首页 > 代码库 > 加密策略
加密策略
一、前言
这两天研究了一下项目中的密码加密,可以说得上是学到了很多。下面来大致说一下。
二、常用加密
1.单向加密算法
单向加密算法主要用来验证数据传输的过程中,是否被篡改过。
BASE64 严格地说,属于编码格式,而非加密算法
MD5(Message Digest algorithm 5,信息摘要算法)
SHA(Secure Hash Algorithm,安全散列算法)
HMAC(Hash Message Authentication Code,散列消息鉴别码
2.对称和非对称加密算法
对称和非对称加密算法主要采用公钥和私钥的形式,来对数据加密。
View CodeView CodeView CodeView CodeView Code
DES(Data Encryption Standard,数据加密算法)
PBE(Password-based encryption,基于密码验证)
RSA(算法的名字以发明者的名字命名:Ron Rivest, AdiShamir 和Leonard Adleman)
DH(Diffie-Hellman算法,密钥一致协议)
DSA(Digital Signature Algorithm,数字签名)
ECC(Elliptic Curves Cryptography,椭圆曲线密码编码学)
参考:Java中的各种加密算法 聊一聊MD5 各种Java加密算法
三、项目中的加密策略
创建用户:同一默认密码处理,用户登录时要修改密码。获取到默认密码之后先进行一次sha1加密,然后根据user code 和 salt进行第二次sha1加密存入数据库。
校验用户:用户登录时,js处理密码。首先进行一次sha1加密,然后进行一次rsa加密(需要向后台请求ras公钥的modulus 和 exponent)。后台通过rsa公钥对应的私钥进行解密,然后根据user code进行找到对应的用户,通过user code 和 salt进行sha1加密,将得到的结果和数据库中的进行对比。
四、代码
js sha1算法加密(sha1.js)
‘use strict‘;(function (E) { function t(c, a, e) { var g = 0, b = [], d = 0, f, k, l, h, m, w, n, q = !1, r = !1, p = [], t = [], v, u = !1; e = e || {}; f = e.encoding || "UTF8"; v = e.numRounds || 1; l = y(a, f); if (v !== parseInt(v, 10) || 1 > v)throw Error("numRounds must a integer >= 1"); if ("SHA-1" === c)m = 512, w = z, n = F, h = 160; else throw Error("Chosen SHA variant is not supported"); k = x(c); this.setHMACKey = function (a, b, d) { var e; if (!0 === r)throw Error("HMAC key already set"); if (!0 === q)throw Error("Cannot set HMAC key after finalizing hash"); if (!0 === u)throw Error("Cannot set HMAC key after calling update"); f = (d || {}).encoding || "UTF8"; b = y(b, f)(a); a = b.binLen; b = b.value; e = m >>> 3; d = e / 4 - 1; if (e < a / 8) { for (b = n(b, a, 0, x(c)); b.length <= d;)b.push(0); b[d] &= 4294967040 } else if (e > a / 8) { for (; b.length <= d;)b.push(0); b[d] &= 4294967040 } for (a = 0; a <= d; a += 1)p[a] = b[a] ^ 909522486, t[a] = b[a] ^ 1549556828; k = w(p, k); g = m; r = !0 }; this.update = function (a) { var c, e, f, h = 0, n = m >>> 5; c = l(a, b, d); a = c.binLen; e = c.value; c = a >>> 5; for (f = 0; f < c; f += n)h + m <= a && (k = w(e.slice(f, f + n), k), h += m); g += h; b = e.slice(h >>> 5); d = a % m; u = !0 }; this.getHash = function (a, e) { var f, l, m; if (!0 === r)throw Error("Cannot call getHash after setting HMAC key"); m = A(e); switch (a) { case "HEX": f = function (a) { return B(a, m) }; break; case "B64": f = function (a) { return C(a, m) }; break; case "BYTES": f = D; break; default: throw Error("format must be HEX, B64, or BYTES"); } if (!1 === q)for (k = n(b, d, g, k), l = 1; l < v; l += 1)k = n(k, h, 0, x(c)); q = !0; return f(k) }; this.getHMAC = function (a, e) { var f, l, p; if (!1 === r)throw Error("Cannot call getHMAC without first setting HMAC key"); p = A(e); switch (a) { case "HEX": f = function (a) { return B(a, p) }; break; case "B64": f = function (a) { return C(a, p) }; break; case "BYTES": f = D; break; default: throw Error("outputFormat must be HEX, B64, or BYTES"); } !1 === q && (l = n(b, d, g, k), k = w(t, x(c)), k = n(l, h, m, k)); q = !0; return f(k) } } function G(c, a, e) { var g = c.length, b, d, f, k, l; a = a || [0]; e = e || 0; l = e >>> 3; if (0 !== g % 2)throw Error("String of HEX type must be in byte increments"); for (b = 0; b < g; b += 2) { d = parseInt(c.substr(b, 2), 16); if (isNaN(d))throw Error("String of HEX type contains invalid characters"); k = (b >>> 1) + l; for (f = k >>> 2; a.length <= f;)a.push(0); a[f] |= d << 8 * (3 - k % 4) } return {value: a, binLen: 4 * g + e} } function H(c, a, e) { var g = [], b, d, f, k, g = a || [0]; e = e || 0; d = e >>> 3; for (b = 0; b < c.length; b += 1)a = c.charCodeAt(b), k = b + d, f = k >>> 2, g.length <= f && g.push(0), g[f] |= a << 8 * (3 - k % 4); return {value: g, binLen: 8 * c.length + e} } function I(c, a, e) { var g = [], b = 0, d, f, k, l, h, m, g = a || [0]; e = e || 0; a = e >>> 3; if (-1 === c.search(/^[a-zA-Z0-9=+\/]+$/))throw Error("Invalid character in base-64 string"); f = c.indexOf("="); c = c.replace(/\=/g, ""); if (-1 !== f && f < c.length)throw Error("Invalid ‘=‘ found in base-64 string"); for (f = 0; f < c.length; f += 4) { h = c.substr(f, 4); for (k = l = 0; k < h.length; k += 1)d = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".indexOf(h[k]), l |= d << 18 - 6 * k; for (k = 0; k < h.length - 1; k += 1) { m = b + a; for (d = m >>> 2; g.length <= d;)g.push(0); g[d] |= (l >>> 16 - 8 * k & 255) << 8 * (3 - m % 4); b += 1 } } return {value: g, binLen: 8 * b + e} } function B(c, a) { var e = "", g = 4 * c.length, b, d; for (b = 0; b < g; b += 1)d = c[b >>> 2] >>> 8 * (3 - b % 4), e += "0123456789abcdef".charAt(d >>> 4 & 15) + "0123456789abcdef".charAt(d & 15); return a.outputUpper ? e.toUpperCase() : e } function C(c, a) { var e = "", g = 4 * c.length, b, d, f; for (b = 0; b < g; b += 3)for (f = b + 1 >>> 2, d = c.length <= f ? 0 : c[f], f = b + 2 >>> 2, f = c.length <= f ? 0 : c[f], f = (c[b >>> 2] >>> 8 * (3 - b % 4) & 255) << 16 | (d >>> 8 * (3 - (b + 1) % 4) & 255) << 8 | f >>> 8 * (3 - (b + 2) % 4) & 255, d = 0; 4 > d; d += 1)8 * b + 6 * d <= 32 * c.length ? e += "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".charAt(f >>> 6 * (3 - d) & 63) : e += a.b64Pad; return e } function D(c) { var a = "", e = 4 * c.length, g, b; for (g = 0; g < e; g += 1)b = c[g >>> 2] >>> 8 * (3 - g % 4) & 255, a += String.fromCharCode(b); return a } function A(c) { var a = {outputUpper: !1, b64Pad: "="}; c = c || {}; a.outputUpper = c.outputUpper || !1; a.b64Pad = c.b64Pad || "="; if ("boolean" !== typeof a.outputUpper)throw Error("Invalid outputUpper formatting option"); if ("string" !== typeof a.b64Pad)throw Error("Invalid b64Pad formatting option"); return a } function y(c, a) { var e; switch (a) { case "UTF8": case "UTF16BE": case "UTF16LE": break; default: throw Error("encoding must be UTF8, UTF16BE, or UTF16LE"); } switch (c) { case "HEX": e = G; break; case "TEXT": e = function (e, b, d) { var f = [], c = [], l = 0, h, m, p, n, q, f = b || [0]; b = d || 0; p = b >>> 3; if ("UTF8" === a)for (h = 0; h < e.length; h += 1)for (d = e.charCodeAt(h), c = [], 128 > d ? c.push(d) : 2048 > d ? (c.push(192 | d >>> 6), c.push(128 | d & 63)) : 55296 > d || 57344 <= d ? c.push(224 | d >>> 12, 128 | d >>> 6 & 63, 128 | d & 63) : (h += 1, d = 65536 + ((d & 1023) << 10 | e.charCodeAt(h) & 1023), c.push(240 | d >>> 18, 128 | d >>> 12 & 63, 128 | d >>> 6 & 63, 128 | d & 63)), m = 0; m < c.length; m += 1) { q = l + p; for (n = q >>> 2; f.length <= n;)f.push(0); f[n] |= c[m] << 8 * (3 - q % 4); l += 1 } else if ("UTF16BE" === a || "UTF16LE" === a)for (h = 0; h < e.length; h += 1) { d = e.charCodeAt(h); "UTF16LE" === a && (m = d & 255, d = m << 8 | d >>> 8); q = l + p; for (n = q >>> 2; f.length <= n;)f.push(0); f[n] |= d << 8 * (2 - q % 4); l += 2 } return {value: f, binLen: 8 * l + b} }; break; case "B64": e = I; break; case "BYTES": e = H; break; default: throw Error("format must be HEX, TEXT, B64, or BYTES"); } return e } function r(c, a) { return c << a | c >>> 32 - a } function p(c, a) { var e = (c & 65535) + (a & 65535); return ((c >>> 16) + (a >>> 16) + (e >>> 16) & 65535) << 16 | e & 65535 } function u(c, a, e, g, b) { var d = (c & 65535) + (a & 65535) + (e & 65535) + (g & 65535) + (b & 65535); return ((c >>> 16) + (a >>> 16) + (e >>> 16) + (g >>> 16) + (b >>> 16) + (d >>> 16) & 65535) << 16 | d & 65535 } function x(c) { if ("SHA-1" === c)c = [1732584193, 4023233417, 2562383102, 271733878, 3285377520]; else throw Error("No SHA variants supported"); return c } function z(c, a) { var e = [], g, b, d, f, k, l, h; g = a[0]; b = a[1]; d = a[2]; f = a[3]; k = a[4]; for (h = 0; 80 > h; h += 1)e[h] = 16 > h ? c[h] : r(e[h - 3] ^ e[h - 8] ^ e[h - 14] ^ e[h - 16], 1), l = 20 > h ? u(r(g, 5), b & d ^ ~b & f, k, 1518500249, e[h]) : 40 > h ? u(r(g, 5), b ^ d ^ f, k, 1859775393, e[h]) : 60 > h ? u(r(g, 5), b & d ^ b & f ^ d & f, k, 2400959708, e[h]) : u(r(g, 5), b ^ d ^ f, k, 3395469782, e[h]), k = f, f = d, d = r(b, 30), b = g, g = l; a[0] = p(g, a[0]); a[1] = p(b, a[1]); a[2] = p(d, a[2]); a[3] = p(f, a[3]); a[4] = p(k, a[4]); return a } function F(c, a, e, g) { var b; for (b = (a + 65 >>> 9 << 4) + 15; c.length <= b;)c.push(0); c[a >>> 5] |= 128 << 24 - a % 32; c[b] = a + e; e = c.length; for (a = 0; a < e; a += 16)g = z(c.slice(a, a + 16), g); return g } "function" === typeof define && define.amd ? define(function () { return t }) : "undefined" !== typeof exports ? "undefined" !== typeof module && module.exports ? module.exports = exports = t : exports = t : E.jsSHA = t})(this);
encrypt.js
var sha1 = require (‘xxx/sha1.js‘);function _encrypt(jsSHA) { var encrypt = function(string){ var shaObj = new jsSHA("SHA-1", "TEXT"); shaObj.update(string); var hash = shaObj.getHash("HEX"); return hash; } return encrypt;}const encrypt = _encrypt(sha1)export default encrypt;
js rsa 算法加密(security.js)
