请业务要求数据需要脱敏加密传输,想了很多种办法,最终决定采取下面这种方案实现:
后端java代码:
package org.springblade.common.utils;
import cn.hutool.crypto.asymmetric.KeyType;
import cn.hutool.crypto.asymmetric.RSA;
import java.util.HashMap;
import java.util.Map;
/**
* @ClassName RSAUtil
* @Description TODO
* @Author YuanJiaLe
* @Date 2023/9/26 9:56
* @PackageName org.springblade.system.utils
* @Version 1.0.0
*/
public class RSAUtil {
private final static String RSA_PUBLIC_KEY_NAME = "RSAPublicKey";
private final static String RSA_PRIVATE_KEY_NAME = "RSAPrivateKey";
/**
* 后端密钥
*/
private static final String RSA_PUBLIC_KEY = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxwXWJ6++lMNiAFEYmfhbFXZU+NEhRfBuipw2O4bBr3rqN8rgqYMLN2xhC/8Wsek6SPFAr/JNm/68rkfzDYa6ESaaHKJ79mghWvadS2HfWO44IaJzbB2DmHwxI/DaTrx0fK2qS/10gkrAvsHhhIlWPsIE2wIDAQAB";
private static final String RSA_PRIVATE_KEY = "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALHBdYnr67w07DEoSEmEMOGNen6Uw2IAURiZ+FsVdlT40SFF8G6KnDY7hsGveuo3yuCpgws3bGEL/xax6TpI8UCv8k2b/ryuR/MNhroRJpoconv2aCFa9p1LYd9Y7jghonNsHYOYfDEj8NpOvHR8rapL/XSCSsC+weGEiVY+wgTbAgMBAAECgYAEBGDe/dnXes1Fq/tOzXHofwMXB2Ez2iJowZBQWqVQdLbFw/+jPUEexJ1yEnhPqKsEuVuq61kxXdNQWK8J8gV85pbjHnbuRRVzF8S2NN3Ne9tcyaX2PqxSlGTP+cCQQDUbHACd78lYngX3Y0y+al8hMZvnzwYgVdZAil1EhQWAVgWvVr2FBPFcT+meMdAi6ClfGPtFxDuiS3hAYq7BcTtAkBPYwLHbrzSMqZMGsf9NFbwQh/zKu+pxNSsYl7ncmLb0zyu4quvNWQeuLWi+pTNWu+tlk0PmLEGyVkotlEDYB1bAkB9AZ9c5Gk5L9xqdvfMAr4px90a/QMZjKwBdlM9ULk/ReU35JDt9Vy5OW7yoWroYgLUwAHyGTvelB3KpuSkML31AkEAnQrpx7v3BH9SWqEVHDDMWeXlA5EwyVKxC/R4a5Bz3fDfPggcVn89sNu4BTDgvHkKfT78r6CXwVaRxfBDQwulrw==";
/**
* 前端公钥
*/
private static final String FRONT_RSA_PUBLIC_KEY = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxwXWJ6+u8NOwxKEhJhDDhjXp+lMNiAFEYmfhbFXZU+NEhRfBuipw2O4bBr3rqN8rgqYMLN2xhC/8Wsek6SPFXXXXXAr/JNm/68rkfzDYa6ESaaHKJ79mghWvadS2HfWO44IaJzbB2DmHwxI/DaTrx0fK2qS/10gkrAvsHhhIlWPsIE2wIDAQAB";
// 初始化RSA工具并设置私钥
private static final RSA priRsa = new RSA(RSA_PRIVATE_KEY, null);
// 初始化RSA工具并设置公钥
private static final RSA pubRsa = new RSA(null, RSA_PUBLIC_KEY);
// 初始化RSA工具并设置公钥 【前端公钥】
private static final RSA FrontPubRsa = new RSA(null, FRONT_RSA_PUBLIC_KEY);
private Map<String, String> generateKey() {
Map<String, String> map = new HashMap<>(2);
// 初始化RSA工具,生成密钥对
RSA rsa = new RSA();
// 获取公钥
map.put(RSA_PUBLIC_KEY_NAME, rsa.getPublicKeyBase64());
// 获取私钥
map.put(RSA_PRIVATE_KEY_NAME, rsa.getPrivateKeyBase64());
return map;
}
/**
* 公钥加密
*
* @param data
* @return
*/
public static String encrypt(String data) {
return pubRsa.encryptBase64(data, KeyType.PublicKey);
}
/**
* 私钥解密
*
* @param data
* @return
*/
public static String decrypt(String data) {
return priRsa.decryptStr(data, KeyType.PrivateKey);
}
/**
* 用前端的公钥进行加密
*
* @param data
* @return
*/
public static String frontDecrypt(String data) {
return FrontPubRsa.encryptBase64(data, KeyType.PublicKey);
}
}
自己初始化一下自己的密钥即可,CV就行了
接着是我们的AES这个密钥需要每次调用时动态生成:
package org.springblade.common.utils;
import org.apache.commons.codec.binary.Base64;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.util.UUID;
/**
* @ClassName AESUtil
* @Description TODO
* @Author YuanJiaLe
