一、前言
这两天研究了一下项目中的密码加密,可以说得上是学到了很多。下面来大致说一下。
二、常用加密
1.单向加密算法
单向加密算法主要用来验证数据传输的过程中,是否被篡改过。
-
BASE64 严格地说,属于编码格式,而非加密算法
-
MD5(Message Digest algorithm 5,信息摘要算法)
-
SHA(Secure Hash Algorithm,安全散列算法)
-
HMAC(Hash Message Authentication Code,散列消息鉴别码
2.对称和非对称加密算法
对称和非对称加密算法主要采用公钥和私钥的形式,来对数据加密。 
View Code View Code View Code View Code View Code
-
DES(Data Encryption Standard,数据加密算法)
-
PBE(Password-based encryption,基于密码验证)
-
RSA(算法的名字以发明者的名字命名:Ron Rivest, AdiShamir 和Leonard Adleman)
-
DH(Diffie-Hellman算法,密钥一致协议)
-
DSA(Digital Signature Algorithm,数字签名)
-
ECC(Elliptic Curves Cryptography,椭圆曲线密码编码学)
参考:Java中的各种加密算法 聊一聊MD5 各种Java加密算法
三、项目中的加密策略
创建用户:同一默认密码处理,用户登录时要修改密码。获取到默认密码之后先进行一次sha1加密,然后根据user code 和 salt进行第二次sha1加密存入数据库。
校验用户:用户登录时,js处理密码。首先进行一次sha1加密,然后进行一次rsa加密(需要向后台请求ras公钥的modulus 和 exponent)。后台通过rsa公钥对应的私钥进行解密,然后根据user code进行找到对应的用户,通过user code 和 salt进行sha1加密,将得到的结果和数据库中的进行对比。
四、代码
js sha1算法加密(sha1.js)
'use strict'; (function (E) {function t(c, a, e) {var g = 0, b = [], d = 0, f, k, l, h, m, w, n, q = !1, r = !1, p = [], t = [], v, u = !1;e = e || {};f = e.encoding || "UTF8";v = e.numRounds || 1;l = y(a, f);if (v !== parseInt(v, 10) || 1 > v)throw Error("numRounds must a integer >= 1");if ("SHA-1" === c)m = 512, w = z, n = F, h = 160; else throw Error("Chosen SHA variant is not supported");k = x(c);this.setHMACKey = function (a, b, d) {var e;if (!0 === r)throw Error("HMAC key already set");if (!0 === q)throw Error("Cannot set HMAC key after finalizing hash");if (!0 === u)throw Error("Cannot set HMAC key after calling update");f = (d || {}).encoding || "UTF8";b = y(b, f)(a);a = b.binLen;b = b.value;e = m >>> 3;d = e / 4 - 1;if (e < a / 8) {for (b = n(b, a, 0, x(c)); b.length <= d;)b.push(0);b[d] &= 4294967040} else if (e > a / 8) {for (; b.length <= d;)b.push(0);b[d] &= 4294967040}for (a = 0; a <= d; a += 1)p[a] = b[a] ^ 909522486, t[a] = b[a] ^ 1549556828;k = w(p, k);g = m;r = !0};this.update = function (a) {var c, e, f, h = 0, n = m >>> 5;c = l(a, b, d);a = c.binLen;e = c.value;c = a >>> 5;for (f = 0; f < c; f += n)h + m <= a && (k = w(e.slice(f, f + n), k), h += m);g += h;b = e.slice(h >>> 5);d = a % m;u = !0};this.getHash = function (a, e) {var f, l, m;if (!0 ===r)throw Error("Cannot call getHash after setting HMAC key");m = A(e);switch (a) {case "HEX":f = function (a) {return B(a, m)};break;case "B64":f = function (a) {return C(a, m)};break;case "BYTES":f = D;break;default:throw Error("format must be HEX, B64, or BYTES");}if (!1 === q)for (k = n(b, d, g, k), l = 1; l < v; l += 1)k = n(k, h, 0, x(c));q = !0;return f(k)};this.getHMAC = function (a, e) {var f, l, p;if (!1 === r)throw Error("Cannot call getHMAC without first setting HMAC key");p = A(e);switch (a) {case "HEX":f = function (a) {return B(a, p)};break;case "B64":f =function (a) {return C(a, p)};break;case "BYTES":f = D;break;default:throw Error("outputFormat must be HEX, B64, or BYTES");}!1 === q && (l = n(b, d, g, k), k = w(t, x(c)), k = n(l, h, m, k));q = !0;return f(k)}}function G(c, a, e) {var g = c.length, b, d, f, k, l;a = a || [0];e = e || 0;l = e >>> 3;if (0 !== g % 2)throw Error("String of HEX type must be in byte increments");for (b = 0; b < g; b += 2) {d = parseInt(c.substr(b, 2), 16);if (isNaN(d))throw Error("String of HEX type contains invalid characters");k = (b >>> 1) + l;for (f = k >>> 2; a.length <= f;)a.push(0);a[f] |= d <<8 * (3 - k % 4)}return {value: a, binLen: 4 * g + e}}function H(c, a, e) {var g = [], b, d, f, k, g = a || [0];e = e || 0;d = e >>> 3;for (b = 0; b < c.length; b += 1)a = c.charCodeAt(b), k = b + d, f = k >>> 2, g.length <= f && g.push(0), g[f] |= a << 8 * (3 - k % 4);return {value: g, binLen: 8 * c.length + e}}function I(c, a, e) {var g = [], b = 0, d, f, k, l, h, m, g = a || [0];e = e || 0;a = e >>> 3;if (-1 === c.search(/^[a-zA-Z0-9=+\/]+$/))throw Error("Invalid character in base-64 string");f = c.indexOf("=");c = c.replace(/\=/g, "");if (-1 !== f && f < c.length)throw Error("Invalid '=' found in base-64 string");for (f = 0; f < c.length; f += 4) {h = c.substr(f, 4);for (k = l = 0; k < h.length; k += 1)d = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".indexOf(h[k]), l |= d << 18 - 6 * k;for (k = 0; k < h.length - 1; k += 1) {m = b + a;for (d = m >>> 2; g.length <= d;)g.push(0);g[d] |= (l >>> 16 - 8 * k & 255) << 8 * (3 - m % 4);b += 1}}return {value: g, binLen: 8 * b + e}}function B(c, a) {var e = "", g = 4 * c.length, b, d;for (b = 0; b < g; b += 1)d = c[b >>> 2] >>> 8 * (3 - b % 4), e += "0123456789abcdef".charAt(d >>> 4 & 15) + "0123456789abcdef".charAt(d & 15);return a.outputUpper ? e.toUpperCase() : e}function C(c,a) {var e = "", g = 4 * c.length, b, d, f;for (b = 0; b < g; b += 3)for (f = b + 1 >>> 2, d = c.length <= f ? 