A common penetration test considers the use of clear text transmission of passwords for website logins as a risk. It is recommended to use the National Secret Algorithm or RSA algorithm for encrypted transmission of passwords.
RSA encryption (JS encryption, C#, Java decryption) please refer to "RSA Symmetric Encryption (JS Encryption, C#, Java Decryption)"
This article describes the implementation of the national secret SM2 algorithm.
1. Working principle
The front-end js uses the public key to encrypt, and the back-end uses the private key to decrypt (the back-end can be C# or java language).
2. Implementation steps
In order to facilitate the verification of encryption and decryption results, this article demonstrates with a set of fixed public and private keys (how to generate the public and private keys will be described later).
Public key: 04F59485B23304990ED45E42521BE504D0DE358B9E4031A172EF48700071AF985A8EA8B12BB479E24152814EE61840932BFFF5B3B1657C9CF50A61756B1D901E 1C
private key:
78AEBAE7DE025B6954357DB327F4AE412B3657B1E1ED36F89927C065155DBA9A
(1) JS front-end encryption
Just look at the demo, the code refers to the source code of the webpage.
The encryption result of online demo address is different every time.
(2) Java SM2 encryption and decryption
I am using VScode to debug Java code here. The whole program structure looks like this:
Note: The Java encryption and decryption uses the bcprov-jdk16-1.46.jar version of the package.
(See the download link at the end of the article for the complete code)
(3) C# SM2 encryption and decryption
I wrote a debugging tool, which looks like this:
Note: C# encryption and decryption uses BouncyCastle.Crypto.dll, version: 1.9.0.1, different versions of the encryption code are not the same, toss this problem for a long time.
Complete code download:
https://download.csdn.net/download/a497785609/87459516
Alternate download address:
https://qingshanboke.com/uploadfiles/demo/sm2.rar
GitHub address: