SHA256算法
sha256与md5一样是散列算法,不是加密算法,不存在解密的问题,因此是不可逆的,可以通过key+password,对密码进行加密,在后台进行比对,安全性比md5高一点,加密后生成的密文为64位,而md5为32位;此外还可以使用sha512安全性相对更高一些,密文为128位。
前端使用
vue引入npm install js-sha256
下载地址为:https://cdnjs.cloudflare.com/ajax/libs/js-sha256/0.9.0/sha256.js 或 https://cdnjs.cloudflare.com/ajax/libs/js-sha256/0.9.0/sha256.min.js
// If you use node.js, you should require the module first:
// var sha256 = require('js-sha256');
// or TypeScript
import { sha256, sha224 } from 'js-sha256';
function randomString(e) { e = e || 32; //e为随机码位数var t = "ABCDEFGHJKMNPQRSTWXYZabcdefhijkmnprstwxyz2345678";a = t.length;n = "";for (i = 0; i < e; i++){n += t.charAt(Math.floor(Math.random() * a));}return n;
}
var key=randomString(16); //加密传入后台
var enctyptData = sha256(key+password); //前台页面输入的密码
// var enctyptData = sha256.hex(key+password); 支持中英文 数组 sha256()和sha256.hex()密文一致
java后端使用
String decryptData = DigestUtils.sha256Hex(key+password); //从前端传入的密码,key为解密后的key值
以上可看出在使用sha256算法进行加密时,前后台同时需要key值,为了保证前后台在传输key的过程中安全性更高,使得key值不被泄露,因此可以使用ras加密算法对key值进行加密。
RSA算法
RSA算法是一种非对称的加密算法,通过生成一对私钥密钥进行加解密,后台将私钥进行存储在session中,将公钥传到前台进行关键值加密,将加密之后的密文传往后台,通过使用私钥进行解密,因此rsa算法是可逆的,通常用于对key值进行加解密,与AES算法结合使用,保证系统的安全性。
前台使用
vue引入 npm install jsencrypt
或下载地址(jsencrypt.js / jsencrypt.min.js)为:https://github.com/travist/jsencrypt/blob/master/bin/jsencrypt.js
<!doctype html>
<html><head><title>JavaScript RSA Encryption</title><script src="http://code.jquery.com/jquery-1.8.3.min.js"></script><script src="bin/jsencrypt.min.js"></script><script type="text/javascript">// Call this code when the page is done loading.$(function() {// Run a quick encryption/decryption when they click.$('#testme').click(function() {// Encrypt with the public key...var encrypt = new JSEncrypt();encrypt.setPublicKey($('#pubkey').val());var encrypted = encrypt.encrypt($('#key').val());// Decrypt with the private key...var decrypt = new JSEncrypt();decrypt.setPrivateKey($('#privkey').val());var decryptedkey = decrypt.decrypt(encrypted);// Now a simple check to see if the round-trip worked.if (decryptedkey == $('#input').val()) {alert('It works!!!');}else {alert('Something went wrong....');}});});</script></head><body><label for="privkey">Private Key</label><br/><textarea id="privkey" rows="15" cols="65">-----BEGIN RSA PRIVATE KEY-----MIICXQIBAAKBgQDlOJu6TyygqxfWT7eLtGDwajtNFOb9I5XRb6khyfD1Yt3YiCgQWMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76xFxdU6jE0NQ+Z+zEdhUTooNRaY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4gwQco1KRMDSmXSMkDwIDAQABAoGAfY9LpnuWK5Bs50UVep5c93SJdUi82u7yMx4iHFMc/Z2hfenfYEzu+57fI4fvxTQ//5DbzRR/XKb8ulNv6+CHyPF31xk7YOBfkGI8qjLoq06V+FyBfDSwL8KbLyeHm7KUZnLNQbk8yGLzB3iYKkRHlmUanQGaNMIJziWOkN+N9dECQQD0ONYRNZeuM8zd8XJTSdcIX4a3gy3GGCJxOzv16XHxD03GW6UNLmfPwenKu+cdrQeaqEixrCejXdAFz/7+BSMpAkEA8EaSOeP5Xr3ZrbiKzi6TGMwHMvC7HdJxaBJbVRfApFrE0/mPwmP5rN7QwjrMY+0+AbXcm8mRQyQ1+IGEembsdwJBAN6az8Rv7QnD/YBvi52POIlRSSIMV7SwWvSK4WSMnGb1ZBbhgdg57DXaspcwHsFV7hByQ5BvMtIduHcT14ECfcECQATeaTgjFnqE/lQ22Rk0eGaYO80cc643BXVGafNfd9fcvwBMnk0iGX0XRsOozVt5AzilpsLBYuApa66NcVHJpCECQQDTjI2AQhFc1yRnCU/YgDnSpJVm1nASoRUnU8Jfm3Ozuku7JUXcVpt08DFSceCEX9unCuMcT72rAQlLpdZir876-----END RSA PRIVATE KEY-----</textarea><br/><label for="pubkey">Public Key</label><br/><textarea id="pubkey" rows="15" cols="65">-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlOJu6TyygqxfWT7eLtGDwajtNFOb9I5XRb6khyfD1Yt3YiCgQWMNW649887VGJiGr/L5i2osbl8C9+WJTeucF+S76xFxdU6jE0NQ+Z+zEdhUTooNRaY5nZiu5PgDB0ED/ZKBUSLKL7eibMxZtMlUDHjm4gwQco1KRMDSmXSMkDwIDAQAB-----END PUBLIC KEY-----
</textarea><br/><label for="key">Text to encrypt:</label><br/><textarea id="key" name="input" type="text" rows=4 cols=70>This is a test!</textarea><br/><input id="testme" type="button" value="Test Me!!!" /><br/></body>
</html>
后台使用
