版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/weixin_38373006/article/details/88292734
解决密码明文传输的方案,基本有两种解决方案
1,将项目网站全站升级为https协议(如果要更谨慎,还需要加密)。
2,将密码进行加密后,在后台解密。
因项目升级https时间周期太长。将暂时替代方案改为RSA加密解密方式:
最简单的方案,前端加密,后端解密。未涉及到私钥签名等验证。但工具类内提供方法,相信各位一看即懂。
1,前端js引入jsencrypt.js(官网有下载资源。可免费下载(但不兼容ie浏览器,在ie9以下使用会导致js报错SCRIPT1010,具体原因可自行google或百度)。本博客下载资源内有兼容IE的版本,有需要的小伙伴可以下载)。
2,在前端js中使用方法:
var passWord = document.getElementById("j_password");
//密码RSA加密
var encrypt = new JSEncrypt();
encrypt.setPublicKey("MIGfMA0GC4351345135134534");//此处为RSA公钥
var passwordRSA = encrypt.encrypt(passWord.value);3,将密码密文传输后台
4,后台java的工具类
注:公钥私钥可以根据本工具类的initkey()方法生成。生成后将公钥私钥存储,具体存储看各位自己需求
/**
* @Auther: pluto
* @Date: 2019/2/27 10:09
* @Description: RSAutil
*/
public class RSAUtils {
private static Log log = LogFactory.getLog(RSAUtils.class);
private static final String KEYALGORITHM = "RSA";
private static final String SIGNATUREALGORITHM = "MD5withRSA";
private static final String PUBLICKEY = "RSAPublicKey";
private static final String PRIVATEKEY = "RSAPrivateKey";
//rsa私钥 或者可从配置文件读取。
public static final String DECRYPTPRIVATEKEY = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAIMzJa4oZpQcPhRDTIaWnF4olSaeGt5oV0XFwoeeSK+FZ3lc4N34523tdfasgba";
private RSAUtils(){super();}
public static byte[] decryptBASE64(String key) {
Base64 base64 = new Base64();
return base64.decode(key);
}
public static String encryptBASE64(byte[] bytes) {
Base64 base64 = new Base64();
return base64.encodeToString(bytes);
}
/**
*
*
* @param data
*
* @param privateKey
*
* @return
* @throws Exception
*/
public static String sign(byte[] data, String privateKey){
try {
byte[] keyBytes = decryptBASE64(privateKey);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEYALGORITHM);
PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec);
Signature signature = Signature.getInstance(SIGNATUREALGORITHM);
signature.initSign(priKey);
signature.update(data);
return encryptBASE64(signature.sign());
}catch (Exception e){
log.error("RSAUtilsSignError");
return "";
}
}
/**
*
*
* @param data
*
* @param publicKey
*
* @param sign
*
* @return
* @throws Exception
*/
public static boolean verify(byte[] data, String publicKey, String sign){
try {
byte[] keyBytes = decryptBASE64(publicKey);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEYALGORITHM);
PublicKey pubKey = keyFactory.generatePublic(keySpec);
Signature signature = Signature.getInstance(SIGNATUREALGORITHM);
signature.initVerify(pubKey);
signature.update(data);
return signature.verify(decryptBASE64(sign));
}catch (Exception e){
log.error("RSAUtilsVerifySignError");
return false;
}
}
public static byte[] decryptByPrivateKey(byte[] data, String key){
try {
byte[] keyBytes = decryptBASE64(key);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEYALGORITHM);
Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return cipher.doFinal(data);
}catch (Exception e){
log.error("RSAUtilsPrivateKeyDecryptError");
return new byte[0];
}
}
/**
*
* @param data
* @param key
* @return
* @throws Exception
*/
public static byte[] decryptByPrivateKey(String data, String key){
return decryptByPrivateKey(decryptBASE64(data), key);
}
/**
*
* @param data
* @param key
* @return
* @throws Exception
*/
public static byte[] decryptByPublicKey(byte[] data, String key){
try {
byte[] keyBytes = decryptBASE64(key);
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEYALGORITHM);
Key publicKey = keyFactory.generatePublic(x509KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicKey);
return cipher.doFinal(data);
}catch (Exception e){
log.error("RSAUtilsPublicKeyDecryptError");
return new byte[0];
}
}
/**
*
* @param data
* @param key
* @return
* @throws Exception
*/
public static byte[] encryptByPublicKey(String data, String key) {
try {
byte[] keyBytes = decryptBASE64(key);
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEYALGORITHM);
Key publicKey = keyFactory.generatePublic(x509KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return cipher.doFinal(data.getBytes());
}catch (Exception e){
log.error("RSAUtilsPublicKeyEncryptError");
return new byte[0];
}
}
/**
*
* @param data
* @param key
* @return
* @throws Exception
*/
public static byte[] encryptByPrivateKey(byte[] data, String key){
try {
byte[] keyBytes = decryptBASE64(key);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEYALGORITHM);
Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return cipher.doFinal(data);
}catch (Exception e){
log.error("RSAUtilsPrivateKeyEncryptError");
return new byte[0];
}
}
/**
*
* @param keyMap
* @return
* @throws Exception
*/
public static String getPrivateKey(Map<String, Key> keyMap){
if(keyMap != null){
Key key = keyMap.get(PRIVATEKEY);
return encryptBASE64(key.getEncoded());
}else{
return "";
}
}
/**
*
* @param keyMap
* @return
* @throws Exception
*/
public static String getPublicKey(Map<String, Key> keyMap){
if(keyMap != null){
Key key = keyMap.get(PUBLICKEY);
return encryptBASE64(key.getEncoded());
}else {
return "";
}
}
/**
*
* @return
* @throws Exception
*/
public static Map<String, Key> initKey(){
try {
KeyPairGenerator keyPairGen = KeyPairGenerator
.getInstance(KEYALGORITHM);
keyPairGen.initialize(2048);
KeyPair keyPair = keyPairGen.generateKeyPair();
Map<String, Key> keyMap = new HashMap(2);
keyMap.put(PUBLICKEY, keyPair.getPublic());
keyMap.put(PRIVATEKEY, keyPair.getPrivate());
return keyMap;
} catch (NoSuchAlgorithmException e) {
log.error("RSAUtilsInitKeyError");
return null;
}
}
}
5,接取并解密
注:若为ajax传输,可不必转码,若form表单形式提交,js会自动转码,后台需要解码。(也可统一解码,毕竟没什么影响)
代码如下:
String pass=request.getParameter("pass");
//此处进行密码的解密 begin
try {
pass = URLDecoder.decode(pass,"UTF-8").replace(' ', '+');
} catch (UnsupportedEncodingException e1) {
return new ModelAndView(this.getErrorView());
}
byte[] decryptData = RSAUtils.decryptByPrivateKey(pass,RSAUtils.DECRYPTPRIVATEKEY);
String decryptPas = "";
if(decryptData.length == 0){
return new ModelAndView(this.getErrorView());
}else{
decryptPas = new String(decryptData);
}
//此处进行密码的解密 end获取到解密后的密码走正常的业务流程即可!