web頁面使用js加密敏感資訊,java端解密
阿新 • • 發佈:2019-02-12
為了保證安全,現在web應用中,大部分都使用https了,但是https只對傳輸通道進行加密,一旦通道被破,明文資料就被攻擊者獲取了,為了保證資料傳輸過程中的安全性,需要對敏感資料傳輸前做一次加密,下面演示如何通過RSA加密,做到前後端資料的安全傳輸:
首先我們需要一個前端js加密工具,這個工具叫JSEncrypt,
要縮包裡面有個jsencrypt.min.js檔案,就是我們要匯入的檔案,首先jsp頁面匯入這個js檔案;
<script src="js/jsencrypt.min.js"></script> <script> var encrypt = new JSEncrypt(); encrypt.setPublicKey("<%=RSAUtil.publicKey%>"); console.log("這是123456的密文:"+encrypt.encrypt("123456")); </script>
java端解密:
System.out.println( RSACoder.decryptBase64AndRSAByPrivateKey("這裡輸入密文") );
RSAUtil是一個java工具類:
import java.security.Key; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.HashMap; import java.util.Map; import javax.crypto.Cipher; import org.apache.commons.codec.binary.Base64; import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** * 敏感資訊加密 * @author zqz 20180818 */ public class RSACoder { private static Logger logger = LoggerFactory.getLogger(RSACoder.class); public static final String KEY_ALGORITHM = "RSA"; public static final String SIGNATURE_ALGORITHM = "MD5withRSA"; private static final String PUBLIC_KEY = "RSAPublicKey"; private static final String PRIVATE_KEY = "RSAPrivateKey"; /**公鑰,請換掉這裡的key,亂寫的**/ public static String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKsSDFQDGtwz9qRQC6PLuShXMfaRUY9Or4CwqQTiTiukU8rTjmk6xcWGarieJNTjLkGRUbTjzkSzcDtGt1AItLUbS0hZvsd4K7BsrkT67/oNI3xZ9f5mw8SPfvyZnnMvNTy9KkkssMz/TnXrZLg4FI3U5yNRZQVOUVSPIYcGFc1Z6zQIFwIDAQAB"; /**私鑰,請換掉這裡的key,亂寫的**/ public static String privateKey = "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmASDFScAgEAAoGBAMa3DP2pFALo8u5KFcx9pFRj06vgLCpBOJOK6RTytOOaTrFxYZquJ4k1OMuQSDdfffffRtOPORLNwO0a3UAi0tRtLSFm+BODgrsGyuRPrv+g0jfFn1/mbDxI9+/Jmecy81PL0qSSywzP9OdetkuDgUjdTnI1FlBU5RVI8hhwYVzVnrNAgXAgMBAAECgYAddPctBwpbYBLa9gqDNMDObbnsCaAiZ2auoHHq1AuyjaZKsYcJefWMZmJT8sScq1A88vFWca/td7cW4VZVXCVNASLC0TWUgGqe42NArT+2A9UiKJBO83JEdABo1UNlbhS2PdQRutsq8j1JyCwBehF7GcIlPbC0TcCKy1DMl2u5qQJBAPRDA3JwVHOs/eXkiQRjbpWEKZX2Fc6kbWIrf96oXQi7aRsrKVK/g4qgNNaNcCYn/VksCLfHbe74qed5sVBd1IMCQQDQQ7Tyyl2wshggxL+imuAp0lSjqYtFfD/9260voHPNfYX2LI8nWjwtdlKFLmKk0ErsKxd9aOxuRYLycRGbl7HdAkEA26IaSl+JAI6PqpSpQ4Ho4JZ7EjW5fBrLpFc63koDhaOGqgBQYvCD5jWR7U42hoi0vObkW+P+DMAZfmMlNf944wJAPe+ExpeMGVo9drFMVG0+sPFOHoXzVyzGUxabgIh1J+1mg3lo8UkSkGqZy+WpjF4tieKez7r+ZSTi9nrNw7nvOQJAM/hx/sLxeWfqfI92Etuq6HqkQ3ciVthkOPuMusGyX5rjl/g4vimrpJ43vH08vyyfsiDf5AK3mVuUfsNZAicyrg=="; static { init(); } public static void init() { /** * 生成key */ // Map<String, Key> keyMap; // try { // keyMap = RSACoder.initKey(); // publicKey = RSACoder.getPublicKey(keyMap); // privateKey = RSACoder.getPrivateKey(keyMap); // } catch (Exception e) { // // TODO Auto-generated catch block // logger.error("初始化前端js加密祕鑰失敗:",e); // } logger.info("公鑰: \n\r" + publicKey); logger.info("私鑰: \n\r" + privateKey); } public static byte[] decryptBASE64(String key) { return Base64.decodeBase64(key); } public static String encryptBASE64(byte[] bytes) { return Base64.encodeBase64String(bytes); } public static byte[] decryptBase64AndRSAByPrivateKey(String data)throws Exception{ return decryptByPrivateKey(RSACoder.decryptBASE64(data),privateKey); } /** * 私鑰解密 * @param data 要解密的base64編碼的資料; * @param key 私鑰的base64編碼資料; * @return * @throws Exception */ public static byte[] decryptAndBase64ByPrivateKey(String data, String key) throws Exception{ return decryptByPrivateKey(RSACoder.decryptBASE64(data),key); } /** * 公鑰加密 * 返回base64字串 * @param data * @param key * @return * @throws Exception */ public static String encryptAndBase64ByPublicKey(String data,String key) throws Exception { return encryptBASE64(encryptByPublicKey(data,key)); } /** * * 用私鑰對資訊生成數字簽名 * * @param data 加密資料 * @param privateKey 私鑰 * @return * @throws Exception */ public static String sign(byte[] data, String privateKey) throws Exception { // 解密由base64編碼的私鑰 byte[] keyBytes = decryptBASE64(privateKey); // 構造PKCS8EncodedKeySpec物件 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); // KEY_ALGORITHM 