前段时间写一个登录功能,但是密码是明文传输,要求加密传输,网上搜了大部分都是md5加密,但是此方法是将加密后的密文传输到数据库中,后台是无法解密的,后来搜到用AES加密的话可以后台解密,所以特此记录下来:
1、首先需要在jsp页面中引入两个js文件:
<script type="text/javascript" src="<c:url value='/js/aes.js'/>"></script>
<script type="text/javascript" src="<c:url value='/js/pad-zeropadding-min.js'/>"></script>
2、在你自己的js文件中定义key和iv,或者直接在jsp页面的script当中定义:
function encrypt(data) {
var key = CryptoJS.enc.Latin1.parse('dufy20170329java');
var iv = CryptoJS.enc.Latin1.parse('dufy20170329java');
return CryptoJS.AES.encrypt(data, key, {iv:iv,mode:CryptoJS.mode.CBC,padding:CryptoJS.pad.ZeroPadding}).toString();
}
其中‘dufy20170329java’是自定义的,用于后台解密
3、调用encrypt函数给密码加密
var loginpass = $("#loginpass").val();
loginpass = encrypt(loginpass);
$("#loginpass").val(loginpass);
以上为前台给密码加密的步骤,接下来是后台解密:
4、定义工具类AesEncryptUtil
package util;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.tomcat.util.codec.binary.Base64;
public class AesEncryptUtil {
//使用AES-128-CBC加密模式,key需要为16位,key和iv可以相同!
private static String KEY = "dufy20170329java";
private static String IV = "dufy20170329java";
/**
* 加密方法
* @param data 要加密的数据
* @param key 加密key
* @param iv 加密iv
* @return 加密的结果
* @throws Exception
*/
public static String encrypt(String data, String key, String iv) throws Exception {
try {
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");//"算法/模式/补码方式"
int blockSize = cipher.getBlockSize();
byte[] dataBytes = data.getBytes();
int plaintextLength = dataBytes.length;
if (plaintextLength % blockSize != 0) {
plaintextLength = plaintextLength + (blockSize - (plaintextLength % blockSize));
}
byte[] plaintext = new byte[plaintextLength];
System.arraycopy(dataBytes, 0, plaintext, 0, dataBytes.length);
SecretKeySpec keyspec = new SecretKeySpec(key.getBytes(), "AES");
IvParameterSpec ivspec = new IvParameterSpec(iv.getBytes());
cipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec);
byte[] encrypted = cipher.doFinal(plaintext);
return new Base64().encodeToString(encrypted);
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
/**
* 解密方法
* @param data 要解密的数据
* @param key 解密key
* @param iv 解密iv
* @return 解密的结果
* @throws Exception
*/
public static String desEncrypt(String data, String key, String iv) throws Exception {
try {
byte[] encrypted1 = new Base64().decode(data);
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
SecretKeySpec keyspec = new SecretKeySpec(key.getBytes(), "AES");
IvParameterSpec ivspec = new IvParameterSpec(iv.getBytes());
cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec);
byte[] original = cipher.doFinal(encrypted1);
String originalString = new String(original);
return originalString;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
/**
* 使用默认的key和iv加密
* @param data
* @return
* @throws Exception
*/
public static String encrypt(String data) throws Exception {
return encrypt(data, KEY, IV);
}
/**
* 使用默认的key和iv解密
* @param data
* @return
* @throws Exception
*/
public static String desEncrypt(String data) throws Exception {
return desEncrypt(data, KEY, IV);
}
/**
* 测试
*/
public static void main(String args[]) throws Exception {
String test = "18729990110";
String data = null;
String key = "dufy20170329java";
String iv = "dufy20170329java";
data = encrypt(test, key, iv);
System.out.println(data);
System.out.println(desEncrypt(data, key, iv));
}
}
其中key和iv是刚刚前台定义的,需和前台保持一致
5、调用AesEncryptUtil的desEncrypt方法将获取到的前台的密码解密即可
String loginpass = req.getParameter("loginpass");
try {
loginpass = AesEncryptUtil.desEncrypt(loginpass).trim();
String dbpass = AesEncryptUtil.desEncrypt(user.getPassWord()).trim();
if(!loginpass.equals(dbpass)) {
req.setAttribute("msg", "用户名或密码错误");
req.getRequestDispatcher("/login/login.jsp").forward(req, resp);
return;
}
} catch (Exception e) {
e.printStackTrace();
}
注意,此方法会抛出异常,需要try catch处理
以上就是简单的前台解密后台解密的完整过程。
js文件下载链接:https://download.csdn.net/download/weixin_43317130/10705385
这也是我在开发时网上查找资料然后收集整理的,希望能帮助到大家。