首页 > 代码库 > 加密策略
加密策略
一、前言
这两天研究了一下项目中的密码加密,可以说得上是学到了很多。下面来大致说一下。
二、常用加密
1.单向加密算法
单向加密算法主要用来验证数据传输的过程中,是否被篡改过。
BASE64 严格地说,属于编码格式,而非加密算法
MD5(Message Digest algorithm 5,信息摘要算法)
SHA(Secure Hash Algorithm,安全散列算法)
HMAC(Hash Message Authentication Code,散列消息鉴别码
DES(Data Encryption Standard,数据加密算法)
PBE(Password-based encryption,基于密码验证)
RSA(算法的名字以发明者的名字命名:Ron Rivest, AdiShamir 和Leonard Adleman)
DH(Diffie-Hellman算法,密钥一致协议)
DSA(Digital Signature Algorithm,数字签名)
ECC(Elliptic Curves Cryptography,椭圆曲线密码编码学)
参考:Java中的各种加密算法 聊一聊MD5 各种Java加密算法
三、项目中的加密策略
创建用户:同一默认密码处理,用户登录时要修改密码。获取到默认密码之后先进行一次sha1加密,然后根据user code 和 salt进行第二次sha1加密存入数据库。
校验用户:用户登录时,js处理密码。首先进行一次sha1加密,然后进行一次rsa加密(需要向后台请求ras公钥的modulus 和 exponent)。后台通过rsa公钥对应的私钥进行解密,然后根据user code进行找到对应的用户,通过user code 和 salt进行sha1加密,将得到的结果和数据库中的进行对比。
四、代码
js sha1算法加密(sha1.js)
‘use strict‘;(function (E) { function t(c, a, e) { var g = 0, b = [], d = 0, f, k, l, h, m, w, n, q = !1, r = !1, p = [], t = [], v, u = !1; e = e || {}; f = e.encoding || "UTF8"; v = e.numRounds || 1; l = y(a, f); if (v !== parseInt(v, 10) || 1 > v)throw Error("numRounds must a integer >= 1"); if ("SHA-1" === c)m = 512, w = z, n = F, h = 160; else throw Error("Chosen SHA variant is not supported"); k = x(c); this.setHMACKey = function (a, b, d) { var e; if (!0 === r)throw Error("HMAC key already set"); if (!0 === q)throw Error("Cannot set HMAC key after finalizing hash"); if (!0 === u)throw Error("Cannot set HMAC key after calling update"); f = (d || {}).encoding || "UTF8"; b = y(b, f)(a); a = b.binLen; b = b.value; e = m >>> 3; d = e / 4 - 1; if (e < a / 8) { for (b = n(b, a, 0, x(c)); b.length <= d;)b.push(0); b[d] &= 4294967040 } else if (e > a / 8) { for (; b.length <= d;)b.push(0); b[d] &= 4294967040 } for (a = 0; a <= d; a += 1)p[a] = b[a] ^ 909522486, t[a] = b[a] ^ 1549556828; k = w(p, k); g = m; r = !0 }; this.update = function (a) { var c, e, f, h = 0, n = m >>> 5; c = l(a, b, d); a = c.binLen; e = c.value; c = a >>> 5; for (f = 0; f < c; f += n)h + m <= a && (k = w(e.slice(f, f + n), k), h += m); g += h; b = e.slice(h >>> 5); d = a % m; u = !0 }; this.getHash = function (a, e) { var f, l, m; if (!0 === r)throw Error("Cannot call getHash after setting HMAC key"); m = A(e); switch (a) { case "HEX": f = function (a) { return B(a, m) }; break; case "B64": f = function (a) { return C(a, m) }; break; case "BYTES": f = D; break; default: throw Error("format must be HEX, B64, or BYTES"); } if (!1 === q)for (k = n(b, d, g, k), l = 1; l < v; l += 1)k = n(k, h, 0, x(c)); q = !0; return f(k) }; this.getHMAC = function (a, e) { var f, l, p; if (!1 === r)throw Error("Cannot call getHMAC without first setting HMAC key"); p = A(e); switch (a) { case "HEX": f = function (a) { return B(a, p) }; break; case "B64": f = function (a) { return C(a, p) }; break; case "BYTES": f = D; break; default: throw Error("outputFormat must be HEX, B64, or BYTES"); } !1 === q && (l = n(b, d, g, k), k = w(t, x(c)), k = n(l, h, m, k)); q = !0; return f(k) } } function G(c, a, e) { var g = c.length, b, d, f, k, l; a = a || [0]; e = e || 0; l = e >>> 3; if (0 !== g % 2)throw Error("String of HEX type must be in byte increments"); for (b = 0; b < g; b += 2) { d = parseInt(c.substr(b, 2), 16); if (isNaN(d))throw Error("String of HEX type contains invalid characters"); k = (b >>> 1) + l; for (f = k >>> 2; a.length <= f;)a.push(0); a[f] |= d << 8 * (3 - k % 4) } return {value: a, binLen: 4 * g + e} } function H(c, a, e) { var g = [], b, d, f, k, g = a || [0]; e = e || 0; d = e >>> 3; for (b = 0; b < c.length; b += 1)a = c.charCodeAt(b), k = b + d, f = k >>> 2, g.length <= f && g.push(0), g[f] |= a << 8 * (3 - k % 4); return {value: g, binLen: 8 * c.length + e} } function I(c, a, e) { var g = [], b = 0, d, f, k, l, h, m, g = a || [0]; e = e || 0; a = e >>> 3; if (-1 === c.search(/^[a-zA-Z0-9=+\/]+$/))throw Error("Invalid character in base-64 string"); f = c.indexOf("="); c = c.replace(/\=/g, ""); if (-1 !== f && f < c.length)throw Error("Invalid ‘=‘ found in base-64 string"); for (f = 0; f < c.length; f += 4) { h = c.substr(f, 4); for (k = l = 0; k < h.length; k += 1)d = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".indexOf(h[k]), l |= d << 18 - 6 * k; for (k = 0; k < h.length - 1; k += 1) { m = b + a; for (d = m >>> 2; g.length <= d;)g.push(0); g[d] |= (l >>> 16 - 8 * k & 255) << 8 * (3 - m % 4); b += 1 } } return {value: g, binLen: 8 * b + e} } function B(c, a) { var e = "", g = 4 * c.length, b, d; for (b = 0; b < g; b += 1)d = c[b >>> 2] >>> 8 * (3 - b % 4), e += "0123456789abcdef".charAt(d >>> 4 & 15) + "0123456789abcdef".charAt(d & 15); return a.outputUpper ? e.toUpperCase() : e } function C(c, a) { var e = "", g = 4 * c.length, b, d, f; for (b = 0; b < g; b += 3)for (f = b + 1 >>> 2, d = c.length <= f ? 