0 : c[f], f = b + 2 >>> 2, f = c.length <= f ? 0 : c[f], f = (c[b >>> 2] >>> 8 * (3 - b % 4) & 255) << 16 | (d >>> 8 * (3 - (b + 1) % 4) & 255) << 8 | f >>> 8 * (3 - (b + 2) % 4) & 255, d = 0; 4 > d; d += 1)8 * b + 6 * d <= 32 * c.length ? e += "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(f >>> 6 * (3 - d) & 63) : e += a.b64Pad;return e}function D(c) {var a = "", e = 4 * c.length, g, b;for (g = 0; g < e; g += 1)b = c[g >>> 2] >>> 8 * (3 - g % 4) & 255, a += String.fromCharCode(b);return a}function A(c) {var a = {outputUpper: !1, b64Pad: "="};c = c || {};a.outputUpper = c.outputUpper || !1;a.b64Pad = c.b64Pad || "=";if ("boolean" !== typeof a.outputUpper)throw Error("Invalid outputUpper formatting option");if ("string" !== typeof a.b64Pad)throw Error("Invalid b64Pad formatting option");return a}function y(c, a) {var e;switch (a) {case "UTF8":case "UTF16BE":case "UTF16LE":break;default:throw Error("encoding must be UTF8, UTF16BE, or UTF16LE");}switch (c) {case "HEX":e = G;break;case "TEXT":e = function (e, b, d) {var f = [], c = [], l = 0, h, m, p, n, q, f = b || [0];b = d || 0;p = b >>> 3;if ("UTF8" ===a)for (h = 0; h < e.length; h += 1)for (d = e.charCodeAt(h), c = [], 128 > d ? c.push(d) : 2048 > d ? (c.push(192 | d >>> 6), c.push(128 | d & 63)) : 55296 > d || 57344 <= d ? c.push(224 | d >>> 12, 128 | d >>> 6 & 63, 128 | d & 63) : (h += 1, d = 65536 + ((d & 1023) << 10 | e.charCodeAt(h) & 1023), c.push(240 | d >>> 18, 128 | d >>> 12 & 63, 128 | d >>> 6 & 63, 128 | d & 63)), m = 0; m < c.length; m += 1) {q = l + p;for (n = q >>> 2; f.length <= n;)f.push(0);f[n] |= c[m] << 8 * (3 - q % 4);l += 1} else if ("UTF16BE" === a || "UTF16LE" === a)for (h = 0; h < e.length; h += 1) {d = e.charCodeAt(h);"UTF16LE" === a && (m = d & 255, d = m << 8 | d >>> 8);q = l + p;for (n = q >>>2; f.length <= n;)f.push(0);f[n] |= d << 8 * (2 - q % 4);l += 2}return {value: f, binLen: 8 * l + b}};break;case "B64":e = I;break;case "BYTES":e = H;break;default:throw Error("format must be HEX, TEXT, B64, or BYTES");}return e}function r(c, a) {return c << a | c >>> 32 - a}function p(c, a) {var e = (c & 65535) + (a & 65535);return ((c >>> 16) + (a >>> 16) + (e >>> 16) & 65535) << 16 | e & 65535}function u(c, a, e, g, b) {var d = (c & 65535) + (a & 65535) + (e & 65535) + (g & 65535) + (b & 65535);return ((c >>> 16) + (a >>> 16) + (e >>> 16) + (g >>> 16) + (b >>> 16) + (d >>> 16) & 65535) << 16 | d & 65535}function x(c) {if ("SHA-1" ===c)c = [1732584193, 4023233417, 2562383102, 271733878, 3285377520]; else throw Error("No SHA variants supported");return c}function z(c, a) {var e = [], g, b, d, f, k, l, h;g = a[0];b = a[1];d = a[2];f = a[3];k = a[4];for (h = 0; 80 > h; h += 1)e[h] = 16 > h ? c[h] : r(e[h - 3] ^ e[h - 8] ^ e[h - 14] ^ e[h - 16], 1), l = 20 > h ? u(r(g, 5), b & d ^ ~b & f, k, 1518500249, e[h]) : 40 > h ? u(r(g, 5), b ^ d ^ f, k, 1859775393, e[h]) : 60 > h ? u(r(g, 5), b & d ^ b & f ^ d & f, k, 2400959708, e[h]) : u(r(g, 5), b ^ d ^ f, k, 3395469782, e[h]), k = f, f = d, d = r(b, 30), b = g, g = l;a[0] = p(g, a[0]);a[1] = p(b, a[1]);a[2] = p(d, a[2]);a[3] = p(f, a[3]);a[4] = p(k, a[4]);return a}function F(c, a, e, g) {var b;for (b = (a + 65 >>> 9 << 4) + 15; c.length <= b;)c.push(0);c[a >>> 5] |= 128 << 24 - a % 32;c[b] = a + e;e = c.length;for (a = 0; a < e; a += 16)g = z(c.slice(a, a + 16), g);return g}"function" === typeof define && define.amd ? define(function () {return t}) : "undefined" !== typeof exports ? "undefined" !== typeof module && module.exports ? module.exports = exports = t : exports = t : E.jsSHA = t })(this);
encrypt.js
var sha1 = require ('xxx/sha1.js');function _encrypt(jsSHA) {var encrypt = function(string){var shaObj = new jsSHA("SHA-1", "TEXT");shaObj.update(string);var hash = shaObj.getHash("HEX");return hash;}return encrypt; }const encrypt = _encrypt(sha1)export default encrypt;
js rsa 算法加密(security.js)