生成私钥密钥对+加解密数据
package RSA;import java.io.ByteArrayOutputStream;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;import javax.crypto.Cipher;import org.apache.commons.collections.set.SynchronizedSet;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;public class RSAUtils {public static final String KEY_ALGORITHM = "RSA";private static final String PUBLIC_KEY = "RSAPublicKey";private static final String PRIVATE_KEY = "RSAPrivateKey";public static final String SIGNATURE_ALGORITHM = "MD5withRSA";/*** RSA最大加密明文大小* */private static final int MAX_ENCRYPT_BLOCK = 117;/*** RSA最大解密密文大小*/private static final int MAX_DECRYPT_BLOCK = 128;private static final char[] HEX_CHAR = {'0', '1', '2', '3', '4', '5','6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};//获得公钥字符串public static String getPublicKeyStr(Map<String, Object> keyMap) throws Exception {//获得map中的公钥对象 转为key对象Key key = (Key) keyMap.get(PUBLIC_KEY);//编码返回字符串return bytesToHex(encryptBASE64(key.getEncoded()).getBytes());}//获得私钥字符串public static String getPrivateKeyStr(Map<String, Object> keyMap) throws Exception {//获得map中的私钥对象 转为key对象Key key = (Key) keyMap.get(PRIVATE_KEY);//编码返回字符串return bytesToHex(encryptBASE64(key.getEncoded()).getBytes());}//获取公钥public static PublicKey getPublicKey(String key) throws Exception {byte[] keyBytes;keyBytes = (new BASE64Decoder()).decodeBuffer(key);X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);PublicKey publicKey = keyFactory.generatePublic(keySpec);return publicKey;}//获取私钥public static PrivateKey getPrivateKey(String key) throws Exception {byte[] keyBytes;keyBytes = (new BASE64Decoder()).decodeBuffer(key);PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);PrivateKey privateKey = keyFactory.generatePrivate(keySpec);return privateKey;}//解码返回bytepublic static byte[] decryptBASE64(String key) throws Exception {return (new BASE64Decoder()).decodeBuffer(key);}//编码返回字符串public static String encryptBASE64(byte[] key) throws Exception {return (new BASE64Encoder()).encodeBuffer(key);}//***************************签名和验证******************************* public static String sign(byte[] data, String privateKeyStr) throws Exception {PrivateKey priK = getPrivateKey(new String(hexToBytes(privateKeyStr)));Signature sig = Signature.getInstance(SIGNATURE_ALGORITHM);sig.initSign(priK);sig.update(data);return bytesToHex(sig.sign());}public static boolean verify(byte[] data, String sign, String publicKeyStr) throws Exception {PublicKey pubK = getPublicKey(new String(hexToBytes(publicKeyStr)));Signature sig = Signature.getInstance(SIGNATURE_ALGORITHM);sig.initVerify(pubK);sig.update(data);return sig.verify(hexToBytes(sign));}//************************加密解密************************** public static String encrypt(byte[] plainText, String publicKeyStr) throws Exception {PublicKey publicKey = getPublicKey(new String(hexToBytes(publicKeyStr)));Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);cipher.init(Cipher.ENCRYPT_MODE, publicKey);int inputLen = plainText.length;ByteArrayOutputStream out = new ByteArrayOutputStream();int offSet = 0;int i = 0;byte[] cache;while(inputLen - offSet > 0) {if (inputLen - offSet > MAX_ENCRYPT_BLOCK){cache = cipher.doFinal(plainText, offSet, MAX_ENCRYPT_BLOCK);} else{cache = cipher.doFinal(plainText, offSet, inputLen - offSet);}out.write(cache, 0, cache.length);i++;offSet = i * MAX_ENCRYPT_BLOCK;}byte[] encryptText = out.toByteArray();out.close();return bytesToHex(encryptText);}public static String decrypt(String encryptTextHex, String privateKeyStr) throws Exception {byte[] encryptText = hexToBytes(encryptTextHex);PrivateKey privateKey = getPrivateKey(new String(hexToBytes(privateKeyStr)));Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);cipher.init(Cipher.DECRYPT_MODE, privateKey);int