指定的加密演算法 KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); // 取私鑰匙物件 PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec); // 用私鑰對資訊生成數字簽名 Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initSign(priKey); signature.update(data); return encryptBASE64(signature.sign()); } /** * 校驗數字簽名 * * @param data 加密資料 * @param publicKey 公鑰 * @param sign 數字簽名 * @return 校驗成功返回true 失敗返回false * @throws Exception */ public static boolean verify(byte[] data, String publicKey, String sign) throws Exception { // 解密由base64編碼的公鑰 byte[] keyBytes = decryptBASE64(publicKey); // 構造X509EncodedKeySpec物件 X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); // KEY_ALGORITHM 指定的加密演算法 KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); // 取公鑰匙物件 PublicKey pubKey = keyFactory.generatePublic(keySpec); Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initVerify(pubKey); signature.update(data); // 驗證簽名是否正常 return signature.verify(decryptBASE64(sign)); } /** * 使用私鑰解密 * @param data * @param privateKey * @return * @throws Exception */ public static byte[] decryptByPrivateKey(byte[] data, Key privateKey) throws Exception{ // 對資料解密 Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); cipher.init(Cipher.DECRYPT_MODE, privateKey); return cipher.doFinal(data); } public static byte[] decryptByPrivateKey(byte[] data, String key) throws Exception{ // 對金鑰解密 byte[] keyBytes = decryptBASE64(key); // 取得私鑰 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec); return decryptByPrivateKey(data,privateKey); } /** * 解密<br> * 用私鑰解密 * * @param data * @param key * @return * @throws Exception */ public static byte[] decryptByPrivateKey(String data, String key) throws Exception { return decryptByPrivateKey(decryptBASE64(data),key); } /** * 解密<br> * 用公鑰解密 * * @param data * @param key * @return * @throws Exception */ public static byte[] decryptByPublicKey(byte[] data, String key) throws Exception { // 對金鑰解密 byte[] keyBytes = decryptBASE64(key); // 取得公鑰 X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key publicKey = keyFactory.generatePublic(x509KeySpec); // 對資料解密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, publicKey); return cipher.doFinal(data); } /** * 加密<br> * 用公鑰加密 * * @param data * @param key * @return * @throws Exception */ public static byte[] encryptByPublicKey(String data, String key) throws Exception { // 對公鑰解密 byte[] keyBytes = decryptBASE64(key); // 取得公鑰 X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key publicKey = keyFactory.generatePublic(x509KeySpec); // 對資料加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, publicKey); return cipher.doFinal(data.getBytes()); } /** * 加密<br> * 用私鑰加密 * * @param data * @param key * @return * @throws Exception */ public static byte[] encryptByPrivateKey(byte[] data, String key) throws Exception { // 對金鑰解密 byte[] keyBytes = decryptBASE64(key); // 取得私鑰 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec); // 對資料加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, privateKey); return cipher.doFinal(data); } /** * 取得私鑰 * * @param keyMap * @return * @throws Exception */ public static String getPrivateKey(Map<String, Key> keyMap) throws Exception { Key key = (Key) keyMap.get(PRIVATE_KEY); return encryptBASE64(key.getEncoded()); } /** * 取得公鑰 * * @param keyMap * @return * @throws Exception */ public static String getPublicKey(Map<String, Key> keyMap) throws Exception { Key key = keyMap.get(PUBLIC_KEY); return encryptBASE64(key.getEncoded()); } /** * 初始化金鑰 * * @return * @throws NoSuchAlgorithmException * @throws Exception */ public static Map<String, Key> initKey() throws NoSuchAlgorithmException { KeyPairGenerator keyPairGen = KeyPairGenerator .getInstance(KEY_ALGORITHM); keyPairGen.initialize(1024); KeyPair keyPair = keyPairGen.generateKeyPair(); Map<String, Key> keyMap = new HashMap<String, Key>(2); keyMap.put(PUBLIC_KEY, keyPair.getPublic());// 公鑰 keyMap.put(PRIVATE_KEY, keyPair.getPrivate());// 私鑰 return keyMap; } }