问题
敏感信息明文传输,一旦被劫持,就会造成密码泄露。LocalStorage是前端开发经常用到了,将一些信息本地化存储到客户端硬盘中。但是如果有一些密码等信息明文存储,就会造成安全问题。
解决:
AES是一种对称加密的方法,前端加密,后端持密钥解密,就可以获取原来的内容。
前端:
AESutils.js:
import CryptoJS from 'crypto-js'
export default {
/**
* [encrypt 加密]
* @return {[type]} [description]
*/
encrypt: function (content) {
var key = CryptoJS.enc.Utf8.parse("your key");
var encryptResult = CryptoJS.AES.encrypt(content, key, {
//iv: key,
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7
});
var hexStr = encryptResult.ciphertext.toString();
return hexStr;
},
/**
* [decrypt 解密]
* @return {[type]} [description]
*/
decrypt(content) {
var key = CryptoJS.enc.Utf8.parse("your key");
var bytes = CryptoJS.AES.decrypt(content, key, {
//iv: key,
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7,
format: CryptoJS.format.Hex
});
var decryptResult = bytes.toString(CryptoJS.enc.Utf8);
return decryptResult.toString();
}
}
login.vue:
import Utils from '@/js/AESutils.js'
methods: {
signIn() {
//加密
this.password=Utils.encrypt(this.password);
let sendData = $('#loginForm').serialize();
request.login(`loginName=${this.loginName}&password=${this.password}`).then((data) => {
if(this.rememberMe) {
localStorage.setItem('rememberMe', true);
localStorage.setItem('loginName', this.loginName);
localStorage.setItem('password', this.password);
} else {
localStorage.setItem('rememberMe', false);
}
data = JSON.parse(data.target.response);
if(data.code === 0) {
localStorage.setItem('Authorization', `Bearer ${data.data.token}`);
localStorage.setItem('loginDate', data.timestamp);
localStorage.setItem('name', data.data.user.name);
router.push('/')
} else {
this.errMsg = data.msg;
}
}, (data) => {
this.errMsg = '请求出错!';
})
},
setRememberMe() {
this.rememberMe = !this.rememberMe;
}
}
服务端:
AesUtil.java
package com.ucredit.infra.agent.cms.server.common.util;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.StringUtils;
public class AesUtil {
private static final String KEY = "your key";
private static final String KEY_ALGORITHM = "AES";
private static final String DEFAULT_CIPHER_ALGORITHM = "AES/ECB/PKCS5Padding";//默认的加密算法
/**
* AES 加密操作
*
* @param content 待加密内容
* @return 返回Base64转码后的加密数据
*/
public static String encrypt(String content) {
try {
if(StringUtils.isBlank(content)) {
return content;
}
Cipher cipher = Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM);// 创建密码器
byte[] byteContent = content.getBytes("utf-8");
cipher.init(Cipher.ENCRYPT_MODE, getSecretKey(KEY));// 初始化为加密模式的密码器
byte[] result = cipher.doFinal(byteContent);// 加密
return Hex.encodeHexString(result);//转为16进制
} catch (Exception ex) {
ex.printStackTrace();
}
return null;
}
/**
* AES 解密操作
*
* @param content
* @return
*/
public static String decrypt(String content) {
if(StringUtils.isBlank(content)) {
return content;
}
try {
//实例化
Cipher cipher = Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM);
//使用密钥初始化,设置为解密模式
cipher.init(Cipher.DECRYPT_MODE, getSecretKey(KEY));
//执行操作
byte[] result = cipher.doFinal(Hex.decodeHex(content.toCharArray()));
return new String(result, "utf-8");
} catch (Exception ex) {
ex.printStackTrace();
}
return null;
}
/**
* 生成加密秘钥
*
* @return
*/
private static SecretKeySpec getSecretKey(final String password) {
return new SecretKeySpec(password.getBytes(), KEY_ALGORITHM);
}
}
服务端解密:
String pwd=AesUtil.decrypt(password);