decryption method used by banking sector

Hello Friends,

Today , Data play major roles in each nad every business sectors. But in general if we are talking about more security then, we thought about banking security about your data.

I am going to reveal the banking hybrid security system. so keep patent and try to understand each and every thing about security because hybrid contains AES as well as RSA algorithm. To understand Hybrid you must know both the algorithm well. If you have limited knowledge of AES and RSA then you must have to visit phpclassroom.

Encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext.

Decryption is the process by which encrypted data converted into original form with help of secret key or password It decodes the encrypted information so that an authorized user can only decrypt the data because decryption requires a secret key or password.

hybrid encryption and decryption

Types of Cryptography Techniques:

1.Symmetric Key Cryptography

Through this cryptography both the sender and the receiver utilize a common key for message encryption and decryption.

Symmetric keys are fast but sharing of they public key is difficult.

Examples: AES (Advanced Encryption Standard), DES, Triple DES, RC2, RC4, RC5, and so on..

2.Asymmetric Key Cryptography

A pair of keys is used to encrypt and decrypt data. Encryption is done with a public key(*.pem), and decryption is done with a private key(*.pem). The terms “public key” and “private key” are not interchangeable.

Asymmetric keys can ensure secure key distribution, but it uses a lot of resources. It is also quite slow and involves heavy mathematical operations.

Examples: RSA, DSA, PKCs, Elliptic Curve techniques, and so on

3.Hash Function

hash function by

A cryptographic hash function is an algorithm that takes an arbitrary amount of data input—a credential—and produces a fixed-size output of enciphered text called a hash value, or just “hash.”. The hash function is also considered as a mathematical equation that takes seed (numeric input) and produces an output that is commonly referred to as a hash or message digest. This system operates in a one-way manner and does not require any key. It is also considered to be the foundation of modern cryptography.

Examples: Digest 5 (MD5), SHA (Secure Hash Algorithm), SHA128 and SHA256, and so on.

A hybrid cryptography is one which combines the convenience of a public-key cryptography with the efficiency of a symmetric-key cryptography. Public-key cryptography are convenient in that they do not require the sender and receiver to share a common secret in order to communicate securely. The approach takes advantage of public-key cryptography for sharing keys and the speed of the symmetric encryption for encrypting messages.

Algorithm :

Steps for Encryption

  1. Generate 16 digit random number. Say Randnum.
  2. Encrypt Randnum using RSA/ECB/PKCS1Padding and encode using Base64. as


  1. Perform AES/CBC/PKCS5Padding encryption on request payload using Randnum as key.
  2. iv- initialisation vector. as encryptedData.
  3. Now client may choose to send IV in request from one of below two options.
  4. Send IV as a part of encryptedData itself.

bytes[] iv = IV;

bytes[] cipherText = symmetrically encrypted Bytes (step3)

bytes[] concatB = iv + cipherText;

encryptedData = B64Encode(concatB);

7. Perform AES/CBC/PKCS5Padding encryption on DATA using Randnum as key and Base64encoded Randnum as IV as ENCR_DATA. 

Steps for Decryption

  1. Get the IV- Base64 decode the encryptedData and get first 16 bytes and rest is encrypted response.
  2. bytes[] IV= getFirst16Bytes(Base64Decode(encryptedData) )
  3. Decrypt encryptedKey using algorithm (RSA/ECB/PKCS1Padding) and Client’s private key.
  4. Decrypt the response using algorithm (AES/CBC/PKCS5Padding).
  5. Ignore first 16 bytes of response, as it contains IV.