* @Date 2023/6/1 15:28
* @PackageName org.springblade.system.utils
* @Version 1.0.0
*/
public class AESUtil {
/**
* 加密用的Key 可以用26个字母和数字组成 使用AES-128-CBC加密模式,key需要为16位。
*/
//key 密钥,长度16
private static final String key = "XXXXXXXXX";
//iv 偏移量,长度16
private static final String iv = "N8FB&XXXXXX";
//生成KEY
public static final String[] chars = new String[]{"a", "b", "c", "d", "e", "f",
"g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s",
"t", "u", "v", "w", "x", "y", "z", "0", "1", "2", "3", "4", "5",
"6", "7", "8", "9", "A", "B", "C", "D", "E", "F", "G", "H", "I",
"J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V",
"W", "X", "Y", "Z"};
/**
* Description: 随机生成key 密钥
*
* @Author: YuanJiaLe
* @Date: 2023/9/26 10:00
* @Return: java.lang.String
*/
public static String getKey() {
StringBuffer shortBuffer = new StringBuffer();
String uuid = UUID.randomUUID().toString().replace("-", "");
for (int i = 0; i < 16; i++) {
String str = uuid.substring(i * 2, i * 2 + 2);
int x = Integer.parseInt(str, 16);
shortBuffer.append(chars[x % 0x3E]);
}
return shortBuffer.toString();
}
/**
* Description: AES算法加密明文
*
* @param data 明文
* @param key 随机的密钥
* @Author: YuanJiaLe
* @Date: 2023/9/26 9:40
* @Return: java.lang.String 密文
*/
public static String encrypt(String data, String key) {
try {
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
int blockSize = cipher.getBlockSize();
byte[] dataBytes = data.getBytes();
int plaintextLength = dataBytes.length;
if (plaintextLength % blockSize != 0) {
plaintextLength = plaintextLength + (blockSize - (plaintextLength % blockSize));
}
byte[] plaintext = new byte[plaintextLength];
System.arraycopy(dataBytes, 0, plaintext, 0, dataBytes.length);
SecretKeySpec keyspec = new SecretKeySpec(key.getBytes(), "AES");
// CBC模式,需要一个向量iv,可增加加密算法的强度
IvParameterSpec ivspec = new IvParameterSpec(iv.getBytes());
cipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec);
byte[] encrypted = cipher.doFinal(plaintext);
return encode(encrypted).trim(); // BASE64做转码。
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
/**
* @param data 密文
* @param key 随机的密钥
* @return 明文
* @author miracle.qu
* @Description AES算法解密密文
*/
public static String decrypt(String data, String key) {
try {
byte[] encrypted1 = decode(data);//先用base64解密
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
SecretKeySpec keyspec = new SecretKeySpec(key.getBytes(), "AES");
IvParameterSpec ivspec = new IvParameterSpec(iv.getBytes());
cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec);
byte[] original = cipher.doFinal(encrypted1);
String originalString = new String(original);
return originalString.trim();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
/**
* 编码
*
* @param byteArray
* @return
*/
private static String encode(byte[] byteArray) {
return new String(new Base64().encode(byteArray));
}
/**
* 解码
*
* @param base64EncodedString
* @return
*/
private static byte[] decode(String base64EncodedString) {
return new Base64().decode(base64EncodedString);
}
}
这个如上 需要自己初始化一下自己的iv,密钥就动态生成就行了,不需要初始化,如果在其他地方接口调用需要用到AES可以自己设置一个初始化的密钥,供后端接口之间传递使用
很简单的两个工具类,希望对你有帮助!