0 : c[f], f = b + 2 >>> 2, f = c.length <= f ? 0 : c[f], f = (c[b >>> 2] >>> 8 * (3 - b % 4) & 255) << 16 | (d >>> 8 * (3 - (b + 1) % 4) & 255) << 8 | f >>> 8 * (3 - (b + 2) % 4) & 255, d = 0; 4 > d; d += 1)8 * b + 6 * d <= 32 * c.length ? e += "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(f >>> 6 * (3 - d) & 63) : e += a.b64Pad; return e } function D(c) { var a = "", e = 4 * c.length, g, b; for (g = 0; g < e; g += 1)b = c[g >>> 2] >>> 8 * (3 - g % 4) & 255, a += String.fromCharCode(b); return a } function A(c) { var a = {outputUpper: !1, b64Pad: "="}; c = c || {}; a.outputUpper = c.outputUpper || !1; a.b64Pad = c.b64Pad || "="; if ("boolean" !== typeof a.outputUpper)throw Error("Invalid outputUpper formatting option"); if ("string" !== typeof a.b64Pad)throw Error("Invalid b64Pad formatting option"); return a } function y(c, a) { var e; switch (a) { case "UTF8": case "UTF16BE": case "UTF16LE": break; default: throw Error("encoding must be UTF8, UTF16BE, or UTF16LE"); } switch (c) { case "HEX": e = G; break; case "TEXT": e = function (e, b, d) { var f = [], c = [], l = 0, h, m, p, n, q, f = b || [0]; b = d || 0; p = b >>> 3; if ("UTF8" === a)for (h = 0; h < e.length; h += 1)for (d = e.charCodeAt(h), c = [], 128 > d ? c.push(d) : 2048 > d ? (c.push(192 | d >>> 6), c.push(128 | d & 63)) : 55296 > d || 57344 <= d ? c.push(224 | d >>> 12, 128 | d >>> 6 & 63, 128 | d & 63) : (h += 1, d = 65536 + ((d & 1023) << 10 | e.charCodeAt(h) & 1023), c.push(240 | d >>> 18, 128 | d >>> 12 & 63, 128 | d >>> 6 & 63, 128 | d & 63)), m = 0; m < c.length; m += 1) { q = l + p; for (n = q >>> 2; f.length <= n;)f.push(0); f[n] |= c[m] << 8 * (3 - q % 4); l += 1 } else if ("UTF16BE" === a || "UTF16LE" === a)for (h = 0; h < e.length; h += 1) { d = e.charCodeAt(h); "UTF16LE" === a && (m = d & 255, d = m << 8 | d >>> 8); q = l + p; for (n = q >>> 2; f.length <= n;)f.push(0); f[n] |= d << 8 * (2 - q % 4); l += 2 } return {value: f, binLen: 8 * l + b} }; break; case "B64": e = I; break; case "BYTES": e = H; break; default: throw Error("format must be HEX, TEXT, B64, or BYTES"); } return e } function r(c, a) { return c << a | c >>> 32 - a } function p(c, a) { var e = (c & 65535) + (a & 65535); return ((c >>> 16) + (a >>> 16) + (e >>> 16) & 65535) << 16 | e & 65535 } function u(c, a, e, g, b) { var d = (c & 65535) + (a & 65535) + (e & 65535) + (g & 65535) + (b & 65535); return ((c >>> 16) + (a >>> 16) + (e >>> 16) + (g >>> 16) + (b >>> 16) + (d >>> 16) & 65535) << 16 | d & 65535 } function x(c) { if ("SHA-1" === c)c = [1732584193, 4023233417, 2562383102, 271733878, 3285377520]; else throw Error("No SHA variants supported"); return c } function z(c, a) { var e = [], g, b, d, f, k, l, h; g = a[0]; b = a[1]; d = a[2]; f = a[3]; k = a[4]; for (h = 0; 80 > h; h += 1)e[h] = 16 > h ? c[h] : r(e[h - 3] ^ e[h - 8] ^ e[h - 14] ^ e[h - 16], 1), l = 20 > h ? u(r(g, 5), b & d ^ ~b & f, k, 1518500249, e[h]) : 40 > h ? u(r(g, 5), b ^ d ^ f, k, 1859775393, e[h]) : 60 > h ? u(r(g, 5), b & d ^ b & f ^ d & f, k, 2400959708, e[h]) : u(r(g, 5), b ^ d ^ f, k, 3395469782, e[h]), k = f, f = d, d = r(b, 30), b = g, g = l; a[0] = p(g, a[0]); a[1] = p(b, a[1]); a[2] = p(d, a[2]); a[3] = p(f, a[3]); a[4] = p(k, a[4]); return a } function F(c, a, e, g) { var b; for (b = (a + 65 >>> 9 << 4) + 15; c.length <= b;)c.push(0); c[a >>> 5] |= 128 << 24 - a % 32; c[b] = a + e; e = c.length; for (a = 0; a < e; a += 16)g = z(c.slice(a, a + 16), g); return g } "function" === typeof define && define.amd ? define(function () { return t }) : "undefined" !== typeof exports ? "undefined" !== typeof module && module.exports ? module.exports = exports = t : exports = t : E.jsSHA = t})(this);
encrypt.js
var sha1 = require (‘xxx/sha1.js‘);function _encrypt(jsSHA) { var encrypt = function(string){ var shaObj = new jsSHA("SHA-1", "TEXT"); shaObj.update(string); var hash = shaObj.getHash("HEX"); return hash; } return encrypt;}const encrypt = _encrypt(sha1)export default encrypt;
js rsa 算法加密(security.js)
var RSAUtils = {};var biRadixBase = 2;var biRadixBits = 16;var bitsPerDigit = biRadixBits;var biRadix = 1 << 16; // = 2^16 = 65536var biHalfRadix = biRadix >>> 1;var biRadixSquared = biRadix * biRadix;var maxDigitVal = biRadix - 1;var maxInteger = 9999999999999998;//maxDigits://Change this to accommodate your largest number size. Use setMaxDigits()//to change it!////In general, if you‘re working with numbers of size N bits, you‘ll need 2*N//bits of storage. Each digit holds 16 bits. So, a 1024-bit key will need////1024 * 2 / 16 = 128 digits of storage.