登入功能前臺加密後臺解密之AES加密解密
阿新 • • 發佈:2018-12-14
前段時間寫一個登入功能,但是密碼是明文傳輸,要求加密傳輸,網上搜了大部分都是md5加密,但是此方法是將加密後的密文傳輸到資料庫中,後臺是無法解密的,後來搜到用AES加密的話可以後臺解密,所以特此記錄下來: 1、首先需要在jsp頁面中引入兩個js檔案:
<script type="text/javascript" src="<c:url value='/js/aes.js'/>"></script> <script type="text/javascript" src="<c:url value='/js/pad-zeropadding-min.js'/>"></script>
2、在你自己的js檔案中定義key和iv,或者直接在jsp頁面的script當中定義:
function encrypt(data) { var key = CryptoJS.enc.Latin1.parse('dufy20170329java'); var iv = CryptoJS.enc.Latin1.parse('dufy20170329java'); return CryptoJS.AES.encrypt(data, key, {iv:iv,mode:CryptoJS.mode.CBC,padding:CryptoJS.pad.ZeroPadding}).toString(); }
其中‘dufy20170329java’是自定義的,用於後臺解密 3、呼叫encrypt函式給密碼加密
var loginpass = $("#loginpass").val();
loginpass = encrypt(loginpass);
$("#loginpass").val(loginpass);
以上為前臺給密碼加密的步驟,接下來是後臺解密: 4、定義工具類AesEncryptUtil
package util; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import org.apache.tomcat.util.codec.binary.Base64; public class AesEncryptUtil { //使用AES-128-CBC加密模式,key需要為16位,key和iv可以相同! private static String KEY = "dufy20170329java"; private static String IV = "dufy20170329java"; /** * 加密方法 * @param data 要加密的資料 * @param key 加密key * @param iv 加密iv * @return 加密的結果 * @throws Exception */ public static String encrypt(String data, String key, String iv) throws Exception { try { Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");//"演算法/模式/補碼方式" int blockSize = cipher.getBlockSize(); byte[] dataBytes = data.getBytes(); int plaintextLength = dataBytes.length; if (plaintextLength % blockSize != 0) { plaintextLength = plaintextLength + (blockSize - (plaintextLength % blockSize)); } byte[] plaintext = new byte[plaintextLength]; System.arraycopy(dataBytes, 0, plaintext, 0, dataBytes.length); SecretKeySpec keyspec = new SecretKeySpec(key.getBytes(), "AES"); IvParameterSpec ivspec = new IvParameterSpec(iv.getBytes()); cipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec); byte[] encrypted = cipher.doFinal(plaintext); return new Base64().encodeToString(encrypted); } catch (Exception e) { e.printStackTrace(); return null; } } /** * 解密方法 * @param data 要解密的資料 * @param key 解密key * @param iv 解密iv * @return 解密的結果 * @throws Exception */ public static String desEncrypt(String data, String key, String iv) throws Exception { try { byte[] encrypted1 = new Base64().decode(data); Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding"); SecretKeySpec keyspec = new SecretKeySpec(key.getBytes(), "AES"); IvParameterSpec ivspec = new IvParameterSpec(iv.getBytes()); cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec); byte[] original = cipher.doFinal(encrypted1); String originalString = new String(original); return originalString; } catch (Exception e) { e.printStackTrace(); return null; } } /** * 使用預設的key和iv加密 * @param data * @return * @throws Exception */ public static String encrypt(String data) throws Exception { return encrypt(data, KEY, IV); } /** * 使用預設的key和iv解密 * @param data * @return * @throws Exception */ public static String desEncrypt(String data) throws Exception { return desEncrypt(data, KEY, IV); } /** * 測試 */ public static void main(String args[]) throws Exception { String test = "18729990110"; String data = null; String key = "dufy20170329java"; String iv = "dufy20170329java"; data = encrypt(test, key, iv); System.out.println(data); System.out.println(desEncrypt(data, key, iv)); } }
其中key和iv是剛剛前臺定義的,需和前臺保持一致 5、呼叫AesEncryptUtil的desEncrypt方法將獲取到的前臺的密碼解密即可
String loginpass = req.getParameter("loginpass");
try {
loginpass = AesEncryptUtil.desEncrypt(loginpass).trim();
String dbpass = AesEncryptUtil.desEncrypt(user.getPassWord()).trim();
if(!loginpass.equals(dbpass)) {
req.setAttribute("msg", "使用者名稱或密碼錯誤");
req.getRequestDispatcher("/login/login.jsp").forward(req, resp);
return;
}
} catch (Exception e) {
e.printStackTrace();
}