var RSAUtils = {};var biRadixBase = 2;var biRadixBits = 16;var bitsPerDigit = biRadixBits;var biRadix = 1 << 16; // = 2^16 = 65536var biHalfRadix = biRadix >>> 1;var biRadixSquared = biRadix * biRadix;var maxDigitVal = biRadix - 1;var maxInteger = 9999999999999998;//maxDigits://Change this to accommodate your largest number size. Use setMaxDigits()//to change it!////In general, if you‘re working with numbers of size N bits, you‘ll need 2*N//bits of storage. Each digit holds 16 bits. So, a 1024-bit key will need////1024 * 2 / 16 = 128 digits of storage.//var maxDigits;var ZERO_ARRAY;var bigZero, bigOne;var BigInt = window.BigInt = function(flag) { if (typeof flag == "boolean" && flag == true) { this.digits = null; } else { this.digits = ZERO_ARRAY.slice(0); } this.isNeg = false;};RSAUtils.setMaxDigits = function(value) { maxDigits = value; ZERO_ARRAY = new Array(maxDigits); for (var iza = 0; iza < ZERO_ARRAY.length; iza++) ZERO_ARRAY[iza] = 0; bigZero = new BigInt(); bigOne = new BigInt(); bigOne.digits[0] = 1;};RSAUtils.setMaxDigits(20);//The maximum number of digits in base 10 you can convert to an//integer without JavaScript throwing up on you.var dpl10 = 15;RSAUtils.biFromNumber = function(i) { var result = new BigInt(); result.isNeg = i < 0; i = Math.abs(i); var j = 0; while (i > 0) { result.digits[j++] = i & maxDigitVal; i = Math.floor(i / biRadix); } return result;};//lr10 = 10 ^ dpl10var lr10 = RSAUtils.biFromNumber(1000000000000000);RSAUtils.biFromDecimal = function(s) { var isNeg = s.charAt(0) == ‘-‘; var i = isNeg ? 1 : 0; var result; // Skip leading zeros. while (i < s.length && s.charAt(i) == ‘0‘) ++i; if (i == s.length) { result = new BigInt(); } else { var digitCount = s.length - i; var fgl = digitCount % dpl10; if (fgl == 0) fgl = dpl10; result = RSAUtils.biFromNumber(Number(s.substr(i, fgl))); i += fgl; while (i < s.length) { result = RSAUtils.biAdd(RSAUtils.biMultiply(result, lr10), RSAUtils.biFromNumber(Number(s.substr(i, dpl10)))); i += dpl10; } result.isNeg = isNeg; } return result;};RSAUtils.biCopy = function(bi) { var result = new BigInt(true); result.digits = bi.digits.slice(0); result.isNeg = bi.isNeg; return result;};RSAUtils.reverseStr = function(s) { var result = ""; for (var i = s.length - 1; i > -1; --i) { result += s.charAt(i); } return result;};var hexatrigesimalToChar = [ ‘0‘, ‘1‘, ‘2‘, ‘3‘, ‘4‘, ‘5‘, ‘6‘, ‘7‘, ‘8‘, ‘9‘, ‘a‘, ‘b‘, ‘c‘, ‘d‘, ‘e‘, ‘f‘, ‘g‘, ‘h‘, ‘i‘, ‘j‘, ‘k‘, ‘l‘, ‘m‘, ‘n‘, ‘o‘, ‘p‘, ‘q‘, ‘r‘, ‘s‘, ‘t‘, ‘u‘, ‘v‘, ‘w‘, ‘x‘, ‘y‘, ‘z‘];RSAUtils.biToString = function(x, radix) { // 2 <= radix <= 36 var b = new BigInt(); b.digits[0] = radix; var qr = RSAUtils.biDivideModulo(x, b); var result = hexatrigesimalToChar[qr[1].digits[0]]; while (RSAUtils.biCompare(qr[0], bigZero) == 1) { qr = RSAUtils.biDivideModulo(qr[0], b); digit = qr[1].digits[0]; result += hexatrigesimalToChar[qr[1].digits[0]]; } return (x.isNeg ? "-" : "") + RSAUtils.reverseStr(result);};RSAUtils.biToDecimal = function(x) { var b = new BigInt(); b.digits[0] = 10; var qr = RSAUtils.biDivideModulo(x, b); var result = String(qr[1].digits[0]); while (RSAUtils.biCompare(qr[0], bigZero) == 1) { qr = RSAUtils.biDivideModulo(qr[0], b); result += String(qr[1].digits[0]); } return (x.isNeg ? "-" : "") + RSAUtils.reverseStr(result);};var hexToChar = [‘0‘, ‘1‘, ‘2‘, ‘3‘, ‘4‘, ‘5‘, ‘6‘, ‘7‘, ‘8‘, ‘9‘, ‘a‘, ‘b‘, ‘c‘, ‘d‘, ‘e‘, ‘f‘];RSAUtils.digitToHex = function(n) { var mask = 0xf; var result = ""; for (var i = 0; i < 4; ++i) { result += hexToChar[n & mask]; n >>>= 4; } return RSAUtils.reverseStr(result);};RSAUtils.biToHex = function(x) { var result = ""; var n = RSAUtils.biHighIndex(x); for (var i = RSAUtils.biHighIndex(x); i > -1; --i) { result += RSAUtils.digitToHex(x.digits[i]); } return result;};RSAUtils.charToHex = function(c) { var ZERO = 48; var NINE = ZERO + 9; var littleA = 97; var littleZ = littleA + 25; var bigA = 65; var bigZ = 65 + 25; var result; if (c >= ZERO && c <= NINE) { result = c - ZERO; } else if (c >= bigA && c <= bigZ) { result = 10 + c - bigA; } else if (c >= littleA && c <= littleZ) { result = 10 + c - littleA; } else { result = 0; } return result;};RSAUtils.hexToDigit = function(s) { var result = 0; var sl = Math.min(s.length, 4); for (var i = 0; i < sl; ++i) { result <<= 4; result |= RSAUtils.charToHex(s.charCodeAt(i)); } return result;};RSAUtils.biFromHex = function(s) { var result = new BigInt(); var sl = s.length; for (var i = sl, j = 0; i > 0; i -= 4, ++j) { result.digits[j] = RSAUtils.hexToDigit(s.substr(Math.max(i - 4, 0), Math.min(i, 4))); } return result;};RSAUtils.biFromString = function(s, radix) { var isNeg = s.charAt(0) == ‘-‘; var istop = isNeg ? 1 : 0; var result = new BigInt(); var place = new BigInt(); place.digits[0] = 1; // radix^0 for (var i = s.length - 1; i >= istop; i--) { var c = s.charCodeAt(i); var digit = RSAUtils.charToHex(c); var biDigit = RSAUtils.biMultiplyDigit(place, digit); result = RSAUtils.biAdd(result, biDigit); place = RSAUtils.biMultiplyDigit(place, radix); } result.isNeg = isNeg; return result;};RSAUtils.biDump = function(b) { return (b.isNeg ? "-" : "") + b.digits.join(" ");};RSAUtils.biAdd = function(x, y) { var result; if (x.isNeg != y.isNeg) { y.isNeg = !y.isNeg; result = RSAUtils.biSubtract(x, y); y.isNeg = !y.isNeg; } else { result = new BigInt(); var c = 0; var n; for (var i = 0; i < x.digits.length; ++i) { n = x.digits[i] + y.digits[i] + c; result.digits[i] = n % biRadix; c = Number(n >= biRadix); } result.isNeg = x.isNeg; } return result;};RSAUtils.biSubtract = function(x, y) { var result; if (x.isNeg != y.isNeg) { y.isNeg = !y.isNeg; result = RSAUtils.biAdd(x, y); y.isNeg = !y.isNeg; } else { result = new BigInt(); var n, c; c = 0; for (var i = 0; i < x.digits.length; ++i) { n = x.digits[i] - y.digits[i] + c; result.digits[i] = n % biRadix; // Stupid non-conforming modulus operation. if (result.digits[i] < 0) result.digits[i] += biRadix; c = 0 - Number(n < 0); } // Fix up the negative sign, if any. if (c == -1) { c = 0; for (var i = 0; i < x.digits.length; ++i) { n = 0 - result.digits[i] + c; result.digits[i] = n % biRadix; // Stupid non-conforming modulus operation. if (result.digits[i] < 0) result.digits[i] += biRadix; c = 0 - Number(n < 0); } // Result is opposite sign of arguments. result.isNeg = !x.isNeg; } else { // Result is same sign. result.isNeg = x.isNeg; } } return result;};RSAUtils.biHighIndex = function(x) { var result = x.digits.length - 1; while (result > 0 && x.digits[result] == 0) --result; return result;};RSAUtils.biNumBits = function(x) { var n = RSAUtils.biHighIndex(x); var d = x.digits[n]; var m = (n + 1) * bitsPerDigit; var result; for (result = m; result > m - bitsPerDigit; --result) { if ((d & 0x8000) != 0) break; d <<= 1; } return result;};RSAUtils.biMultiply = function(x, y) { var result = new BigInt(); var c; var n = RSAUtils.biHighIndex(x); var t = RSAUtils.biHighIndex(y); var uv, k; for (var i = 0; i <= t; ++i) { c = 0; k = i; for (var j = 0; j <= n; ++j, ++k) { uv = result.digits[k] + x.digits[j] * y.digits[i] + c; result.digits[k] = uv & maxDigitVal; c = uv >>> biRadixBits; //c = Math.floor(uv / biRadix); } result.digits[i + n + 1] = c; } // Someone give me a logical xor, please. result.isNeg = x.isNeg != y.isNeg; return result;};RSAUtils.biMultiplyDigit = function(x, y) { var n, c, uv, result; result = new BigInt(); n = RSAUtils.biHighIndex(x); c = 0; for (var j = 0; j <= n; ++j) { uv = result.digits[j] + x.digits[j] * y + c; result.digits[j] = uv & maxDigitVal; c = uv >>> biRadixBits; //c = Math.floor(uv / biRadix); } result.digits[1 + n] = c; return result;};RSAUtils.arrayCopy = function(src, srcStart, dest, destStart, n) { var m = Math.min(srcStart + n, src.length); for (var i = srcStart, j = destStart; i < m; ++i, ++j) { dest[j] = src[i]; }};var highBitMasks = [0x0000, 0x8000, 0xC000, 0xE000, 0xF000, 0xF800, 0xFC00, 0xFE00, 0xFF00, 0xFF80, 0xFFC0, 0xFFE0, 0xFFF0, 0xFFF8, 0xFFFC, 0xFFFE, 0xFFFF];RSAUtils.biShiftLeft = function(x, n) { var digitCount = Math.floor(n / bitsPerDigit); var result = new BigInt(); RSAUtils.arrayCopy(x.digits, 0, result.digits, digitCount, result.digits.length - digitCount); var bits = n % bitsPerDigit; var rightBits = bitsPerDigit - bits; for (var i = result.digits.length - 1, i1 = i - 1; i > 0; --i, --i1) { result.digits[i] = ((result.digits[i] << bits) & maxDigitVal) | ((result.digits[i1] & highBitMasks[bits]) >>> (rightBits)); } result.digits[0] = ((result.digits[i] << bits) & maxDigitVal); result.isNeg = x.isNeg; return result;};var lowBitMasks = [0x0000, 0x0001, 0x0003, 0x0007, 0x000F, 0x001F, 0x003F, 0x007F, 0x00FF, 0x01FF, 0x03FF, 0x07FF, 0x0FFF, 0x1FFF, 0x3FFF, 0x7FFF, 0xFFFF];RSAUtils.biShiftRight = function(x, n) { var digitCount = Math.floor(n / bitsPerDigit); var result = new BigInt(); RSAUtils.arrayCopy(x.digits, digitCount, result.digits, 0, x.digits.length - digitCount); var bits = n % bitsPerDigit; var leftBits = bitsPerDigit - bits; for (var i = 0, i1 = i + 1; i < result.digits.length - 1; ++i, ++i1) { result.digits[i] = (result.digits[i] >>> bits) | ((result.digits[i1] & lowBitMasks[bits]) << leftBits); } result.digits[result.digits.length - 1] >>>= bits; result.isNeg = x.isNeg; return result;};RSAUtils.biMultiplyByRadixPower = function(x, n) { var result = new BigInt(); RSAUtils.arrayCopy(x.digits, 0, result.digits, n, result.digits.length - n); return result;};RSAUtils.biDivideByRadixPower = function(x, n) { var result = new BigInt(); RSAUtils.arrayCopy(x.digits, n, result.digits, 0, result.digits.length - n); return result;};RSAUtils.biModuloByRadixPower = function(x, n) { var result = new BigInt(); RSAUtils.arrayCopy(x.digits, 0, result.digits, 0, n); return result;};RSAUtils.biCompare = function(x, y) { if (x.isNeg != y.isNeg) { return 1 - 2 * Number(x.isNeg); } for (var i = x.digits.length - 1; i >= 0; --i) { if (x.digits[i] != y.digits[i]) { if (x.isNeg) { return 1 - 2 * Number(x.digits[i] > y.digits[i]); } else { return 1 - 2 * Number(x.digits[i] < y.digits[i]); } } } return 0;};RSAUtils.biDivideModulo = function(x, y) { var nb = RSAUtils.biNumBits(x); var tb = RSAUtils.biNumBits(y); var origYIsNeg = y.isNeg; var q, r; if (nb < tb) { // |x| < |y| if (x.isNeg) { q = RSAUtils.biCopy(bigOne); q.isNeg = !y.isNeg; x.isNeg = false; y.isNeg = false; r = biSubtract(y, x); // Restore signs, ‘cause they‘re references. x.isNeg = true; y.isNeg = origYIsNeg; } else { q = new BigInt(); r = RSAUtils.biCopy(x); } return [q, r]; } q = new BigInt(); r = x; // Normalize Y. var t = Math.ceil(tb / bitsPerDigit) - 1; var lambda = 0; while (y.digits[t] < biHalfRadix) { y = RSAUtils.biShiftLeft(y, 1); ++lambda; ++tb; t = Math.ceil(tb / bitsPerDigit) - 1; } // Shift r over to keep the quotient constant. We‘ll shift the // remainder back at the end. r = RSAUtils.biShiftLeft(r, lambda); nb += lambda; // Update the bit count for x. var n = Math.ceil(nb / bitsPerDigit) - 1; var b = RSAUtils.biMultiplyByRadixPower(y, n - t); while (RSAUtils.biCompare(r, b) != -1) { ++q.digits[n - t]; r = RSAUtils.biSubtract(r, b); } for (var i = n; i > t; --i) { var ri = (i >= r.digits.length) ? 0 : r.digits[i]; var ri1 = (i - 1 >= r.digits.length) ? 0 : r.digits[i - 1]; var ri2 = (i - 2 >= r.digits.length) ? 0 : r.digits[i - 2]; var yt = (t >= y.digits.length) ? 0 : y.digits[t]; var yt1 = (t - 1 >= y.digits.length) ? 0 : y.digits[t - 1]; if (ri == yt) { q.digits[i - t - 1] = maxDigitVal; } else { q.digits[i - t - 1] = Math.floor((ri * biRadix + ri1) / yt); } var c1 = q.digits[i - t - 1] * ((yt * biRadix) + yt1); var c2 = (ri * biRadixSquared) + ((ri1 * biRadix) + ri2); while (c1 > c2) { --q.digits[i - t - 1]; c1 = q.digits[i - t - 1] * ((yt * biRadix) | yt1); c2 = (ri * biRadix * biRadix) + ((ri1 * biRadix) + ri2); } b = RSAUtils.biMultiplyByRadixPower(y, i - t - 1); r = RSAUtils.biSubtract(r, RSAUtils.biMultiplyDigit(b, q.digits[i - t - 1])); if (r.isNeg) { r = RSAUtils.biAdd(r, b); --q.digits[i - t - 1]; } } r = RSAUtils.biShiftRight(r, lambda); // Fiddle with the signs and stuff to make sure that 0 <= r < y. q.isNeg = x.isNeg != origYIsNeg; if (x.isNeg) { if (origYIsNeg) { q = RSAUtils.biAdd(q, bigOne); } else { q = RSAUtils.biSubtract(q, bigOne); } y = RSAUtils.biShiftRight(y, lambda); r = RSAUtils.biSubtract(y, r); } // Check for the unbelievably stupid degenerate case of r == -0. if (r.digits[0] == 0 && RSAUtils.biHighIndex(r) == 0) r.isNeg = false; return [q, r];};RSAUtils.biDivide = function(x, y) { return RSAUtils.biDivideModulo(x, y)[0];};RSAUtils.biModulo = function(x, y) { return RSAUtils.biDivideModulo(x, y)[1];};RSAUtils.biMultiplyMod = function(x, y, m) { return RSAUtils.biModulo(RSAUtils.biMultiply(x, y), m);};RSAUtils.biPow = function(x, y) { var result = bigOne; var a = x; while (true) { if ((y & 1) != 0) result = RSAUtils.biMultiply(result, a); y >>= 1; if (y == 0) break; a = RSAUtils.biMultiply(a, a); } return result;};RSAUtils.biPowMod = function(x, y, m) { var result = bigOne; var a = x; var k = y; while (true) { if ((k.digits[0] & 1) != 0) result = RSAUtils.biMultiplyMod(result, a, m); k = RSAUtils.biShiftRight(k, 1); if (k.digits[0] == 0 && RSAUtils.biHighIndex(k) == 0) break; a = RSAUtils.biMultiplyMod(a, a, m); } return result;};window.BarrettMu = function(m) { this.modulus = RSAUtils.biCopy(m); this.k = RSAUtils.biHighIndex(this.modulus) + 1; var b2k = new BigInt(); b2k.digits[2 * this.k] = 1; // b2k = b^(2k) this.mu = RSAUtils.biDivide(b2k, this.modulus); this.bkplus1 = new BigInt(); this.bkplus1.digits[this.k + 1] = 1; // bkplus1 = b^(k+1) this.modulo = BarrettMu_modulo; this.multiplyMod = BarrettMu_multiplyMod; this.powMod = BarrettMu_powMod;};function BarrettMu_modulo(x) { var $dmath = RSAUtils; var q1 = $dmath.biDivideByRadixPower(x, this.k - 1); var q2 = $dmath.biMultiply(q1, this.mu); var q3 = $dmath.biDivideByRadixPower(q2, this.k + 1); var r1 = $dmath.biModuloByRadixPower(x, this.k + 1); var r2term = $dmath.biMultiply(q3, this.modulus); var r2 = $dmath.biModuloByRadixPower(r2term, this.k + 1); var r = $dmath.biSubtract(r1, r2); if (r.isNeg) { r = $dmath.biAdd(r, this.bkplus1); } var rgtem = $dmath.biCompare(r, this.modulus) >= 0; while (rgtem) { r = $dmath.biSubtract(r, this.modulus); rgtem = $dmath.biCompare(r, this.modulus) >= 0; } return r;}function BarrettMu_multiplyMod(x, y) { /* x = this.modulo(x); y = this.modulo(y); */ var xy = RSAUtils.biMultiply(x, y); return this.modulo(xy);}function BarrettMu_powMod(x, y) { var result = new BigInt(); result.digits[0] = 1; var a = x; var k = y; while (true) { if ((k.digits[0] & 1) != 0) result = this.multiplyMod(result, a); k = RSAUtils.biShiftRight(k, 1); if (k.digits[0] == 0 && RSAUtils.biHighIndex(k) == 0) break; a = this.multiplyMod(a, a); } return result;}var RSAKeyPair = function(encryptionExponent, decryptionExponent, modulus) { var $dmath = RSAUtils; this.e = $dmath.biFromHex(encryptionExponent); this.d = $dmath.biFromHex(decryptionExponent); this.m = $dmath.biFromHex(modulus); // We can do two