var RSAUtils = {};var biRadixBase = 2; var biRadixBits = 16; var bitsPerDigit = biRadixBits; var biRadix = 1 << 16; // = 2^16 = 65536 var biHalfRadix = biRadix >>> 1; var biRadixSquared = biRadix * biRadix; var maxDigitVal = biRadix - 1; var maxInteger = 9999999999999998;//maxDigits: //Change this to accommodate your largest number size. Use setMaxDigits() //to change it! // //In general, if you're working with numbers of size N bits, you'll need 2*N //bits of storage. Each digit holds 16 bits. So, a 1024-bit key will need // //1024 * 2 / 16 = 128 digits of storage. // var maxDigits; var ZERO_ARRAY; var bigZero, bigOne;var BigInt = window.BigInt = function(flag) {if (typeof flag == "boolean" && flag == true) {this.digits = null;} else {this.digits = ZERO_ARRAY.slice(0);}this.isNeg = false; };RSAUtils.setMaxDigits = function(value) {maxDigits = value;ZERO_ARRAY = new Array(maxDigits);for (var iza = 0; iza < ZERO_ARRAY.length; iza++) ZERO_ARRAY[iza] = 0;bigZero = new BigInt();bigOne = new BigInt();bigOne.digits[0] = 1; }; RSAUtils.setMaxDigits(20);//The maximum number of digits in base 10 you can convert to an //integer without JavaScript throwing up on you. var dpl10 = 15;RSAUtils.biFromNumber = function(i) {var result = new BigInt();result.isNeg = i < 0;i = Math.abs(i);var j = 0;while (i > 0) {result.digits[j++] = i & maxDigitVal;i = Math.floor(i / biRadix);}return result; };//lr10 = 10 ^ dpl10 var lr10 = RSAUtils.biFromNumber(1000000000000000);RSAUtils.biFromDecimal = function(s) {var isNeg = s.charAt(0) == '-';var i = isNeg ? 1 : 0;var result;// Skip leading zeros.while (i < s.length && s.charAt(i) == '0') ++i;if (i == s.length) {result = new BigInt();}else {var digitCount = s.length - i;var fgl = digitCount % dpl10;if (fgl == 0) fgl = dpl10;result = RSAUtils.biFromNumber(Number(s.substr(i, fgl)));i += fgl;while (i < s.length) {result = RSAUtils.biAdd(RSAUtils.biMultiply(result, lr10),RSAUtils.biFromNumber(Number(s.substr(i, dpl10))));i += dpl10;}result.isNeg = isNeg;}return result; };RSAUtils.biCopy = function(bi) {var result = new BigInt(true);result.digits = bi.digits.slice(0);result.isNeg = bi.isNeg;return result; };RSAUtils.reverseStr = function(s) {var result = "";for (var i = s.length - 1; i > -1; --i) {result += s.charAt(i);}return result; };var hexatrigesimalToChar = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9','a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j','k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't','u', 'v', 'w', 'x', 'y', 'z' ];RSAUtils.biToString = function(x, radix) { // 2 <= radix <= 36var b = new BigInt();b.digits[0] = radix;var qr = RSAUtils.biDivideModulo(x, b);var result = hexatrigesimalToChar[qr[1].digits[0]];while (RSAUtils.biCompare(qr[0], bigZero) == 1) {qr = RSAUtils.biDivideModulo(qr[0], b);digit = qr[1].digits[0];result += hexatrigesimalToChar[qr[1].digits[0]];}return (x.isNeg ? "-" : "") + RSAUtils.reverseStr(result); };RSAUtils.biToDecimal = function(x) {var b = new BigInt();b.digits[0] = 10;var qr = RSAUtils.biDivideModulo(x, b);var result = String(qr[1].digits[0]);while (RSAUtils.biCompare(qr[0], bigZero) == 1) {qr = RSAUtils.biDivideModulo(qr[0], b);result += String(qr[1].digits[0]);}return (x.isNeg ? "-" : "") + RSAUtils.reverseStr(result); };var hexToChar = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9','a', 'b', 'c', 'd', 'e', 'f'];RSAUtils.digitToHex = function(n) {var mask = 0xf;var result = "";for (var i = 0; i < 4; ++i) {result += hexToChar[n & mask];n >>>= 4;}return RSAUtils.reverseStr(result); };RSAUtils.biToHex = function(x) {var result = "";var n = RSAUtils.biHighIndex(x);for (var i = RSAUtils.biHighIndex(x); i > -1; --i) {result += RSAUtils.digitToHex(x.digits[i]);}return result; };RSAUtils.charToHex = function(c) {var ZERO = 48;var NINE = ZERO + 9;var littleA = 97;var littleZ = littleA + 25;var bigA = 65;var bigZ = 65 + 25;var result;if (c >= ZERO && c <= NINE) {result = c - ZERO;} else if (c >= bigA && c <= bigZ) {result = 10 + c - bigA;} else if (c >= littleA && c <= littleZ) {result = 10 + c - littleA;} else {result = 0;}return result; };RSAUtils.hexToDigit = function(s) {var result = 0;var sl = Math.min(s.length, 4);for (var i = 0; i < sl; ++i) {result <<= 4;result |= RSAUtils.charToHex(s.charCodeAt(i));}return result; };RSAUtils.biFromHex = function(s) {var result = new BigInt();var sl = s.length;for (var i = sl, j = 0; i > 0; i -= 4, ++j) {result.digits[j] = RSAUtils.hexToDigit(s.substr(Math.max(i - 4, 0), Math.min(i, 4)));}return result; };RSAUtils.biFromString = function(s, radix) {var isNeg = s.charAt(0) == '-';var istop = isNeg ? 