//var maxDigits;var ZERO_ARRAY;var bigZero, bigOne;var BigInt = window.BigInt = function(flag) { if (typeof flag == "boolean" && flag == true) { this.digits = null; } else { this.digits = ZERO_ARRAY.slice(0); } this.isNeg = false;};RSAUtils.setMaxDigits = function(value) { maxDigits = value; ZERO_ARRAY = new Array(maxDigits); for (var iza = 0; iza < ZERO_ARRAY.length; iza++) ZERO_ARRAY[iza] = 0; bigZero = new BigInt(); bigOne = new BigInt(); bigOne.digits[0] = 1;};RSAUtils.setMaxDigits(20);//The maximum number of digits in base 10 you can convert to an//integer without JavaScript throwing up on you.var dpl10 = 15;RSAUtils.biFromNumber = function(i) { var result = new BigInt(); result.isNeg = i < 0; i = Math.abs(i); var j = 0; while (i > 0) { result.digits[j++] = i & maxDigitVal; i = Math.floor(i / biRadix); } return result;};//lr10 = 10 ^ dpl10var lr10 = RSAUtils.biFromNumber(1000000000000000);RSAUtils.biFromDecimal = function(s) { var isNeg = s.charAt(0) == ‘-‘; var i = isNeg ? 1 : 0; var result; // Skip leading zeros. while (i < s.length && s.charAt(i) == ‘0‘) ++i; if (i == s.length) { result = new BigInt(); } else { var digitCount = s.length - i; var fgl = digitCount % dpl10; if (fgl == 0) fgl = dpl10; result = RSAUtils.biFromNumber(Number(s.substr(i, fgl))); i += fgl; while (i < s.length) { result = RSAUtils.biAdd(RSAUtils.biMultiply(result, lr10), RSAUtils.biFromNumber(Number(s.substr(i, dpl10)))); i += dpl10; } result.isNeg = isNeg; } return result;};RSAUtils.biCopy = function(bi) { var result = new BigInt(true); result.digits = bi.digits.slice(0); result.isNeg = bi.isNeg; return result;};RSAUtils.reverseStr = function(s) { var result = ""; for (var i = s.length - 1; i > -1; --i) { result += s.charAt(i); } return result;};var hexatrigesimalToChar = [ ‘0‘, ‘1‘, ‘2‘, ‘3‘, ‘4‘, ‘5‘, ‘6‘, ‘7‘, ‘8‘, ‘9‘, ‘a‘, ‘b‘, ‘c‘, ‘d‘, ‘e‘, ‘f‘, ‘g‘, ‘h‘, ‘i‘, ‘j‘, ‘k‘, ‘l‘, ‘m‘, ‘n‘, ‘o‘, ‘p‘, ‘q‘, ‘r‘, ‘s‘, ‘t‘, ‘u‘, ‘v‘, ‘w‘, ‘x‘, ‘y‘, ‘z‘];RSAUtils.biToString = function(x, radix) { // 2 <= radix <= 36 var b = new BigInt(); b.digits[0] = radix; var qr = RSAUtils.biDivideModulo(x, b); var result = hexatrigesimalToChar[qr[1].digits[0]]; while (RSAUtils.biCompare(qr[0], bigZero) == 1) { qr = RSAUtils.biDivideModulo(qr[0], b); digit = qr[1].digits[0]; result += hexatrigesimalToChar[qr[1].digits[0]]; } return (x.isNeg ? "-" : "") + RSAUtils.reverseStr(result);};RSAUtils.biToDecimal = function(x) { var b = new BigInt(); b.digits[0] = 10; var qr = RSAUtils.biDivideModulo(x, b); var result = String(qr[1].digits[0]); while (RSAUtils.biCompare(qr[0], bigZero) == 1) { qr = RSAUtils.biDivideModulo(qr[0], b); result += String(qr[1].digits[0]); } return (x.isNeg ? "-" : "") + RSAUtils.reverseStr(result);};var hexToChar = [‘0‘, ‘1‘, ‘2‘, ‘3‘, ‘4‘, ‘5‘, ‘6‘, ‘7‘, ‘8‘, ‘9‘, ‘a‘, ‘b‘, ‘c‘, ‘d‘, ‘e‘, ‘f‘];RSAUtils.digitToHex = function(n) { var mask = 0xf; var result = ""; for (var i = 0; i < 4; ++i) { result += hexToChar[n & mask]; n >>>= 4; } return RSAUtils.reverseStr(result);};RSAUtils.biToHex = function(x) { var result = ""; var n = RSAUtils.biHighIndex(x); for (var i = RSAUtils.biHighIndex(x); i > -1; --i) { result += RSAUtils.digitToHex(x.digits[i]); } return result;};RSAUtils.charToHex = function(c) { var ZERO = 48; var NINE = ZERO + 9; var littleA = 97; var littleZ = littleA + 25; var bigA = 65; var bigZ = 65 + 25; var result; if (c >= ZERO && c <= NINE) { result = c - ZERO; } else if (c >= bigA && c <= bigZ) { result = 10 + c - bigA; } else if (c >= littleA && c <= littleZ) { result = 10 + c - littleA; } else { result = 0; } return result;};RSAUtils.hexToDigit = function(s) { var result = 0; var sl = Math.min(s.length, 4); for (var i = 0; i < sl; ++i) { result <<= 4; result |= RSAUtils.charToHex(s.charCodeAt(i)); } return result;};RSAUtils.biFromHex = function(s) { var result = new BigInt(); var sl = s.length; for (var i = sl, j = 0; i > 0; i -= 4, ++j) { result.digits[j] = RSAUtils.hexToDigit(s.substr(Math.max(i - 4, 0), Math.min(i, 4))); } return result;};RSAUtils.biFromString = function(s, radix) { var isNeg = s.charAt(0) == ‘-‘; var istop = isNeg ? 1 : 0; var result = new BigInt(); var place = new BigInt(); place.digits[0] = 1; // radix^0 for (var i = s.length - 1; i >= istop; i--) { var c = s.charCodeAt(i); var digit = RSAUtils.charToHex(c); var biDigit = RSAUtils.biMultiplyDigit(place, digit); result = RSAUtils.biAdd(result, biDigit); place = RSAUtils.biMultiplyDigit(place, radix); } result.isNeg = isNeg; return result;};RSAUtils.biDump = function(b) { return (b.isNeg ? "-" : "") + b.digits.join(" ");};RSAUtils.biAdd = function(x, y) { var result; if (x.isNeg != y.isNeg) { y.isNeg = !y.isNeg; result = RSAUtils.biSubtract(x, y); y.isNeg = !y.isNeg; } else { result = new BigInt(); var c = 0; var n; for (var i = 0; i < x.digits.length; ++i) { n = x.digits[i] + y.digits[i] + c; result.digits[i] = n % biRadix; c = Number(n >= biRadix); } result.isNeg = x.isNeg; } return result;};RSAUtils.biSubtract = function(x, y) { var result; if (x.isNeg != y.isNeg) { y.isNeg = !y.isNeg; result = RSAUtils.biAdd(x, y); y.isNeg = !y.isNeg; } else { result = new BigInt(); var n, c; c = 0; for (var i = 0; i < x.digits.length; ++i) { n = x.digits[i] - y.digits[i] + c; result.digits[i] = n % biRadix; // Stupid non-conforming modulus operation. if (result.digits[i] < 0) result.digits[i] += biRadix; c = 0 - Number(n < 0); } // Fix up the negative sign, if any. if (c == -1) { c = 0; for (var i = 0; i < x.digits.length; ++i) { n = 0 - result.digits[i] + c; result.digits[i] = n % biRadix; // Stupid non-conforming modulus operation. if (result.digits[i] < 0) result.digits[i] += biRadix; c = 0 - Number(n < 0); } // Result is opposite sign of arguments. result.isNeg = !x.isNeg; } else { // Result is same sign. result.isNeg = x.isNeg; } } return result;};RSAUtils.biHighIndex = function(x) { var result = x.digits.length - 1; while (result > 0 && x.digits[result] == 0) --result; return result;};RSAUtils.biNumBits = function(x) { var n = RSAUtils.biHighIndex(x); var d = x.digits[n]; var m = (n + 1) * bitsPerDigit; var result; for (result = m; result > m - bitsPerDigit; --result) { if ((d & 0x8000) != 0) break; d <<= 1; } return result;};RSAUtils.biMultiply = function(x, y) { var result = new BigInt(); var c; var n = RSAUtils.biHighIndex(x); var t = RSAUtils.biHighIndex(y); var uv, k; for (var i = 0; i <= t; ++i) { c = 0; k = i; for (var j = 0; j <= n; ++j, ++k) { uv = result.digits[k] + x.digits[j] * y.digits[i] + c; result.digits[k] = uv & maxDigitVal; c = uv >>> biRadixBits; //c = Math.floor(uv / biRadix); } result.digits[i + n + 1] = c; } // Someone give me a logical xor, please. result.isNeg = x.isNeg != y.isNeg; return result;};RSAUtils.biMultiplyDigit = function(x, y) { var n, c, uv, result; result = new BigInt(); n = RSAUtils.biHighIndex(x); c = 0; for (var j = 0; j <= n; ++j) { uv = result.digits[j] + x.digits[j] * y + c; result.digits[j] = uv & maxDigitVal; c = uv >>> biRadixBits; //c = Math.floor(uv / biRadix); } result.digits[1 + n] = c; return result;};RSAUtils.arrayCopy = function(src, srcStart, dest, destStart, n) { var m = Math.min(srcStart + n, src.length); for (var i = srcStart, j = destStart; i < m; ++i, ++j) { dest[j] = src[i]; }};var highBitMasks = [0x0000, 0x8000, 0xC000, 0xE000, 0xF000, 0xF800, 0xFC00, 0xFE00, 0xFF00, 0xFF80, 0xFFC0, 0xFFE0, 0xFFF0, 0xFFF8, 0xFFFC, 0xFFFE, 0xFFFF];RSAUtils.biShiftLeft = function(x, n) { var digitCount = Math.floor(n / bitsPerDigit); var result = new BigInt(); RSAUtils.arrayCopy(x.digits, 0, result.digits, digitCount, result.digits.length - digitCount); var bits = n % bitsPerDigit; var rightBits = bitsPerDigit - bits; for (var i = result.digits.length - 1, i1 = i - 1; i > 0; --i, --i1) { result.digits[i] = ((result.digits[i] << bits) & maxDigitVal) | ((result.digits[i1] & highBitMasks[bits]) >>> (rightBits)); } result.digits[0] = ((result.digits[i] << bits) & maxDigitVal); result.isNeg = x.isNeg; return result;};var lowBitMasks = [0x0000, 0x0001, 0x0003, 0x0007, 0x000F, 0x001F, 0x003F, 0x007F, 0x00FF, 0x01FF, 0x03FF, 0x07FF, 0x0FFF, 0x1FFF, 0x3FFF, 0x7FFF, 0xFFFF];RSAUtils.biShiftRight = function(x, n) { var digitCount = Math.floor(n / bitsPerDigit); var result = new BigInt(); RSAUtils.arrayCopy(x.digits, digitCount, result.digits, 0, x.digits.length - digitCount); var bits = n % bitsPerDigit; var leftBits = bitsPerDigit - bits; for (var i = 0, i1 = i + 1; i < result.digits.length - 1; ++i, ++i1) { result.digits[i] = (result.digits[i] >>> bits) | ((result.digits[i1] & lowBitMasks[bits]) << leftBits); } result.digits[result.digits.length - 1] >>>= bits; result.isNeg = x.isNeg; return result;};RSAUtils.biMultiplyByRadixPower = function(x, n) { var result = new BigInt(); RSAUtils.arrayCopy(x.digits, 0, result.digits, n, result.digits.length - n); return result;};RSAUtils.biDivideByRadixPower = function(x, n) { var result = new BigInt(); RSAUtils.arrayCopy(x.digits, n, result.digits, 0, result.digits.length - n); return result;};RSAUtils.biModuloByRadixPower = function(x, n) { var result = new BigInt(); RSAUtils.arrayCopy(x.digits, 0, result.digits, 0, n); return result;};RSAUtils.biCompare = function(x, y) { if (x.isNeg != y.isNeg) { return 1 - 2 * Number(x.isNeg); } for (var i = x.digits.length - 1; i >= 0; --i) { if (x.digits[i] != y.digits[i]) { if (x.isNeg) { return 1 - 2 * Number(x.digits[i] > y.digits[i]); } else { return 1 - 2 * Number(x.digits[i] < y.digits[i]); } } } return 0;};RSAUtils.biDivideModulo = function(x, y) { var nb = RSAUtils.biNumBits(x); var tb = RSAUtils.biNumBits(y); var origYIsNeg = y.isNeg; var q, r; if (nb < tb) { // |x| < |y| if (x.isNeg) { q = RSAUtils.biCopy(bigOne); q.isNeg = !y.isNeg; x.isNeg = false; y.isNeg = false; r = biSubtract(y, x); // Restore signs, ‘cause they‘re references. x.isNeg = true; y.isNeg = origYIsNeg; } else { q = new BigInt(); r = RSAUtils.biCopy(x); } return [q, r]; } q = new BigInt(); r = x; // Normalize Y. var t = Math.ceil(tb / bitsPerDigit) - 1; var lambda = 0; while (y.digits[t] < biHalfRadix) { y = RSAUtils.biShiftLeft(y, 1); ++lambda; ++tb; t = Math.ceil(tb / bitsPerDigit) - 1; } // Shift r over to keep the quotient constant. We‘ll shift the // remainder back at the end. r = RSAUtils.biShiftLeft(r, lambda); nb += lambda; // Update the bit count for x. var n = Math.ceil(nb / bitsPerDigit) - 1; var b = RSAUtils.biMultiplyByRadixPower(y, n - t); while (RSAUtils.biCompare(r, b) != -1) { ++q.digits[n - t]; r = RSAUtils.biSubtract(r, b); } for (var i = n; i > t; --i) { var ri = (i >= r.digits.length) ? 0 : r.digits[i]; var ri1 = (i - 1 >= r.digits.length) ? 0 : r.digits[i - 1]; var ri2 = (i - 2 >= r.digits.length) ? 0 : r.digits[i - 2]; var yt = (t >= y.digits.length) ? 0 : y.digits[t]; var yt1 = (t - 1 >= y.digits.length) ? 0 : y.digits[t - 1]; if (ri == yt) { q.digits[i - t - 1] = maxDigitVal; } else { q.digits[i - t - 1] = Math.floor((ri * biRadix + ri1) / yt); } var c1 = q.digits[i - t - 1] * ((yt * biRadix) + yt1); var c2 = (ri * biRadixSquared) + ((ri1 * biRadix) + ri2); while (c1 > c2) { --q.digits[i - t - 1]; c1 = q.digits[i - t - 1] * ((yt * biRadix) | yt1); c2 = (ri * biRadix * biRadix) + ((ri1 * biRadix) + ri2); } b = RSAUtils.biMultiplyByRadixPower(y, i - t - 1); r = RSAUtils.biSubtract(r, RSAUtils.biMultiplyDigit(b, q.digits[i - t - 1])); if (r.isNeg) { r = RSAUtils.biAdd(r, b); --q.digits[i - t - 1]; } } r = RSAUtils.biShiftRight(r, lambda); // Fiddle with the signs and stuff to make sure that 0 <= r < y. q.isNeg = x.isNeg != origYIsNeg; if (x.isNeg) { if (origYIsNeg) { q = RSAUtils.biAdd(q, bigOne); } else { q = RSAUtils.biSubtract(q, bigOne); } y = RSAUtils.biShiftRight(y, lambda); r = RSAUtils.biSubtract(y, r); } // Check for the unbelievably stupid degenerate case of r == -0. if (r.digits[0] == 0 && RSAUtils.biHighIndex(r) == 0) r.isNeg = false; return [q, r];};RSAUtils.biDivide = function(x, y) { return RSAUtils.biDivideModulo(x, y)[0];};RSAUtils.biModulo = function(x, y) { return RSAUtils.biDivideModulo(x, y)[1];};RSAUtils.biMultiplyMod = function(x, y, m) { return RSAUtils.biModulo(RSAUtils.biMultiply(x, y), m);};RSAUtils.biPow = function(x, y) { var result = bigOne; var a = x; while (true) { if ((y & 1) != 0) result = RSAUtils.biMultiply(result, a); y >>= 1; if (y == 0) break; a = RSAUtils.biMultiply(a, a); } return result;};RSAUtils.biPowMod = function(x, y, m) { var result = bigOne; var a = x; var k = y; while (true) { if ((k.digits[0] & 1) != 0) result = RSAUtils.biMultiplyMod(result, a, m); k = RSAUtils.biShiftRight(k, 1); if (k.digits[0] == 0 && RSAUtils.biHighIndex(k) == 0) break; a = RSAUtils.biMultiplyMod(a, a, m); } return result;};window.BarrettMu = function(m) { this.modulus = RSAUtils.biCopy(m); this.k = RSAUtils.biHighIndex(this.modulus) + 1; var b2k = new BigInt(); b2k.digits[2 * this.k] = 1; // b2k = b^(2k) this.mu = RSAUtils.biDivide(b2k, this.modulus); this.bkplus1 = new BigInt(); this.bkplus1.digits[this.k + 1] = 1; // bkplus1 = b^(k+1) this.modulo = BarrettMu_modulo; this.multiplyMod = BarrettMu_multiplyMod; this.powMod = BarrettMu_powMod;};function BarrettMu_modulo(x) { var $dmath = RSAUtils; var q1 = $dmath.biDivideByRadixPower(x, this.k - 1); var q2 = $dmath.biMultiply(q1, this.mu); var q3 = $dmath.biDivideByRadixPower(q2, this.k + 1); var r1 = $dmath.biModuloByRadixPower(x, this.k + 1); var r2term = $dmath.biMultiply(q3, this.modulus); var r2 = $dmath.biModuloByRadixPower(r2term, this.k + 1); var r = $dmath.biSubtract(r1, r2); if (r.isNeg) { r = $dmath.biAdd(r, this.bkplus1); } var rgtem = $dmath.biCompare(r, this.modulus) >= 0; while (rgtem) { r = $dmath.biSubtract(r, this.modulus); rgtem = $dmath.biCompare(r, this.modulus) >= 0; } return r;}function BarrettMu_multiplyMod(x, y) { /* x = this.modulo(x); y = this.modulo(y); */ var xy = RSAUtils.biMultiply(x, y); return this.modulo(xy);}function BarrettMu_powMod(x, y) { var result = new BigInt(); result.digits[0] = 1; var a = x; var k = y; while (true) { if ((k.digits[0] & 1) != 0) result = this.multiplyMod(result, a); k = RSAUtils.biShiftRight(k, 1); if (k.digits[0] == 0 && RSAUtils.biHighIndex(k) == 0) break; a = this.multiplyMod(a, a); } return result;}var RSAKeyPair = function(encryptionExponent, decryptionExponent, modulus) { var $dmath = RSAUtils; this.e = $dmath.biFromHex(encryptionExponent); this.d = $dmath.biFromHex(decryptionExponent); this.m = $dmath.biFromHex(modulus); // We can do two bytes