java - 数据库账号的加密解密
1 加密解密算法的实现 - BASE64Decoder
在平台部署时,要求对数据库中的账号密码进行加密,并在程序读取时进行解密。这里详细描述了加密解密算法的实现及调用。
这里我们使用的加密算法是java se环境中自带的加密算法 :
算法原理:https://blog.csdn.net/mafei852213034/article/details/53331233.
算法实现:
package com.cry;
import java.security.Key;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
/**
* 对指定字符串进行加密或解密
* @author rmling
*/
public class EncryptAndDecryptStr {
private static Key key;
/**
* 对指定字符串进行加密,返回加密后的字符串
* @param key 加密的key
* @param strMing 待加密的字符串
* @return
*/
public static String encryptStr(String key,String strMing) {
getKey(key);
byte[] byteMi = null;
byte[] byteMing = null;
String strMi = "";
BASE64Encoder base64en = new BASE64Encoder();
try {
byteMing = strMing.getBytes("UTF8");
byteMi = encToByte(byteMing);
strMi = base64en.encode(byteMi);
} catch (Exception e) {
e.printStackTrace();
} finally {
base64en = null;
byteMing = null;
byteMi = null;
}
return strMi;
}
/**
* 对指定字符串进行解密,返回解密后的字符串
* @param key 加密的key
* @param strDecry 待解密的字符串
* @return
*/
public static String decryptStr(String key,String strDecry) {
getKey(key);
BASE64Decoder base64De = new BASE64Decoder();
byte[] byteMing = null;
byte[] byteMi = null;
String strMing = "";
try {
byteMi = base64De.decodeBuffer(strDecry);
byteMing = byteToEnc(byteMi);
strMing = new String(byteMing, "UTF8");
} catch (Exception e) {
e.printStackTrace();
} finally {
base64De = null;
byteMing = null;
byteMi = null;
}
return strMing;
}
private static void getKey(String strKey) {
if(strKey == null || "".equals(strKey)){
strKey = "ytxsoft";
}
try {
KeyGenerator _generator = KeyGenerator.getInstance("DES");
// SecureRandom 实现完全随操作系统本身的內部状态,除非调用方在调用 getInstance 方法,然后调用 setSeed 方法;该实现在 windows 上每次生成的 key 都相同,但是在 solaris 或部分 linux 系统上则不同。
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
random.setSeed(strKey.getBytes());
_generator.init(random);
key = _generator.generateKey();
_generator = null;
} catch (Exception e) {
e.printStackTrace();
}
}
private static byte[] encToByte(byte[] byteS) {
byte[] byteFina = null;
Cipher cipher;
try {
cipher = Cipher.getInstance("DES");
cipher.init(Cipher.ENCRYPT_MODE, key);
byteFina = cipher.doFinal(byteS);
} catch (Exception e) {
e.printStackTrace();
} finally {
cipher = null;
}
return byteFina;
}
private static byte[] byteToEnc(byte[] byteD) {
Cipher cipher;
byte[] byteFina = null;
try {
cipher = Cipher.getInstance("DES");
cipher.init(Cipher.DECRYPT_MODE, key);
byteFina = cipher.doFinal(byteD);
} catch (Exception e) {
e.printStackTrace();
} finally {
cipher = null;
}
return byteFina;
}
}
2.数据库账号的加密
对常见的数据库配置文件,如下:
<session-factory>
<property name="hibernate.connection.driver_class">com.mysql.jdbc.Driver</property>
<property name="hibernate.connection.url">jdbc:mysql://localhost:testDB/jbpmdb?useSSL=true&useUnicode=true&characterEncoding=UTF-8</property>
<!-- 加密前的数据库连接配置 -->
<property name="hibernate.connection.username">user1</property>
<property name="hibernate.connection.password">pass1</property></session-factory>
通过函数调用加密算法,生成对应的用户名和密码的加密字符串,替代文件中的真实用户名和密码:
public static void main(String[] args) {
System.out.println(EncryptAndDecryptStr.encryptStr("testDB", "user1"));
System.out.println(EncryptAndDecryptStr.encryptStr("testDB", "pass1"));
}
结果输出:
此时,配置文件可更新为:
<session-factory>
<property name="hibernate.connection.driver_class">com.mysql.jdbc.Driver</property>
<property name="hibernate.connection.url">jdbc:mysql://localhost:testDB/jbpmdb?useSSL=true&useUnicode=true&characterEncoding=UTF-8</property>
<!-- 加密后的数据库连接配置 -->
<property name="hibernate.connection.username">l60UHD130pk=</property>
<property name="hibernate.connection.password">Sk2XHkX15CQ=</property></session-factory>
3. 数据库账号的解密
在读取数据库配置文件后,将加密的用户名和密码解密成原始配置
public static void main(String[] args) {
//加密
System.out.println(EncryptAndDecryptStr.encryptStr("testDB", "user1"));
System.out.println(EncryptAndDecryptStr.encryptStr("testDB", "pass1"));
//解密
System.out.println(EncryptAndDecryptStr.decryptStr("testDB", "l60UHD130pk="));
System.out.println(EncryptAndDecryptStr.decryptStr("testDB", "Sk2XHkX15CQ="));
}
结果输出:
4. 开放的数据库用户名、密码的加密解密接口
4.1 开放接口DatabaseEnDeCryptInterface
:
/**
* 数据库加解密的接口
* @author rmling
*/
public interface DatabaseEnDeCryptInterface{
/**获取userName加密后的字符串*/
public String getEncryptUserName(String key,String userName);
/**对指定字符串进行解密,返回解密后的字符串*/
public String getDecryptUserName(String key,String strDecryUserName);
/**获取passward加密后的字符串*/
public String getEncryptPassward(String key,String passward);
/**对指定字符串进行解密,返回解密后的字符串*/
public String getDecryptPassward(String key,String passward);
}
4.2 接口实现 - 参考
接口实现可根据实际情况自己实现:
private static DatabaseEnDeCryptInterface databaseInter;
static{
databaseInter = new DatabaseEnDeCryptInterface() {
@Override
public String getEncryptUserName(String arg0, String arg1) {
return EncryptAndDecryptStr.encryptStr(arg0, arg1);
}
@Override
public String getEncryptPassward(String arg0, String arg1) {
return EncryptAndDecryptStr.encryptStr(arg0, arg1);
}
@Override
public String getDecryptUserName(String arg0, String arg1) {
return EncryptAndDecryptStr.decryptStr(arg0, arg1);
}
@Override
public String getDecryptPassward(String arg0, String arg1) {
return EncryptAndDecryptStr.decryptStr(arg0, arg1);
}
};
}
1 . 源码下载链接: https://download.csdn.net/download/weixin_44462773/24395402.
2 . 下一章:jbpm - hibernate 的数据库加密解密的实现.