1 : 0;var result = new BigInt();var place = new BigInt();place.digits[0] = 1; // radix^0for (var i = s.length - 1; i >= istop; i--) {var c = s.charCodeAt(i);var digit = RSAUtils.charToHex(c);var biDigit = RSAUtils.biMultiplyDigit(place, digit);result = RSAUtils.biAdd(result, biDigit);place = RSAUtils.biMultiplyDigit(place, radix);}result.isNeg = isNeg;return result; };RSAUtils.biDump = function(b) {return (b.isNeg ? "-" : "") + b.digits.join(" "); };RSAUtils.biAdd = function(x, y) {var result;if (x.isNeg != y.isNeg) {y.isNeg = !y.isNeg;result = RSAUtils.biSubtract(x, y);y.isNeg = !y.isNeg;}else {result = new BigInt();var c = 0;var n;for (var i = 0; i < x.digits.length; ++i) {n = x.digits[i] + y.digits[i] + c;result.digits[i] = n % biRadix;c = Number(n >= biRadix);}result.isNeg = x.isNeg;}return result; };RSAUtils.biSubtract = function(x, y) {var result;if (x.isNeg != y.isNeg) {y.isNeg = !y.isNeg;result = RSAUtils.biAdd(x, y);y.isNeg = !y.isNeg;} else {result = new BigInt();var n, c;c = 0;for (var i = 0; i < x.digits.length; ++i) {n = x.digits[i] - y.digits[i] + c;result.digits[i] = n % biRadix;// Stupid non-conforming modulus operation.if (result.digits[i] < 0) result.digits[i] += biRadix;c = 0 - Number(n < 0);}// Fix up the negative sign, if any.if (c == -1) {c = 0;for (var i = 0; i < x.digits.length; ++i) {n = 0 - result.digits[i] + c;result.digits[i] = n % biRadix;// Stupid non-conforming modulus operation.if (result.digits[i] < 0) result.digits[i] += biRadix;c = 0 - Number(n < 0);}// Result is opposite sign of arguments.result.isNeg = !x.isNeg;} else {// Result is same sign.result.isNeg = x.isNeg;}}return result; };RSAUtils.biHighIndex = function(x) {var result = x.digits.length - 1;while (result > 0 && x.digits[result] == 0) --result;return result; };RSAUtils.biNumBits = function(x) {var n = RSAUtils.biHighIndex(x);var d = x.digits[n];var m = (n + 1) * bitsPerDigit;var result;for (result = m; result > m - bitsPerDigit; --result) {if ((d & 0x8000) != 0) break;d <<= 1;}return result; };RSAUtils.biMultiply = function(x, y) {var result = new BigInt();var c;var n = RSAUtils.biHighIndex(x);var t = RSAUtils.biHighIndex(y);var uv, k;for (var i = 0; i <= t; ++i) {c = 0;k = i;for (var j = 0; j <= n; ++j, ++k) {uv = result.digits[k] + x.digits[j] * y.digits[i] + c;result.digits[k] = uv & maxDigitVal;c = uv >>> biRadixBits;//c = Math.floor(uv / biRadix); }result.digits[i + n + 1] = c;}// Someone give me a logical xor, please.result.isNeg = x.isNeg != y.isNeg;return result; };RSAUtils.biMultiplyDigit = function(x, y) {var n, c, uv, result;result = new BigInt();n = RSAUtils.biHighIndex(x);c = 0;for (var j = 0; j <= n; ++j) {uv = result.digits[j] + x.digits[j] * y + c;result.digits[j] = uv & maxDigitVal;c = uv >>> biRadixBits;//c = Math.floor(uv / biRadix); }result.digits[1 + n] = c;return result; };RSAUtils.arrayCopy = function(src, srcStart, dest, destStart, n) {var m = Math.min(srcStart + n, src.length);for (var i = srcStart, j = destStart; i < m; ++i, ++j) {dest[j] = src[i];} };var highBitMasks = [0x0000, 0x8000, 0xC000, 0xE000, 0xF000, 0xF800,0xFC00, 0xFE00, 0xFF00, 0xFF80, 0xFFC0, 0xFFE0,0xFFF0, 0xFFF8, 0xFFFC, 0xFFFE, 0xFFFF];RSAUtils.biShiftLeft = function(x, n) {var digitCount = Math.floor(n / bitsPerDigit);var result = new BigInt();RSAUtils.arrayCopy(x.digits, 0, result.digits, digitCount,result.digits.length - digitCount);var bits = n % bitsPerDigit;var rightBits = bitsPerDigit - bits;for (var i = result.digits.length - 1, i1 = i - 1; i > 0; --i, --i1) {result.digits[i] = ((result.digits[i] << bits) & maxDigitVal) |((result.digits[i1] & highBitMasks[bits]) >>>(rightBits));}result.digits[0] = ((result.digits[i] << bits) & maxDigitVal);result.isNeg = x.isNeg;return result; };var lowBitMasks = [0x0000, 0x0001, 0x0003, 0x0007, 0x000F, 0x001F,0x003F, 0x007F, 0x00FF, 0x01FF, 0x03FF, 0x07FF,0x0FFF, 0x1FFF, 0x3FFF, 0x7FFF, 0xFFFF];RSAUtils.biShiftRight = function(x, n) {var digitCount = Math.floor(n / bitsPerDigit);var result = new BigInt();RSAUtils.arrayCopy(x.digits, digitCount, result.digits, 0,x.digits.length - digitCount);var bits = n % bitsPerDigit;var leftBits = bitsPerDigit - bits;for (var i = 0, i1 = i + 1; i < result.digits.length - 1; ++i, ++i1) {result.digits[i] = (result.digits[i] >>> bits) |((result.digits[i1] & lowBitMasks[bits]) << leftBits);}result.digits[result.digits.length - 1] >>>= bits;result.isNeg = x.isNeg;return result; };RSAUtils.biMultiplyByRadixPower = function(x, n) {var result = new BigInt();RSAUtils.arrayCopy(x.digits, 0, result.digits, n, result.digits.length - n);return result; };RSAUtils.biDivideByRadixPower = function(x, n) {var result = new BigInt();RSAUtils.arrayCopy(x.digits, n, result.digits, 0, result.digits.length - n);return result; };RSAUtils.biModuloByRadixPower = function(x, n) {var result = new BigInt();RSAUtils.arrayCopy(x.digits, 0, result.digits, 0, n);return result; };RSAUtils.biCompare = function(x, y) {if (x.isNeg != y.isNeg) {return 1 - 2 * Number(x.isNeg);}for (var i = x.digits.length - 1; i >= 0; --i) {if (x.digits[i] != y.digits[i]) {if (x.isNeg) {return 1 - 2 * Number(x.digits[i] > y.digits[i]);} else {return 1 - 2 * Number(x.digits[i] < y.digits[i]);}}}return 0; };RSAUtils.biDivideModulo = function(x, y) {var nb = RSAUtils.biNumBits(x);var tb = RSAUtils.biNumBits(y);var origYIsNeg = y.isNeg;var q, r;if (nb < tb) {// |x| < |y|if (x.isNeg) {q = RSAUtils.biCopy(bigOne);q.isNeg = !y.isNeg;x.isNeg = false;y.isNeg = false;r = biSubtract(y, x);// Restore signs, 'cause they're references.x.isNeg = true;y.isNeg = origYIsNeg;} else {q = new BigInt();r = RSAUtils.biCopy(x);}return [q, r];}q = new BigInt();r = x;// Normalize Y.var t = Math.ceil(tb / bitsPerDigit) - 1;var lambda = 0;while (y.digits[t] < biHalfRadix) {y = RSAUtils.biShiftLeft(y, 1);++lambda;++tb;t = Math.ceil(tb / bitsPerDigit) - 1;}// Shift r over to keep the quotient constant. We'll shift the// remainder back at the end.r = RSAUtils.biShiftLeft(r, lambda);nb += lambda; // Update the bit count for x.var n = Math.ceil(nb / bitsPerDigit) - 1;var b = RSAUtils.biMultiplyByRadixPower(y, n - t);while (RSAUtils.biCompare(r, b) != -1) {++q.digits[n - t];r = RSAUtils.biSubtract(r, b);}for (var i = n; i > t; --i) {var ri = (i >= r.digits.length) ? 0 : r.digits[i];var ri1 = (i - 1 >= r.digits.length) ? 0 : r.digits[i - 1];var ri2 = (i - 2 >= r.digits.length) ? 0 : r.digits[i - 2];var yt = (t >= y.digits.length) ? 0 : y.digits[t];var yt1 = (t - 1 >= y.digits.length) ? 0 : y.digits[t - 1];if (ri == yt) {q.digits[i - t - 1] = maxDigitVal;} else {q.digits[i - t - 1] = Math.floor((ri * biRadix + ri1) / yt);}var c1 = q.digits[i - t - 1] * ((yt * biRadix) + yt1);var c2 = (ri * biRadixSquared) + ((ri1 * biRadix) + ri2);while (c1 > c2) {--q.digits[i - t - 1];c1 = q.digits[i - t - 1] * ((yt * biRadix) | yt1);c2 = (ri * biRadix * biRadix) + ((ri1 * biRadix) + ri2);}b = RSAUtils.biMultiplyByRadixPower(y, i - t - 1);r = RSAUtils.biSubtract(r, RSAUtils.biMultiplyDigit(b, q.digits[i - t - 1]));if (r.isNeg) {r = RSAUtils.biAdd(r, b);--q.digits[i - t - 1];}}r = RSAUtils.biShiftRight(r, lambda);// Fiddle with the signs and stuff to make sure that 0 <= r < y.q.isNeg = x.isNeg != origYIsNeg;if (x.isNeg) {if (origYIsNeg) {q = RSAUtils.biAdd(q, bigOne);} else {q = RSAUtils.biSubtract(q, bigOne);}y = RSAUtils.biShiftRight(y, lambda);r = RSAUtils.biSubtract(y, r);}// Check for the unbelievably stupid degenerate case of r == -0.if (r.digits[0] == 0 && RSAUtils.biHighIndex(r) == 0) r.isNeg = false;return [q, r]; };RSAUtils.biDivide = function(x, y) {return RSAUtils.biDivideModulo(x, y)[0]; };RSAUtils.biModulo = function(x, y) {return RSAUtils.biDivideModulo(x, y)[1]; };RSAUtils.biMultiplyMod = function(x, y, m) {return RSAUtils.biModulo(RSAUtils.biMultiply(x, y), m); };RSAUtils.biPow = function(x, y) {var result = bigOne;var a = x;while (true) {if ((y & 1) != 0) result = RSAUtils.biMultiply(result, a);y >>= 1;if (y == 0) break;a = RSAUtils.biMultiply(a, a);}return result; };RSAUtils.biPowMod = function(x, y, m) {var result = bigOne;var a = x;var k = y;while (true) {if ((k.digits[0] & 1) != 0) result = RSAUtils.biMultiplyMod(result, a, m);k = RSAUtils.biShiftRight(k, 1);if (k.digits[0] == 0 && RSAUtils.biHighIndex(k) == 0) break;a = RSAUtils.biMultiplyMod(a, a, m);}return result; };window.BarrettMu = function(m) {this.modulus = RSAUtils.biCopy(m);this.k = RSAUtils.biHighIndex(this.modulus) + 1;var b2k = new BigInt();b2k.digits[2 * this.k] = 1; // b2k = b^(2k)this.mu = RSAUtils.biDivide(b2k, this.modulus);this.bkplus1 = new BigInt();this.bkplus1.digits[this.k + 1] = 1; // bkplus1 = b^(k+1)this.modulo = BarrettMu_modulo;this.multiplyMod = BarrettMu_multiplyMod;this.powMod = BarrettMu_powMod; };function BarrettMu_modulo(x) {var $dmath = RSAUtils;var q1 = $dmath.biDivideByRadixPower(x, this.k - 1);var q2 = $dmath.biMultiply(q1, this.mu);var q3 = $dmath.biDivideByRadixPower(q2, this.k + 1);var r1 = $dmath.biModuloByRadixPower(x, this.k + 1);var r2term = $dmath.biMultiply(q3, this.modulus);var r2 = $dmath.biModuloByRadixPower(r2term, this.k + 1);var r = $dmath.biSubtract(r1, r2);if (r.isNeg) {r = $dmath.biAdd(r, this.bkplus1);}var rgtem = $dmath.biCompare(r, this.modulus) >= 0;while (rgtem) {r = $dmath.biSubtract(r, this.modulus);rgtem = $dmath.biCompare(r, this.modulus) >= 0;}return r; }function BarrettMu_multiplyMod(x, y) {/*x = this.modulo(x);y = this.modulo(y);*/var xy = RSAUtils.biMultiply(x, y);return this.modulo(xy); }function BarrettMu_powMod(x, y) {var result = new BigInt();result.digits[0] = 1;var a = x;var k = y;while (true) {if ((k.digits[0] & 1) != 0) result = this.multiplyMod(result, a);k = RSAUtils.biShiftRight(k, 1);if (k.digits[0] == 0 && RSAUtils.biHighIndex(k) == 0) break;a = this.multiplyMod(a, a);}return result; }var RSAKeyPair = function(encryptionExponent, decryptionExponent, modulus) {var $dmath = RSAUtils;this.e = $dmath.biFromHex(encryptionExponent);this.d = $dmath.biFromHex(decryptionExponent);this.m = $dmath.biFromHex(modulus);// We can do two bytes per digit, so// chunkSize = 2 * (number of digits in modulus - 1).