前端传递密码的时候可以考虑用RSA的公钥加密,然后后端解密,需要注意+号传递到后台的时候需要处理下。
package le.eplate.esale.contrTemplate.service;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Base64;
public class RSATest {
static final String ALGORITHM_RSA = "RSA";
static final String ALGORITHM_SIGN = "MD5withRSA";
// static String publicKey = "aib2389shab";
// static String privateKey = "abibsibaas";
static String publicKey="MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPmlbrcJNz8z6EN2qrjT8wrYL2KLbtkUF7Fv/jLNa87NVwin0Nji86N3deFUzxSCZZ2nQSP6Z+JpgSgzgndIvcZYIRVfGywX3I227GQ/dlqVHsZu4dktL/ZmktQiw7Dvy7yXdNyV7ELYNlqgF9vmtLfg4oOL2z4lQ1Z4DCsAQPzwIDAQAB";
static String privateKey="MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAI+aVutwk3PzPoQ3aquNPzCtgvYotu2RQXsW/+Ms1rzs1XCKfQ2OLzo3d14VTPFIJlnadBI/pn4mmBKDOCd0i9xlghFV8bLBfcjbbsZD92WpUexm7h2S0v9maS1CLDsO/LvJd03JXsQtg2WqAX2+a0t+Dig4vbPiVDVngMKwBA/PAgMBAAECgYBH1C5388Z9sATsQ3/isXMTGScxk6n0aLy1Igr6ifobY+dbNJpahm1PFGFruQHUin9MYH3Ahv/zh8B3OhWDfsNZyRNDZ7qpiJzOJuHawOiUpgOq3HEnvZ+8eQlqwZZbEvjITaJGgSH7rJDWmScdQzD2FZYFNVuuvmK0fnW7QW1vMQJBANDxlzzpGBNLzPK+qrnPJKy1MCcmtI/O1hIPLfEhshwA1EWDKAj+Fr2xUowIVs64Dca1DWggRH+amlbhUmrZM3cCQQCv8ZlF4eoVlM5X8MuyvXa39xNSt3REUJNgCQf0J76o37fT9t0y7hF2kF12cL31wC3Z3WPKckeQoguy2oLW9qxpAkEAwbHUtACZ8vloCvg6KHog04I8G29EH7Rsut0bh9fm1xLltXL6oCt8RWmmzm3Em2oAS174CLkxBuH5heTnlGm5zQJAe3g5TqA+bIyzzWTvHez1rh4WklqpnfNJqQBNc5qcotf0oixAiKgm2yRuYlq2BAqsYpKJoB1YeXgua4IKhZ4v2QJAJHfb3eiS3K/WmGTXncYcnHeIiosJSxbrTftB1X+t8/E0f/LD3tCj+dRZ7uk6856mFGjlofo2VytIAU9dTYVV0w==";
public static void main(String[] args) throws Exception {
// 生成公钥和私钥
generatorKeyPair();
String source = "我是程序猿!";
System.out.println("加密前的数据:\r\n" + source);
System.out.println("--------------------------公钥加密,私钥解密------------------------------");
// 公钥加密
String target = encryptionByPublicKey(source);
// 私钥解密
decryptionByPrivateKey(target);
System.out.println("--------------------------私钥加密并且签名,公钥验证签名并且解密------------------------------");
// 私钥加密
target = encryptionByPrivateKey(source);
// 签名
String sign = signByPrivateKey(target);
// 验证签名
verifyByPublicKey(target, sign);
// 公钥解密
decryptionByPublicKey(target);
}
/**
* 生成密钥对
* @throws Exception
*/
static void generatorKeyPair() throws Exception {
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(ALGORITHM_RSA);
keyPairGen.initialize(1024);
KeyPair keyPair = keyPairGen.generateKeyPair();
RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
byte[] keyBs = rsaPublicKey.getEncoded();
publicKey = encodeBase64(keyBs);
System.out.println("生成的公钥:\r\n" + publicKey);
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();
keyBs = rsaPrivateKey.getEncoded();
privateKey = encodeBase64(keyBs);
System.out.println("生成的私钥:\r\n" + privateKey);
}
/**
* 获取公钥
* @return
* @throws Exception
*/
static PublicKey getPublicKey() throws Exception {
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(decodeBase64(publicKey));
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA);
return keyFactory.generatePublic(publicKeySpec);
}
/**
* 获取私钥
* @return
* @throws Exception
*/
static PrivateKey getPrivateKey() throws Exception {
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(decodeBase64(privateKey));
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA);
return keyFactory.generatePrivate(privateKeySpec);
}
/**
* 公钥加密
* @param data
* @return
* @throws Exception
*/
static String encryptionByPublicKey(String source) throws Exception{
PublicKey publicKey = getPublicKey();
Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