bytes per digit, so // chunkSize = 2 * (number of digits in modulus - 1). // Since biHighIndex returns the high index, not the number of digits, 1 has // already been subtracted. this.chunkSize = 2 * $dmath.biHighIndex(this.m); this.radix = 16; this.barrett = new window.BarrettMu(this.m);};RSAUtils.getKeyPair = function(encryptionExponent, decryptionExponent, modulus) { return new RSAKeyPair(encryptionExponent, decryptionExponent, modulus);};if(typeof window.twoDigit === ‘undefined‘) { window.twoDigit = function(n) { return (n < 10 ? "0" : "") + String(n); };}// Altered by Rob Saunders (rob@robsaunders.net). New routine pads the// string after it has been converted to an array. This fixes an// incompatibility with Flash MX‘s ActionScript.RSAUtils.encryptedString = function(key, s) { var a = []; var sl = s.length; var i = 0; while (i < sl) { a[i] = s.charCodeAt(i); i++; } while (a.length % key.chunkSize != 0) { a[i++] = 0; } var al = a.length; var result = ""; var j, k, block; for (i = 0; i < al; i += key.chunkSize) { block = new BigInt(); j = 0; for (k = i; k < i + key.chunkSize; ++j) { block.digits[j] = a[k++]; block.digits[j] += a[k++] << 8; } var crypt = key.barrett.powMod(block, key.e); var text = key.radix == 16 ? RSAUtils.biToHex(crypt) : RSAUtils.biToString(crypt, key.radix); result += text + " "; } return result.substring(0, result.length - 1); // Remove last space.};RSAUtils.decryptedString = function(key, s) { var blocks = s.split(" "); var result = ""; var i, j, block; for (i = 0; i < blocks.length; ++i) { var bi; if (key.radix == 16) { bi = RSAUtils.biFromHex(blocks[i]); } else { bi = RSAUtils.biFromString(blocks[i], key.radix); } block = key.barrett.powMod(bi, key.d); for (j = 0; j <= RSAUtils.biHighIndex(block); ++j) { result += String.fromCharCode(block.digits[j] & 255, block.digits[j] >> 8); } } // Remove trailing null, if any. if (result.charCodeAt(result.length - 1) == 0) { result = result.substring(0, result.length - 1); } return result;};RSAUtils.setMaxDigits(130);export default RSAUtils;
前端加密示例
import RSAUtils from ‘xxx/security‘;import encrypt from ‘xxx/encrypt‘;plainPassword = encrypt(plainPassword);var key = RSAUtils.getKeyPair(exponent, ‘‘, modulus);var encryptedPwd = RSAUtils.encryptedString(key, plainPassword);
java rsa 算法(RSAUtils.java)
import java.math.BigInteger;import java.security.InvalidParameterException;import java.security.KeyFactory;import java.security.KeyPair;import java.security.KeyPairGenerator;import java.security.NoSuchAlgorithmException;import java.security.PrivateKey;import java.security.Provider;import java.security.PublicKey;import java.security.SecureRandom;import java.security.interfaces.RSAPrivateKey;import java.security.interfaces.RSAPublicKey;import java.security.spec.InvalidKeySpecException;import java.security.spec.RSAPrivateKeySpec;import java.security.spec.RSAPublicKeySpec;import javax.crypto.Cipher;import org.apache.commons.codec.DecoderException;import org.apache.commons.codec.binary.Hex;import org.apache.commons.lang.StringUtils;import org.apache.commons.lang.time.DateFormatUtils;import org.bouncycastle.jce.provider.BouncyCastleProvider;import org.slf4j.Logger;import org.slf4j.LoggerFactory;public abstract class RSAUtils { private static final Logger LOGGER = LoggerFactory.getLogger(RSAUtils.class); private static final String ALGORITHOM = "RSA"; private static final int KEY_SIZE = 1024; private static final Provider DEFAULT_PROVIDER = new BouncyCastleProvider(); private static KeyPairGenerator keyPairGen = null; private static KeyFactory keyFactory = null; private static KeyPair oneKeyPair = null; public static synchronized KeyPair generateKeyPair() { try { keyPairGen.initialize(1024, new SecureRandom(DateFormatUtils.format(System.currentTimeMillis(), "yyyyMMdd").getBytes())); oneKeyPair = keyPairGen.generateKeyPair(); return oneKeyPair; } catch (InvalidParameterException ex) { LOGGER.error("KeyPairGenerator does not support a key length of 1024.", ex); } catch (NullPointerException ex) { LOGGER.error("RSAUtils#KEY_PAIR_GEN is null, can not generate KeyPairGenerator instance.", ex); } return null; } public static KeyPair getKeyPair() { return oneKeyPair; } public static void setKeyPair(KeyPair redisKeyPair) { oneKeyPair = redisKeyPair; } public static RSAPublicKey generateRSAPublicKey(byte[] modulus, byte[] publicExponent) { RSAPublicKeySpec publicKeySpec = new RSAPublicKeySpec(new BigInteger(modulus), new BigInteger(publicExponent)); try { return ((RSAPublicKey) keyFactory.generatePublic(publicKeySpec)); } catch (InvalidKeySpecException ex) { LOGGER.error("RSAPublicKeySpec is unavailable.", ex); } catch (NullPointerException ex) { LOGGER.error("RSAUtils#KEY_FACTORY is null, can not generate KeyFactory instance.", ex); } return