inputLen = encryptText.length;ByteArrayOutputStream out = new ByteArrayOutputStream();int offSet = 0;byte[] cache;int i = 0;// 对数据分段解密while(inputLen - offSet > 0){if(inputLen - offSet > MAX_DECRYPT_BLOCK){cache = cipher.doFinal(encryptText, offSet, MAX_DECRYPT_BLOCK);} else{cache = cipher.doFinal(encryptText, offSet, inputLen - offSet);}out.write(cache, 0, cache.length);i++;offSet = i * MAX_DECRYPT_BLOCK;}byte[] plainText = out.toByteArray();out.close();return new String(plainText);}public static Map<String, Object> initKey() throws Exception {KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);keyPairGen.initialize(1024);KeyPair keyPair = keyPairGen.generateKeyPair();RSAPublicKey publicKey = (RSAPublicKey)keyPair.getPublic();RSAPrivateKey privateKey = (RSAPrivateKey)keyPair.getPrivate();Map<String, Object> keyMap = new HashMap(2);keyMap.put(PUBLIC_KEY, publicKey);keyMap.put(PRIVATE_KEY, privateKey);return keyMap;}/*** 将byte[]转换为16进制字符串*/public static String bytesToHex(byte[] bytes) {//一个byte为8位,可用两个十六进制位标识char[] buf = new char[bytes.length * 2];int a = 0;int index = 0;for(byte b : bytes) { // 使用除与取余进行转换if(b < 0) {a = 256 + b;} else {a = b;}buf[index++] = HEX_CHAR[a / 16];buf[index++] = HEX_CHAR[a % 16];}return new String(buf);}/*** 将16进制字符串转换为byte[]** @param str* @return*/public static byte[] hexToBytes(String str) {if(str == null || str.trim().equals("")) {return new byte[0];}byte[] bytes = new byte[str.length() / 2];for(int i = 0; i < str.length() / 2; i++) {String subStr = str.substring(i * 2, i * 2 + 2);bytes[i] = (byte) Integer.parseInt(subStr, 16);}return bytes;}public static void main(String[] args) throws Exception {Map<String, Object> keyMap;String cipherText;String input = "10001eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee";try {keyMap = initKey();String publicKey = RSAUtils.getPublicKeyStr(keyMap);System.out.println("公钥------------------");System.out.println(publicKey);System.out.println("length: " + publicKey.length());String privateKey = RSAUtils.getPrivateKeyStr(keyMap);System.out.println("私钥------------------");System.out.println(privateKey);System.out.println("length: " + privateKey.length());System.out.println("测试可行性-------------------");System.out.println("明文=======" + input);System.out.println("length: " + input.length());cipherText = RSAUtils.encrypt(input.getBytes(), publicKey);//加密后的东西 System.out.println("密文=======" + cipherText);System.out.println("length: " + cipherText.length());//开始解密 String plainText =RSAUtils. decrypt(cipherText, privateKey);System.out.println("解密后明文===== " + new String(plainText));System.out.println("验证签名-----------");String str = "被签名的内容sssssssassssssssssssssssssssssssssssssssss";System.out.println("\n原文:" + str);String signature = RSAUtils.sign(str.getBytes(), privateKey);System.out.println(signature);System.out.println(signature.length());boolean status = RSAUtils.verify(str.getBytes(), signature, publicKey);System.out.println("验证情况:" + status);} catch (Exception e) {e.printStackTrace();}}
}AES算法
AES算法是对称算法,经常与RSA算法结合使用,但因AES算法是对称的,解密相比RSA算法会快一点,效率高一点,因此经常使用RSA算法通过公钥加密key值,使用AES算法加密key+参数,将两个密文通过ajax传到后台,使用RSA算法的私钥解密key值,使用AES算法通过解密后的key来解密参数,根据业务处理参数,将结果通过AES进行加密返回前台,然后通过前端AES解密将结果在前端进行渲染。
前台使用
vue引入 npm install crypto-js
下载地址为:https://gitee.com/gitcrazy/crypto-js/tree/master
// Plain text encryption 简单使用
var CryptoJS = require("crypto-js");// Encrypt
var ciphertext = CryptoJS.AES.encrypt('my message', 'secret key 123').toString();// Decrypt
var bytes = CryptoJS.AES.decrypt(ciphertext, 'secret key 123');
var originalText = bytes.toString(CryptoJS.enc.Utf8);console.log(originalText); // 'my message'
// Object encryption
var CryptoJS = require("crypto-js");var data = [{id: 1}, {id: 2}]// Encrypt
