I often encounter the problem of password plaintext transmission at work. In order to make the password more secure, it will be encrypted. Now there is a more convenient AES encryption (the front-end key may have a risk of leakage and should be placed in the configuration item):
1. Front-end encryption
1. First, introduce the js that needs to be used in the front end: crypto-js, download address:
CryptoJS-v4.1.1
https://www.aliyundrive.com/s/bXP6M8ZxVAD
Click the link to save, or copy the content of this paragraph, open the "Alibaba Cloud Disk" APP, no need to download the extremely fast online viewing, and the original video will be played at double speed.
2. Put the crypto-js file in the path to be referenced
3. The following is the js to be referenced
<script src="../static/ajax/libs/captcha/crypto-js.min.js" th:src="@{/ajax/libs/captcha/crypto-js.min.js}"></script>
<script src="../static/ajax/libs/captcha/ase.min.js" th:src="@{/ajax/libs/captcha/ase.min.js}"></script>
4. In the click event of the registration button, set the key value and iv value, which is the encrypted setting field, and define the password encryptedPwd to be encrypted
function register() {
var password = $.common.trim($("input[name='password']").val());
//AES加密
var key = "ABCDEFGHIJKL_key";
var iv = "ABCDEFGHIJKLM_iv";
var encryptedPwd = aesMinEncrypt(key,iv,password);
$.ajax({
type: "post",
url: ctx + "register",
data: {
"password": encryptedPwd,
...
...
}
success: function (res) {
}
});
}
function aesMinEncrypt(key, iv, word){
var _word = CryptoJS.enc.Utf8.parse(word),
_key = CryptoJS.enc.Utf8.parse(key),
_iv = CryptoJS.enc.Utf8.parse(iv);
var encrypted = CryptoJS.AES.encrypt(_word, _key, {
iv: _iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
return encrypted.toString();
}
2. Backend decryption
Backend decryption requires a tool class: AESUtils, which contains the decryption method code as follows:
1. Add AESUtils tool class
package com.wuye.common.utils;
import cn.jpush.api.utils.StringUtils;
import sun.misc.BASE64Decoder;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
/**
* TODO
*
* @author CSD
* @date 2022-07-28 14:16
*/
public class AESUtils {
//密钥 (需要前端和后端保持一致)十六位作为密钥
private static final String KEY = "ABCDEFGHIJKL_key";
//密钥偏移量 (需要前端和后端保持一致)十六位作为密钥偏移量
private static final String IV = "ABCDEFGHIJKLM_iv";
//算法
private static final String ALGORITHMSTR = "AES/CBC/PKCS5Padding";
/**
* base 64 decode
* @param base64Code 待解码的base 64 code
* @return 解码后的byte[]
* @throws Exception
*/
public static byte[] base64Decode(String base64Code) throws Exception{
return StringUtils.isEmpty(base64Code) ? null : new BASE64Decoder().decodeBuffer(base64Code);
}
/**
* AES解密
* @param encryptBytes 待解密的byte[]
* @return 解密后的String
* @throws Exception
*/
public static String aesDecryptByBytes(byte[] encryptBytes) throws Exception {
Cipher cipher = Cipher.getInstance(ALGORITHMSTR);
byte[] temp = IV.getBytes("UTF-8");
IvParameterSpec iv = new IvParameterSpec(temp);
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(KEY.getBytes(), "AES"), iv);
byte[] decryptBytes = cipher.doFinal(encryptBytes);
System.out.print(new String(decryptBytes));
return new String(decryptBytes);
}
/**
* 将base 64 code AES解密
* @param encryptStr 待解密的base 64 code
* @return 解密后的string
* @throws Exception
*/
public static String aesDecrypt(String encryptStr) throws Exception {
return StringUtils.isEmpty(encryptStr) ? null : aesDecryptByBytes(base64Decode(encryptStr));
}
//测试一下
public static void main(String[] args) throws Exception {
String str = "Q uus tQvLdwtGSldhrtKQ==";
str = str.replace(" ", "+");
System.out.println(str);
aesDecrypt(str);
}
}
2. Decrypt the password in the registration method to complete the encryption and decryption operation
String decrypassword = AESUtils.aesDecrypt(password);