null; } public static RSAPrivateKey generateRSAPrivateKey(byte[] modulus, byte[] privateExponent) { RSAPrivateKeySpec privateKeySpec = new RSAPrivateKeySpec(new BigInteger(modulus), new BigInteger(privateExponent)); try { return ((RSAPrivateKey) keyFactory.generatePrivate(privateKeySpec)); } catch (InvalidKeySpecException ex) { LOGGER.error("RSAPrivateKeySpec is unavailable.", ex); } catch (NullPointerException ex) { LOGGER.error("RSAUtils#KEY_FACTORY is null, can not generate KeyFactory instance.", ex); } return null; } public static RSAPrivateKey getRSAPrivateKey(String hexModulus, String hexPrivateExponent) { if ((StringUtils.isBlank(hexModulus)) || (StringUtils.isBlank(hexPrivateExponent))) { if (LOGGER.isDebugEnabled()) { LOGGER.debug( "hexModulus and hexPrivateExponent cannot be empty. RSAPrivateKey value is null to return."); } return null; } byte[] modulus = null; byte[] privateExponent = null; try { modulus = Hex.decodeHex(hexModulus.toCharArray()); privateExponent = Hex.decodeHex(hexPrivateExponent.toCharArray()); } catch (DecoderException ex) { LOGGER.error("hexModulus or hexPrivateExponent value is invalid. return null(RSAPrivateKey)."); } if ((modulus != null) && (privateExponent != null)) { return generateRSAPrivateKey(modulus, privateExponent); } return null; } public static RSAPublicKey getRSAPublidKey(String hexModulus, String hexPublicExponent) { if ((StringUtils.isBlank(hexModulus)) || (StringUtils.isBlank(hexPublicExponent))) { if (LOGGER.isDebugEnabled()) { LOGGER.debug("hexModulus and hexPublicExponent cannot be empty. return null(RSAPublicKey)."); } return null; } byte[] modulus = null; byte[] publicExponent = null; try { modulus = Hex.decodeHex(hexModulus.toCharArray()); publicExponent = Hex.decodeHex(hexPublicExponent.toCharArray()); } catch (DecoderException ex) { LOGGER.error("hexModulus or hexPublicExponent value is invalid. return null(RSAPublicKey)."); } if ((modulus != null) && (publicExponent != null)) { return generateRSAPublicKey(modulus, publicExponent); } return null; } public static byte[] encrypt(PublicKey publicKey, byte[] data) throws Exception { Cipher ci = Cipher.getInstance("RSA", DEFAULT_PROVIDER); ci.init(1, publicKey); return ci.doFinal(data); } public static byte[] decrypt(PrivateKey privateKey, byte[] data) throws Exception { Cipher ci = Cipher.getInstance("RSA", DEFAULT_PROVIDER); ci.init(2, privateKey); return ci.doFinal(data); } public static String encryptString(PublicKey publicKey, String plaintext) { if ((publicKey == null) || (plaintext == null)) { return null; } byte[] data =http://www.mamicode.com/ plaintext.getBytes(); try { byte[] en_data =http://www.mamicode.com/ encrypt(publicKey, data); return new String(Hex.encodeHex(en_data)); } catch (Exception ex) { LOGGER.error(ex.getCause().getMessage()); } return null; } public static String encryptString(String plaintext) { if (plaintext == null) { return null; } byte[] data =http://www.mamicode.com/ plaintext.getBytes(); KeyPair keyPair = getKeyPair(); try { byte[] en_data =http://www.mamicode.com/ encrypt((RSAPublicKey) keyPair.getPublic(), data); return new String(Hex.encodeHex(en_data)); } catch (NullPointerException ex) { LOGGER.error("keyPair cannot be null."); } catch (Exception ex) { LOGGER.error(ex.getCause().getMessage()); } return null; } public static String decryptString(PrivateKey privateKey, String encrypttext) { if ((privateKey == null) || (StringUtils.isBlank(encrypttext))) return null; try { byte[] en_data =http://www.mamicode.com/ Hex.decodeHex(encrypttext.toCharArray()); byte[] data =http://www.mamicode.com/ decrypt(privateKey, en_data); return new String(data); } catch (Exception ex) { LOGGER.error(String.format("\"%s\" Decryption failed. Cause: %s", new Object[] { encrypttext, ex.getCause().getMessage() })); } return null; } public static String decryptString(String encrypttext) { if (StringUtils.isBlank(encrypttext)) { return null; } KeyPair keyPair = getKeyPair(); try { byte[] en_data =http://www.mamicode.com/ Hex.decodeHex(encrypttext.toCharArray()); byte[] data =http://www.mamicode.com/ decrypt((RSAPrivateKey) keyPair.getPrivate(), en_data); return new String(data); } catch (NullPointerException ex) { LOGGER.error("keyPair cannot be null."); } catch (Exception ex) { LOGGER.error(String.format("\"%s\" Decryption failed. Cause: %s", new Object[] { encrypttext, ex.getMessage() })); } return null; } public static String decryptStringByJs(String encrypttext) { String text = decryptString(encrypttext); if (text == null) { return null; } return StringUtils.reverse(text); } public static RSAPublicKey getDefaultPublicKey() { KeyPair keyPair = getKeyPair(); if (keyPair != null) { return ((RSAPublicKey) keyPair.getPublic()); } return null; } public static RSAPrivateKey getDefaultPrivateKey() { KeyPair keyPair = getKeyPair(); if (keyPair != null) { return ((RSAPrivateKey) keyPair.getPrivate()); } return null; } static { try { keyPairGen = KeyPairGenerator.getInstance("RSA", DEFAULT_PROVIDER); keyFactory = KeyFactory.getInstance("RSA", DEFAULT_PROVIDER); } catch (NoSuchAlgorithmException ex) { LOGGER.error(ex.getMessage()); } }}