// Since biHighIndex returns the high index, not the number of digits, 1 has// already been subtracted.this.chunkSize = 2 * $dmath.biHighIndex(this.m);this.radix = 16;this.barrett = new window.BarrettMu(this.m); };RSAUtils.getKeyPair = function(encryptionExponent, decryptionExponent, modulus) {return new RSAKeyPair(encryptionExponent, decryptionExponent, modulus); };if(typeof window.twoDigit === 'undefined') {window.twoDigit = function(n) {return (n < 10 ? "0" : "") + String(n);}; }// Altered by Rob Saunders (rob@robsaunders.net). New routine pads the // string after it has been converted to an array. This fixes an // incompatibility with Flash MX's ActionScript. RSAUtils.encryptedString = function(key, s) {var a = [];var sl = s.length;var i = 0;while (i < sl) {a[i] = s.charCodeAt(i);i++;}while (a.length % key.chunkSize != 0) {a[i++] = 0;}var al = a.length;var result = "";var j, k, block;for (i = 0; i < al; i += key.chunkSize) {block = new BigInt();j = 0;for (k = i; k < i + key.chunkSize; ++j) {block.digits[j] = a[k++];block.digits[j] += a[k++] << 8;}var crypt = key.barrett.powMod(block, key.e);var text = key.radix == 16 ? RSAUtils.biToHex(crypt) : RSAUtils.biToString(crypt, key.radix);result += text + " ";}return result.substring(0, result.length - 1); // Remove last space. };RSAUtils.decryptedString = function(key, s) {var blocks = s.split(" ");var result = "";var i, j, block;for (i = 0; i < blocks.length; ++i) {var bi;if (key.radix == 16) {bi = RSAUtils.biFromHex(blocks[i]);}else {bi = RSAUtils.biFromString(blocks[i], key.radix);}block = key.barrett.powMod(bi, key.d);for (j = 0; j <= RSAUtils.biHighIndex(block); ++j) {result += String.fromCharCode(block.digits[j] & 255,block.digits[j] >> 8);}}// Remove trailing null, if any.if (result.charCodeAt(result.length - 1) == 0) {result = result.substring(0, result.length - 1);}return result; };RSAUtils.setMaxDigits(130);export default RSAUtils;
前端加密示例
import RSAUtils from 'xxx/security'; import encrypt from 'xxx/encrypt';plainPassword = encrypt(plainPassword);var key = RSAUtils.getKeyPair(exponent, '', modulus); var encryptedPwd = RSAUtils.encryptedString(key, plainPassword);
java rsa 算法(RSAUtils.java)
import java.math.BigInteger; import java.security.InvalidParameterException; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.Provider; import java.security.PublicKey; import java.security.SecureRandom; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.InvalidKeySpecException; import java.security.spec.RSAPrivateKeySpec; import java.security.spec.RSAPublicKeySpec; import javax.crypto.Cipher; import org.apache.commons.codec.DecoderException; import org.apache.commons.codec.binary.Hex; import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.time.DateFormatUtils; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory;public abstract class RSAUtils {private static final Logger LOGGER = LoggerFactory.getLogger(RSAUtils.class);private static final String ALGORITHOM = "RSA";private static final int KEY_SIZE = 1024;private static final Provider DEFAULT_PROVIDER = new BouncyCastleProvider();private static KeyPairGenerator keyPairGen = null;private static KeyFactory keyFactory = null;private static KeyPair oneKeyPair = null;public static synchronized KeyPair generateKeyPair() {try {keyPairGen.initialize(1024,new SecureRandom(DateFormatUtils.format(System.currentTimeMillis(), "yyyyMMdd").getBytes()));oneKeyPair = keyPairGen.generateKeyPair();return oneKeyPair;} catch (InvalidParameterException ex) {LOGGER.error("KeyPairGenerator does not support a key length of 1024.", ex);} catch (NullPointerException ex) {LOGGER.error("RSAUtils#KEY_PAIR_GEN is null, can not generate KeyPairGenerator instance.", ex);}return null;}public static KeyPair getKeyPair() {return oneKeyPair;}public static void setKeyPair(KeyPair redisKeyPair) {oneKeyPair = redisKeyPair;}public static RSAPublicKey generateRSAPublicKey(byte[] modulus, byte[] publicExponent) {RSAPublicKeySpec publicKeySpec = new RSAPublicKeySpec(new BigInteger(modulus), new BigInteger(publicExponent));try {return ((RSAPublicKey) keyFactory.generatePublic(publicKeySpec));} catch (InvalidKeySpecException ex) {LOGGER.error("RSAPublicKeySpec