per digit, so // chunkSize = 2 * (number of digits in modulus - 1). // Since biHighIndex returns the high index, not the number of digits, 1 has // already been subtracted. this.chunkSize = 2 * $dmath.biHighIndex(this.m); this.radix = 16; this.barrett = new window.BarrettMu(this.m);};RSAUtils.getKeyPair = function(encryptionExponent, decryptionExponent, modulus) { return new RSAKeyPair(encryptionExponent, decryptionExponent, modulus);};if(typeof window.twoDigit === ‘undefined‘) { window.twoDigit = function(n) { return (n < 10 ? "0" : "") + String(n); };}// Altered by Rob Saunders (rob@robsaunders.net). New routine pads the// string after it has been converted to an array. This fixes an// incompatibility with Flash MX‘s ActionScript.RSAUtils.encryptedString = function(key, s) { var a = []; var sl = s.length; var i = 0; while (i < sl) { a[i] = s.charCodeAt(i); i++; } while (a.length % key.chunkSize != 0) { a[i++] = 0; } var al = a.length; var result = ""; var j, k, block; for (i = 0; i < al; i += key.chunkSize) { block = new BigInt(); j = 0; for (k = i; k < i + key.chunkSize; ++j) { block.digits[j] = a[k++]; block.digits[j] += a[k++] << 8; } var crypt = key.barrett.powMod(block, key.e); var text = key.radix == 16 ? RSAUtils.biToHex(crypt) : RSAUtils.biToString(crypt, key.radix); result += text + " "; } return result.substring(0, result.length - 1); // Remove last space.};RSAUtils.decryptedString = function(key, s) { var blocks = s.split(" "); var result = ""; var i, j, block; for (i = 0; i < blocks.length; ++i) { var bi; if (key.radix == 16) { bi = RSAUtils.biFromHex(blocks[i]); } else { bi = RSAUtils.biFromString(blocks[i], key.radix); } block = key.barrett.powMod(bi, key.d); for (j = 0; j <= RSAUtils.biHighIndex(block); ++j) { result += String.fromCharCode(block.digits[j] & 255, block.digits[j] >> 8); } } // Remove trailing null, if any. if (result.charCodeAt(result.length - 1) == 0) { result = result.substring(0, result.length - 1); } return result;};RSAUtils.setMaxDigits(130);export default RSAUtils;
前端加密示例
import RSAUtils from ‘xxx/security‘;import encrypt from ‘xxx/encrypt‘;plainPassword = encrypt(plainPassword);var key = RSAUtils.getKeyPair(exponent, ‘‘, modulus);var encryptedPwd = RSAUtils.encryptedString(key, plainPassword);
java rsa 算法(RSAUtils.java)
import java.math.BigInteger;import java.security.InvalidParameterException;import java.security.KeyFactory;import java.security.KeyPair;import java.security.KeyPairGenerator;import java.security.NoSuchAlgorithmException;import java.security.PrivateKey;import java.security.Provider;import java.security.PublicKey;import java.security.SecureRandom;import java.security.interfaces.RSAPrivateKey;import java.security.interfaces.RSAPublicKey;import java.security.spec.InvalidKeySpecException;import java.security.spec.RSAPrivateKeySpec;import java.security.spec.RSAPublicKeySpec;import javax.crypto.Cipher;import org.apache.commons.codec.DecoderException;import org.apache.commons.codec.binary.Hex;import org.apache.commons.lang.StringUtils;import org.apache.commons.lang.time.DateFormatUtils;import org.bouncycastle.jce.provider.BouncyCastleProvider;import org.slf4j.Logger;import org.slf4j.LoggerFactory;public abstract class RSAUtils { private static final Logger LOGGER = LoggerFactory.getLogger(RSAUtils.class); private static final String ALGORITHOM = "RSA"; private static final int KEY_SIZE = 1024; private static final Provider DEFAULT_PROVIDER = new BouncyCastleProvider(); private static KeyPairGenerator keyPairGen = null; private static KeyFactory keyFactory = null; private static KeyPair oneKeyPair = null; public static synchronized KeyPair generateKeyPair() { try { keyPairGen.initialize(1024, new SecureRandom(DateFormatUtils.format(System.currentTimeMillis(), "yyyyMMdd").getBytes())); oneKeyPair = keyPairGen.generateKeyPair(); return oneKeyPair; } catch (InvalidParameterException ex) { LOGGER.error("KeyPairGenerator does not support a key length of 1024.", ex); } catch (NullPointerException ex) { LOGGER.error("RSAUtils#KEY_PAIR_GEN is null, can not generate KeyPairGenerator instance.", ex); } return null; } public static KeyPair getKeyPair() { return oneKeyPair; } public static void setKeyPair(KeyPair redisKeyPair) { oneKeyPair = redisKeyPair; } public static RSAPublicKey generateRSAPublicKey(byte[] modulus, byte[] publicExponent) { RSAPublicKeySpec publicKeySpec = new RSAPublicKeySpec(new BigInteger(modulus), new BigInteger(publicExponent)); try { return ((RSAPublicKey) keyFactory.generatePublic(publicKeySpec)); } catch (InvalidKeySpecException ex) { LOGGER.error("RSAPublicKeySpec is unavailable.", ex); } catch (NullPointerException ex) { LOGGER.error("RSAUtils#KEY_FACTORY is null, can not generate KeyFactory instance.", ex); } return null; } public static RSAPrivateKey generateRSAPrivateKey(byte[] modulus, byte[] privateExponent) { RSAPrivateKeySpec privateKeySpec = new RSAPrivateKeySpec(new BigInteger(modulus), new BigInteger(privateExponent)); try { return ((RSAPrivateKey) keyFactory.generatePrivate(privateKeySpec)); } catch (InvalidKeySpecException ex) { LOGGER.error("RSAPrivateKeySpec is unavailable.", ex); } catch (NullPointerException ex) { LOGGER.error("RSAUtils#KEY_FACTORY is null, can not generate KeyFactory instance.", ex); } return null; } public static RSAPrivateKey getRSAPrivateKey(String hexModulus, String hexPrivateExponent) { if ((StringUtils.isBlank(hexModulus)) || (StringUtils.isBlank(hexPrivateExponent))) { if (LOGGER.isDebugEnabled()) { LOGGER.debug( "hexModulus and hexPrivateExponent cannot be empty. RSAPrivateKey value is null to return."); } return null; } byte[] modulus = null; byte[] privateExponent = null; try { modulus = Hex.decodeHex(hexModulus.toCharArray()); privateExponent = Hex.decodeHex(hexPrivateExponent.toCharArray()); } catch (DecoderException ex) { LOGGER.error("hexModulus or hexPrivateExponent value is invalid. return null(RSAPrivateKey)."); } if ((modulus != null) && (privateExponent != null)) { return generateRSAPrivateKey(modulus, privateExponent); } return null; } public static RSAPublicKey getRSAPublidKey(String hexModulus, String hexPublicExponent) { if ((StringUtils.isBlank(hexModulus)) || (StringUtils.isBlank(hexPublicExponent))) { if (LOGGER.isDebugEnabled()) { LOGGER.debug("hexModulus and hexPublicExponent cannot be empty. return null(RSAPublicKey)."); } return null; } byte[] modulus = null; byte[] publicExponent = null; try { modulus = Hex.decodeHex(hexModulus.toCharArray()); publicExponent = Hex.decodeHex(hexPublicExponent.toCharArray()); } catch (DecoderException ex) { LOGGER.error("hexModulus or hexPublicExponent value is invalid. return null(RSAPublicKey)."); } if ((modulus != null) && (publicExponent != null)) { return generateRSAPublicKey(modulus, publicExponent); } return null; } public static byte[] encrypt(PublicKey publicKey, byte[] data) throws Exception { Cipher ci = Cipher.getInstance("RSA", DEFAULT_PROVIDER); ci.init(1, publicKey); return ci.doFinal(data); } public static byte[] decrypt(PrivateKey privateKey, byte[] data) throws Exception { Cipher ci = Cipher.getInstance("RSA", DEFAULT_PROVIDER); ci.init(2, privateKey); return ci.doFinal(data); } public static String encryptString(PublicKey publicKey, String plaintext) { if ((publicKey == null) || (plaintext == null)) { return null; } byte[] data =http://www.mamicode.com/ plaintext.getBytes(); try { byte[] en_data =http://www.mamicode.com/ encrypt(publicKey, data); return new String(Hex.encodeHex(en_data)); } catch (Exception ex) { LOGGER.error(ex.getCause().getMessage()); } return null; } public static String encryptString(String plaintext) { if (plaintext == null) { return null; } byte[] data =http://www.mamicode.com/ plaintext.getBytes(); KeyPair keyPair = getKeyPair(); try { byte[] en_data =http://www.mamicode.com/ encrypt((RSAPublicKey) keyPair.getPublic(), data); return new String(Hex.encodeHex(en_data)); } catch (NullPointerException ex) { LOGGER.error("keyPair cannot be null."); } catch (Exception ex) { LOGGER.error(ex.getCause().getMessage()); } return null; } public static String decryptString(PrivateKey privateKey, String encrypttext) { if ((privateKey == null) || (StringUtils.isBlank(encrypttext))) return null; try { byte[] en_data =http://www.mamicode.com/ Hex.decodeHex(encrypttext.toCharArray()); byte[] data =http://www.mamicode.com/ decrypt(privateKey, en_data); return new String(data); } catch (Exception ex) { LOGGER.error(String.format("\"%s\" Decryption failed. Cause: %s", new Object[] { encrypttext, ex.getCause().getMessage() })); } return null; } public static String decryptString(String encrypttext) { if (StringUtils.isBlank(encrypttext)) { return null; } KeyPair keyPair = getKeyPair(); try { byte[] en_data =http://www.mamicode.com/ Hex.decodeHex(encrypttext.toCharArray()); byte[] data =http://www.mamicode.com/ decrypt((RSAPrivateKey) keyPair.getPrivate(), en_data); return new String(data); } catch (NullPointerException ex) { LOGGER.error("keyPair cannot be null."); } catch (Exception ex) { LOGGER.error(String.format("\"%s\" Decryption failed. Cause: %s", new Object[] { encrypttext, ex.getMessage() })); } return null; } public static String decryptStringByJs(String encrypttext) { String text = decryptString(encrypttext); if (text == null) { return null; } return StringUtils.reverse(text); } public static RSAPublicKey getDefaultPublicKey() { KeyPair keyPair = getKeyPair(); if (keyPair != null) { return ((RSAPublicKey) keyPair.getPublic()); } return null; } public static RSAPrivateKey getDefaultPrivateKey() { KeyPair keyPair = getKeyPair(); if (keyPair != null) { return ((RSAPrivateKey) keyPair.getPrivate()); } return null; } static { try { keyPairGen = KeyPairGenerator.getInstance("RSA", DEFAULT_PROVIDER); keyFactory = KeyFactory.getInstance("RSA", DEFAULT_PROVIDER); } catch (NoSuchAlgorithmException ex) { LOGGER.error(ex.getMessage()); } }}