cipher.update(source.getBytes("UTF-8"));
String target = encodeBase64(cipher.doFinal());
System.out.println("公钥加密后的数据:\r\n" + target);
return target;
}
/**
* 公钥解密
* @param target
* @throws Exception
*/
static void decryptionByPublicKey(String target) throws Exception{
PublicKey publicKey = getPublicKey();
Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicKey);
cipher.update(decodeBase64(target));
String source = new String(cipher.doFinal(), "UTF-8");
System.out.println("公钥解密后的数据:\r\n" + source);
}
/**
* 公钥验证签名
* @return
* @throws Exception
*/
static void verifyByPublicKey(String target, String sign) throws Exception{
PublicKey publicKey = getPublicKey();
Signature signature = Signature.getInstance(ALGORITHM_SIGN);
signature.initVerify(publicKey);
signature.update(target.getBytes("UTF-8"));
if (signature.verify(decodeBase64(sign))) {
System.out.println("签名正确!");
} else {
System.out.println("签名错误!");
}
}
/**
* 私钥加密
* @param data
* @return
* @throws Exception
*/
static String encryptionByPrivateKey(String source) throws Exception {
PrivateKey privateKey = getPrivateKey();
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
cipher.update(source.getBytes("UTF-8"));
String target = encodeBase64(cipher.doFinal());
System.out.println("私钥加密后的数据:\r\n" + target);
return target;
}
/**
* 私钥解密
* @param target
* @throws Exception
*/
static void decryptionByPrivateKey(String target) throws Exception {
PrivateKey privateKey = getPrivateKey();
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
cipher.update(decodeBase64(target));
String source = new String(cipher.doFinal(), "UTF-8");
System.out.println("私钥解密后的数据:\r\n" + source);
}
/**
* 私钥签名
* @param target
* @return
* @throws Exception
*/
static String signByPrivateKey(String target) throws Exception{
PrivateKey privateKey = getPrivateKey();
Signature signature = Signature.getInstance(ALGORITHM_SIGN);
signature.initSign(privateKey);
signature.update(target.getBytes("UTF-8"));
String sign = encodeBase64(signature.sign());
System.out.println("生成的签名:\r\n" + sign);
return sign;
}
/**
* base64编码
* @param source
* @return
* @throws Exception
*/
static String encodeBase64(byte[] source) throws Exception{
return new String(Base64.encodeBase64(source), "UTF-8");
}
/**
* Base64解码
* @param target
* @return
* @throws Exception
*/
static byte[] decodeBase64(String target) throws Exception{
return Base64.decodeBase64(target.getBytes("UTF-8"));
}
}
转载地址: http://www.dbmng.com/art-2170.html
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width" />
<title>Login</title>
<script src="jquery-2.2.3.min.js"></script>
<script src="http://passport.cnblogs.com/scripts/jsencrypt.min.js"></script>
<script type="text/javascript">
$(function () {
var encrypt = new JSEncrypt();
encrypt.setPublicKey($("#tra").val());
var data = encrypt.encrypt("娃哈哈123");
alert(data);
$("#btn").click(function () {
$.ajax({
url: '@Url.Action("Login")',
data: "pwd=" + encodeURI(data).replace(/\+/g, '%2B'), //+号的处理:因为数据在网络上传输时,非字母数字字符都将被替换成百分号(%)后跟两位十六进制数,而base64编码在传输到后端的时候,+会变成空格,因此先替换掉。后端再替换回来
type: 'post',
success: function (msg) {
alert(msg);
}
});
});
});
</script>
</head>
<body>
<div>
<input type="button" id="btn" value="点我" />
<textarea id="tra" rows="15" cols="65">MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCPmlbrcJNz8z6EN2qrjT8wrYL2KLbtkUF7Fv/jLNa87NVwin0Nji86N3deFUzxSCZZ2nQSP6Z+JpgSgzgndIvcZYIRVfGywX3I227GQ/dlqVHsZu4dktL/ZmktQiw7Dvy7yXdNyV7ELYNlqgF9vmtLfg4oOL2z4lQ1Z4DCsAQPzwIDAQAB
</textarea>
<hr/>
注意+好的处理
</div>
</body>
</html>
里面的秘钥是我生成的,也可以通过后台自己生成一对公钥和秘钥。