is unavailable.", ex);} catch (NullPointerException ex) {LOGGER.error("RSAUtils#KEY_FACTORY is null, can not generate KeyFactory instance.", ex);}return null;}public static RSAPrivateKey generateRSAPrivateKey(byte[] modulus, byte[] privateExponent) {RSAPrivateKeySpec privateKeySpec = new RSAPrivateKeySpec(new BigInteger(modulus),new BigInteger(privateExponent));try {return ((RSAPrivateKey) keyFactory.generatePrivate(privateKeySpec));} catch (InvalidKeySpecException ex) {LOGGER.error("RSAPrivateKeySpec is unavailable.", ex);} catch (NullPointerException ex) {LOGGER.error("RSAUtils#KEY_FACTORY is null, can not generate KeyFactory instance.", ex);}return null;}public static RSAPrivateKey getRSAPrivateKey(String hexModulus, String hexPrivateExponent) {if ((StringUtils.isBlank(hexModulus)) || (StringUtils.isBlank(hexPrivateExponent))) {if (LOGGER.isDebugEnabled()) {LOGGER.debug("hexModulus and hexPrivateExponent cannot be empty. RSAPrivateKey value is null to return.");}return null;}byte[] modulus = null;byte[] privateExponent = null;try {modulus = Hex.decodeHex(hexModulus.toCharArray());privateExponent = Hex.decodeHex(hexPrivateExponent.toCharArray());} catch (DecoderException ex) {LOGGER.error("hexModulus or hexPrivateExponent value is invalid. return null(RSAPrivateKey).");}if ((modulus != null) && (privateExponent != null)) {return generateRSAPrivateKey(modulus, privateExponent);}return null;}public static RSAPublicKey getRSAPublidKey(String hexModulus, String hexPublicExponent) {if ((StringUtils.isBlank(hexModulus)) || (StringUtils.isBlank(hexPublicExponent))) {if (LOGGER.isDebugEnabled()) {LOGGER.debug("hexModulus and hexPublicExponent cannot be empty. return null(RSAPublicKey).");}return null;}byte[] modulus = null;byte[] publicExponent = null;try {modulus = Hex.decodeHex(hexModulus.toCharArray());publicExponent = Hex.decodeHex(hexPublicExponent.toCharArray());} catch (DecoderException ex) {LOGGER.error("hexModulus or hexPublicExponent value is invalid. return null(RSAPublicKey).");}if ((modulus != null) && (publicExponent != null)) {return generateRSAPublicKey(modulus, publicExponent);}return null;}public static byte[] encrypt(PublicKey publicKey, byte[] data) throws Exception {Cipher ci = Cipher.getInstance("RSA", DEFAULT_PROVIDER);ci.init(1, publicKey);return ci.doFinal(data);}public static byte[] decrypt(PrivateKey privateKey, byte[] data) throws Exception {Cipher ci = Cipher.getInstance("RSA", DEFAULT_PROVIDER);ci.init(2, privateKey);return ci.doFinal(data);}public static String encryptString(PublicKey publicKey, String plaintext) {if ((publicKey == null) || (plaintext == null)) {return null;}byte[] data = plaintext.getBytes();try {byte[] en_data = encrypt(publicKey, data);return new String(Hex.encodeHex(en_data));} catch (Exception ex) {LOGGER.error(ex.getCause().getMessage());}return null;}public static String encryptString(String plaintext) {if (plaintext == null) {return null;}byte[] data = plaintext.getBytes();KeyPair keyPair = getKeyPair();try {byte[] en_data = encrypt((RSAPublicKey) keyPair.getPublic(), data);return new String(Hex.encodeHex(en_data));} catch (NullPointerException ex) {LOGGER.error("keyPair cannot be null.");} catch (Exception ex) {LOGGER.error(ex.getCause().getMessage());}return null;}public static String decryptString(PrivateKey privateKey, String encrypttext) {if ((privateKey == null) || (StringUtils.isBlank(encrypttext)))return null;try {byte[] en_data = Hex.decodeHex(encrypttext.toCharArray());byte[] data = decrypt(privateKey, en_data);return new String(data);} catch (Exception ex) {LOGGER.error(String.format("\"%s\" Decryption failed. Cause: %s",new Object[] { encrypttext, ex.getCause().getMessage() }));}return null;}public static String decryptString(String encrypttext) {if (StringUtils.isBlank(encrypttext)) {return null;}KeyPair keyPair = getKeyPair();try {byte[] en_data = Hex.decodeHex(encrypttext.toCharArray());byte[] data = decrypt((RSAPrivateKey) keyPair.getPrivate(), en_data);return new String(data);} catch (NullPointerException ex) {LOGGER.error("keyPair cannot be null.");} catch (Exception ex) {LOGGER.error(String.format("\"%s\" Decryption failed. Cause: %s",new Object[] { encrypttext, ex.getMessage() }));}return null;}public static String decryptStringByJs(String encrypttext) {String text = decryptString(encrypttext);if (text == null) {return null;}return StringUtils.reverse(text);}public static RSAPublicKey getDefaultPublicKey() {KeyPair keyPair = getKeyPair();if (keyPair != null) {return ((RSAPublicKey) keyPair.getPublic());}return null;}public static RSAPrivateKey getDefaultPrivateKey() {KeyPair keyPair = getKeyPair();if (keyPair != null) {return ((RSAPrivateKey) keyPair.getPrivate());}return null;}static {try {keyPairGen = KeyPairGenerator.getInstance("RSA", DEFAULT_PROVIDER);keyFactory = KeyFactory.getInstance("RSA", DEFAULT_PROVIDER);} catch (NoSuchAlgorithmException ex) {LOGGER.error(ex.getMessage());}} }