java rsa 公钥获取(传递给前端)
import java.security.KeyPair;import java.security.interfaces.RSAPublicKey;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RequestMethod;import org.springframework.web.bind.annotation.ResponseBody;import com.alibaba.fastjson.JSONObject;import xxx.RSAUtils;import xxx.ObjectResponse;import xxx.ReturnCode;import xxx.RedisCacheTemplate;@Controller@RequestMapping("pubkey")public class RSAPubkeyController { Logger logger = LoggerFactory.getLogger(RSAPubkeyController.class); public static final String KEY_PAIR = "tenant_key_pair"; @Autowired private RedisCacheTemplate redisCacheTemplate; @RequestMapping(value="get", method=RequestMethod.GET) @ResponseBody public ObjectResponse<JSONObject> getPubkey() { ObjectResponse<JSONObject> result = new ObjectResponse<JSONObject>(); try { if(RSAUtils.getKeyPair() == null) { if(redisCacheTemplate.get(KEY_PAIR) == null) { KeyPair oneKeyPair = RSAUtils.generateKeyPair(); redisCacheTemplate.put(KEY_PAIR, oneKeyPair); } else { KeyPair redisKeyPair = (KeyPair) redisCacheTemplate.get(KEY_PAIR); RSAUtils.setKeyPair(redisKeyPair); } } RSAPublicKey pubkey = RSAUtils.getDefaultPublicKey(); JSONObject key = new JSONObject(); key.put("exponent", pubkey.getPublicExponent().toString(16)); key.put("modulus", pubkey.getModulus().toString(16)); result.setCode(ReturnCode.SUCCESS); result.setData(key); result.setMsg("pubkey 获取成功!"); } catch(Exception e) { e.printStackTrace(); logger.error(e.getMessage()); result.setCode(ReturnCode.FAILURE); result.setMsg("pubkey 获取异常!"); } return result; }}
java sha 算法(PasswordUtils.java)
import xxx.UserBaseVO;import org.apache.commons.lang.StringUtils;import org.springside.modules.security.utils.Digests;import org.springside.modules.utils.Encodes;public class PasswordUtils { public static final int HASH_INTERATIONS = 1; private static final int SALT_SIZE = 8; public static String encodebyUserCode(UserBaseVO user) { String userCode = user.getUserCode(); if (StringUtils.isNotBlank(userCode)) { String hashUserCode = encodePasswordUsingSHA(userCode); byte[] hashPassword = Digests.sha1( (user.getUserPassword() + hashUserCode).getBytes(), Encodes.decodeHex(user.getSalt()), HASH_INTERATIONS); return Encodes.encodeHex(hashPassword); } byte[] hashPassword = Digests.sha1(user.getUserPassword().getBytes(), Encodes.decodeHex(user.getSalt()), HASH_INTERATIONS); return Encodes.encodeHex(hashPassword); } public static void setSalt(UserBaseVO user) { byte[] salt = Digests.generateSalt(SALT_SIZE); user.setSalt(Encodes.encodeHex(salt)); } public static String encodePassword(String password, String salt) { byte[] hashPassword = Digests.sha1(password.getBytes(), Encodes.decodeHex(salt), HASH_INTERATIONS); return Encodes.encodeHex(hashPassword); } public static String encodePasswordByUserCode(String password, String salt, String userCode) { if (StringUtils.isNotBlank(userCode)) { String hashUserCode = encodePasswordUsingSHA(userCode); byte[] hashPassword = Digests.sha1( (password + hashUserCode).getBytes(), Encodes.decodeHex(salt), HASH_INTERATIONS); return Encodes.encodeHex(hashPassword); } byte[] hashPassword = Digests.sha1(password.getBytes(), Encodes.decodeHex(salt), HASH_INTERATIONS); return Encodes.encodeHex(hashPassword); } public static String encodePasswordUsingSHA(String password) { byte[] hashPassword = Digests.sha1(password.getBytes()); String result = Encodes.encodeHex(hashPassword); return result; } public static String encodePasswordUsingSHA(String password, String salt) { byte[] hashPassword = Digests.sha1(password.getBytes()); String shaResult = Encodes.encodeHex(hashPassword); byte[] encrytyPassword = Digests.sha1(shaResult.getBytes(), Encodes.decodeHex(salt), HASH_INTERATIONS); return Encodes.encodeHex(encrytyPassword); } public static String getSalt() { byte[] salt = Digests.generateSalt(SALT_SIZE); return Encodes.encodeHex(salt); }}
后端校验示例
//获取到前端传递的密码参数password = RSAUtils.decryptStringByJs(password);//根据usercode 获取到用户 userString checkPwd = PasswordUtils.encodePasswordByUserCode(password, user.getSalt(), user.getUserCode());assert checkPwd.equals(user.getUserPassword())
后端加密示例
UserBaseVO vo = (将要新增的用户);PasswordUtils.setSalt(vo);String shaPassword = PasswordUtils.encodePasswordUsingSHA(vo.getUserPassword());vo.setUserPassword(shaPassword);vo.setUserPassword(PasswordUtils.encodebyUserCode(vo));
加密策略