var ciphertext = CryptoJS.AES.encrypt(JSON.stringify(data), 'secret key 123').toString();// Decrypt
var bytes = CryptoJS.AES.decrypt(ciphertext, 'secret key 123');
var decryptedData = JSON.parse(bytes.toString(CryptoJS.enc.Utf8));console.log(decryptedData); // [{id: 1}, {id: 2}]
//推荐这种方式
import CryptoJS from 'crypto-js/crypto-js' // 默认的 KEY 与 iv 如果没有给
const KEY = CryptoJS.enc.Utf8.parse('1019E2991V09O17L1019E2991V09O17L')
const IV = CryptoJS.enc.Utf8.parse('1019E2991V09O17L')
/*** AES加密 :字符串 key iv 返回base64*/
export function Encrypt (data, keyStr, ivStr) {let key = KEYlet iv = IVif (keyStr) {key = CryptoJS.enc.Utf8.parse(keyStr)iv = CryptoJS.enc.Utf8.parse(ivStr)}let srcs = CryptoJS.enc.Utf8.parse(data)var encrypted = CryptoJS.AES.encrypt(srcs, key, {iv: iv,mode: CryptoJS.mode.CBC,padding: CryptoJS.pad.Pkcs7})// console.log("-=-=-=-", encrypted.ciphertext)return CryptoJS.enc.Base64.stringify(encrypted.ciphertext)
}
/*** AES 解密 :字符串 key iv 返回base64**/
export function Decrypt (encryotData, keyStr, ivStr) {let key = KEYlet iv = IVif (keyStr) {key = CryptoJS.enc.Utf8.parse(keyStr)iv = CryptoJS.enc.Utf8.parse(ivStr)}let base64 = CryptoJS.enc.Base64.parse(encryotData)let src = CryptoJS.enc.Base64.stringify(base64)var decrypt = CryptoJS.AES.decrypt(src, key, {iv: iv,mode: CryptoJS.mode.CBC,padding: CryptoJS.pad.Pkcs7})var decryptedStr = decrypt.toString(CryptoJS.enc.Utf8)return decryptedStr.toString()
}
后台使用
package com.winning.devops.util;import org.apache.commons.codec.binary.Base64;import javax.crypto.Cipher;import javax.crypto.spec.IvParameterSpec;import javax.crypto.spec.SecretKeySpec;public class AesUtil {private static String KEY = "1019E2991V09O17L1019E2991V09O17L";private static String IV = "1019E2991V09O17L";/*** 加密方法** @param data 要加密的数据* @param key 加密key* @param iv 加密iv* @return 加密的结果* @throws Exception*/public static String encrypt(String data, String key, String iv) throws Exception {try {//"算法/模式/补码方式"PKCS5Padding"Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");byte[] plaintext = data.getBytes("UTF-8");SecretKeySpec keyspec = new SecretKeySpec(key.getBytes(), "AES");IvParameterSpec ivspec = new IvParameterSpec(iv.getBytes());cipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec);byte[] encrypted = cipher.doFinal(plaintext);return new Base64().encodeToString(encrypted);} catch (Exception e) {e.printStackTrace();return null;}}/*** 解密方法** @param data 要解密的数据* @param key 解密key* @param iv 解密iv* @return 解密的结果* @throws Exception*/public static String decrypt(String data, String key, String iv) throws Exception {try {byte[] encrypted1 = new Base64().decode(data);Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");SecretKeySpec keyspec = new SecretKeySpec(key.getBytes(), "AES");IvParameterSpec ivspec = new IvParameterSpec(iv.getBytes());cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec);byte[] original = cipher.doFinal(encrypted1);String originalString = new String(original, "UTF-8");return originalString;} catch (Exception e) {e.printStackTrace();return null;}}/*** 使用默认的key和iv加密** @param data* @return* @throws Exception*/public static String encrypt(String data) throws Exception {return encrypt(data, KEY, IV);}/*** 使用默认的key和iv解密** @param data* @return* @throws Exception*/public static String decrypt(String data) throws Exception {return decrypt(data, KEY, IV);}/*** 测试*/public static void main(String args[]) throws Exception {String test1 = "root";String test = new String(test1.getBytes(), "UTF-8");String data = null;String key = KEY;String iv = IV;data = encrypt(test, key, iv);System.out.println("数据:" + test);System.out.println("加密:" + data);String jiemi = decrypt(data, key, iv);System.out.println("解密:" + jiemi);}}
注意: 后端的补码方式设置为PKCS5Padding,对应vue前端的CryptoJS.pad.Pkcs7。如果此处改为无补码的方式,解密后得到的字符串会有多余空格。
)