java rsa 公钥获取(传递给前端)
import java.security.KeyPair; import java.security.interfaces.RSAPublicKey;import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody;import com.alibaba.fastjson.JSONObject; import xxx.RSAUtils; import xxx.ObjectResponse; import xxx.ReturnCode; import xxx.RedisCacheTemplate;@Controller @RequestMapping("pubkey") public class RSAPubkeyController {Logger logger = LoggerFactory.getLogger(RSAPubkeyController.class);public static final String KEY_PAIR = "tenant_key_pair";@Autowiredprivate RedisCacheTemplate redisCacheTemplate;@RequestMapping(value="get", method=RequestMethod.GET)@ResponseBodypublic ObjectResponse<JSONObject> getPubkey() {ObjectResponse<JSONObject> result = new ObjectResponse<JSONObject>();try {if(RSAUtils.getKeyPair() == null) {if(redisCacheTemplate.get(KEY_PAIR) == null) {KeyPair oneKeyPair = RSAUtils.generateKeyPair();redisCacheTemplate.put(KEY_PAIR, oneKeyPair);} else {KeyPair redisKeyPair = (KeyPair) redisCacheTemplate.get(KEY_PAIR);RSAUtils.setKeyPair(redisKeyPair);}} RSAPublicKey pubkey = RSAUtils.getDefaultPublicKey();JSONObject key = new JSONObject();key.put("exponent", pubkey.getPublicExponent().toString(16));key.put("modulus", pubkey.getModulus().toString(16));result.setCode(ReturnCode.SUCCESS);result.setData(key);result.setMsg("pubkey 获取成功!");} catch(Exception e) {e.printStackTrace();logger.error(e.getMessage());result.setCode(ReturnCode.FAILURE);result.setMsg("pubkey 获取异常!");}return result;} }
java sha 算法(PasswordUtils.java)
import xxx.UserBaseVO; import org.apache.commons.lang.StringUtils; import org.springside.modules.security.utils.Digests; import org.springside.modules.utils.Encodes;public class PasswordUtils {public static final int HASH_INTERATIONS = 1;private static final int SALT_SIZE = 8;public static String encodebyUserCode(UserBaseVO user) {String userCode = user.getUserCode();if (StringUtils.isNotBlank(userCode)) {String hashUserCode = encodePasswordUsingSHA(userCode);byte[] hashPassword = Digests.sha1((user.getUserPassword() + hashUserCode).getBytes(),Encodes.decodeHex(user.getSalt()), HASH_INTERATIONS);return Encodes.encodeHex(hashPassword);}byte[] hashPassword = Digests.sha1(user.getUserPassword().getBytes(),Encodes.decodeHex(user.getSalt()), HASH_INTERATIONS);return Encodes.encodeHex(hashPassword);}public static void setSalt(UserBaseVO user) {byte[] salt = Digests.generateSalt(SALT_SIZE);user.setSalt(Encodes.encodeHex(salt));}public static String encodePassword(String password, String salt) {byte[] hashPassword = Digests.sha1(password.getBytes(),Encodes.decodeHex(salt), HASH_INTERATIONS);return Encodes.encodeHex(hashPassword);}public static String encodePasswordByUserCode(String password, String salt,String userCode) {if (StringUtils.isNotBlank(userCode)) {String hashUserCode = encodePasswordUsingSHA(userCode);byte[] hashPassword = Digests.sha1((password + hashUserCode).getBytes(),Encodes.decodeHex(salt), HASH_INTERATIONS);return Encodes.encodeHex(hashPassword);}byte[] hashPassword = Digests.sha1(password.getBytes(),Encodes.decodeHex(salt), HASH_INTERATIONS);return Encodes.encodeHex(hashPassword);}public static String encodePasswordUsingSHA(String password) {byte[] hashPassword = Digests.sha1(password.getBytes());String result = Encodes.encodeHex(hashPassword);return result;}public static String encodePasswordUsingSHA(String password, String salt) {byte[] hashPassword = Digests.sha1(password.getBytes());String shaResult = Encodes.encodeHex(hashPassword);byte[] encrytyPassword = Digests.sha1(shaResult.getBytes(),Encodes.decodeHex(salt), HASH_INTERATIONS);return Encodes.encodeHex(encrytyPassword);}public static String getSalt() {byte[] salt = Digests.generateSalt(SALT_SIZE);return Encodes.encodeHex(salt);} }
后端校验示例
//获取到前端传递的密码参数 password = RSAUtils.decryptStringByJs(password);//根据usercode 获取到用户 user String checkPwd = PasswordUtils.encodePasswordByUserCode(password, user.getSalt(), user.getUserCode());assert checkPwd.equals(user.getUserPassword())
后端加密示例
UserBaseVO vo = (将要新增的用户); PasswordUtils.setSalt(vo); String shaPassword = PasswordUtils.encodePasswordUsingSHA(vo.getUserPassword()); vo.setUserPassword(shaPassword); vo.setUserPassword(PasswordUtils.encodebyUserCode(vo));