java rsa 公钥获取(传递给前端)
import java.security.KeyPair;import java.security.interfaces.RSAPublicKey;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RequestMethod;import org.springframework.web.bind.annotation.ResponseBody;import com.alibaba.fastjson.JSONObject;import xxx.RSAUtils;import xxx.ObjectResponse;import xxx.ReturnCode;import xxx.RedisCacheTemplate;@Controller@RequestMapping("pubkey")public class RSAPubkeyController { Logger logger = LoggerFactory.getLogger(RSAPubkeyController.class); public static final String KEY_PAIR = "tenant_key_pair"; @Autowired private RedisCacheTemplate redisCacheTemplate; @RequestMapping(value="get", method=RequestMethod.GET) @ResponseBody public ObjectResponse<JSONObject> getPubkey() { ObjectResponse<JSONObject> result = new ObjectResponse<JSONObject>(); try { if(RSAUtils.getKeyPair() == null) { if(redisCacheTemplate.get(KEY_PAIR) == null) { KeyPair oneKeyPair = RSAUtils.generateKeyPair(); redisCacheTemplate.put(KEY_PAIR, oneKeyPair); } else { KeyPair redisKeyPair = (KeyPair) redisCacheTemplate.get(KEY_PAIR); RSAUtils.setKeyPair(redisKeyPair); } } RSAPublicKey pubkey = RSAUtils.getDefaultPublicKey(); JSONObject key = new JSONObject(); key.put("exponent", pubkey.getPublicExponent().toString(16)); key.put("modulus", pubkey.getModulus().toString(16)); result.setCode(ReturnCode.SUCCESS); result.setData(key); result.setMsg("pubkey 获取成功!"); } catch(Exception e) { e.printStackTrace(); logger.error(e.getMessage()); result.setCode(ReturnCode.FAILURE); result.setMsg("pubkey 获取异常!"); } return result; }}
java sha 算法(PasswordUtils.java)
import xxx.UserBaseVO;import org.apache.commons.lang.StringUtils;import org.springside.modules.security.utils.Digests;import org.springside.modules.utils.Encodes;public class PasswordUtils { public static final int HASH_INTERATIONS = 1; private static final int SALT_SIZE = 8; public static String encodebyUserCode(UserBaseVO user) { String userCode = user.getUserCode(); if (StringUtils.isNotBlank(userCode)) { String hashUserCode = encodePasswordUsingSHA(userCode); byte[] hashPassword = Digests.sha1( (user.getUserPassword() + hashUserCode).getBytes(), Encodes.decodeHex(user.getSalt()), HASH_INTERATIONS); return Encodes.encodeHex(hashPassword); } byte[] hashPassword = Digests.sha1(user.getUserPassword().getBytes(), Encodes.decodeHex(user.getSalt()), HASH_INTERATIONS); return Encodes.encodeHex(hashPassword); } public static void setSalt(UserBaseVO user) { byte[] salt = Digests.generateSalt(SALT_SIZE); user.setSalt(Encodes.encodeHex(salt)); } public static String encodePassword(String password, String salt) { byte[] hashPassword = Digests.sha1(password.getBytes(), Encodes.decodeHex(salt), HASH_INTERATIONS); return Encodes.encodeHex(hashPassword); } public static String encodePasswordByUserCode(String password, String salt, String userCode) { if (StringUtils.isNotBlank(userCode)) { String hashUserCode = encodePasswordUsingSHA(userCode); byte[] hashPassword = Digests.sha1( (password + hashUserCode).getBytes(), Encodes.decodeHex(salt), HASH_INTERATIONS); return Encodes.encodeHex(hashPassword); } byte[] hashPassword = Digests.sha1(password.getBytes(), Encodes.decodeHex(salt), HASH_INTERATIONS); return Encodes.encodeHex(hashPassword); } public static String encodePasswordUsingSHA(String password) { byte[] hashPassword = Digests.sha1(password.getBytes()); String result = Encodes.encodeHex(hashPassword); return result; } public static String encodePasswordUsingSHA(String password, String salt) { byte[] hashPassword = Digests.sha1(password.getBytes()); String shaResult = Encodes.encodeHex(hashPassword); byte[] encrytyPassword = Digests.sha1(shaResult.getBytes(), Encodes.decodeHex(salt), HASH_INTERATIONS); return Encodes.encodeHex(encrytyPassword); } public static String getSalt() { byte[] salt = Digests.generateSalt(SALT_SIZE); return Encodes.encodeHex(salt); }}
后端校验示例
//获取到前端传递的密码参数password = RSAUtils.decryptStringByJs(password);//根据usercode 获取到用户 userString checkPwd = PasswordUtils.encodePasswordByUserCode(password, user.getSalt(), user.getUserCode());assert checkPwd.equals(user.getUserPassword())
后端加密示例
UserBaseVO vo = (将要新增的用户);PasswordUtils.setSalt(vo);String shaPassword = PasswordUtils.encodePasswordUsingSHA(vo.getUserPassword());vo.setUserPassword(shaPassword);vo.setUserPassword(PasswordUtils.encodebyUserCode(vo));
加密策略
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。