3DES实现前台JavaScript加密,后台Java解密

项目漏扫要求涉及到密码传输的页面对密码进行加密,下面是需求详情:

1.需求:客户、客户经理、管理员登录页面的密码需要加密传输

2.风险分析：程序在与服务器通信的过程中如果未做加密处理，数据可能被第三方截获，导致泄露隐私信息，服务器沦陷等风险

3.加密方式：3DES，AES，RSA，MD5其中之一即可

其中3DES和AES是对称加密算法,RSA是非对称加密算法,MD5是Hash加密算法,我选择了3DES加密,关于各种算法的比较可以参考https://blog.csdn.net/super_tianxinmomo/article/details/80062088

废话不多说,show you my code!希望对大家有帮助

JavaScript:

    <script src="${ctxStatic}/core/js/tripledes2.js"></script>
    <script src="${ctxStatic}/core/js/cipher-core.js"></script>
    <script src="${ctxStatic}/core/js/core.js"></script>
    <script src="${ctxStatic}/core/js/mode-ecb.js"></script>
    <script src="${ctxStatic}/core/js/md5.js"></script>

    <script type="text/javascript">
        function encryptByDES(message, key) {

            var keyHex = CryptoJS.enc.Utf8.parse(key);
            var encrypted = CryptoJS.DES.encrypt(message, keyHex, {
                mode: CryptoJS.mode.ECB,
                padding: CryptoJS.pad.Pkcs7
            });
            return encrypted.toString();
        }
        function decryptByDES(ciphertext, key) {
            var keyHex = CryptoJS.enc.Utf8.parse(key);

            // direct decrypt ciphertext
            var decrypted = CryptoJS.DES.decrypt({
                ciphertext: CryptoJS.enc.Base64.parse(ciphertext)
            }, keyHex, {
                mode: CryptoJS.mode.ECB,
                padding: CryptoJS.pad.Pkcs7
            });

            return decrypted.toString(CryptoJS.enc.Utf8);
        }

        $().ready(function() {
            $(".loginform").validate({
                submitHandler:function(form){
                    //这里需要输入和java里相同的key
                    var pw = encryptByDES($("#pw").val(),"abc123.*abc123.*abc123.*abc123.*");
                    $("#pw").val(pw);
                    document.loginForm.submit();  //fm为form表单name
                }
            });
        });
    </script>

Java:

package com.cs.core.modules.sys.security;

import java.security.Key;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;


/**
 * des加密解密
 *
 * @author
 *
 */
public class DES {

    Key key;

    public DES(String str) {
        setKey(str);// 生成密匙
    }

    public DES() {
        setKey("abc123.*abc123.*abc123.*abc123.*");
    }

    /**
     * 根据参数生成KEY
     */
    public void setKey(String strKey) {
        try {
            //对比DES
            SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
            this.key  = keyFactory.generateSecret(new DESedeKeySpec(strKey.getBytes("UTF8")));
        } catch (Exception e) {
            throw new RuntimeException(
                    "Error initializing SqlMap class. Cause: " + e);
        }
    }


    /**
     * 加密String明文输入,String密文输出
     */
    public String encrypt(String strMing) {
        byte[] byteMi = null;
        byte[] byteMing = null;
        String strMi = "";
        BASE64Encoder base64en = new BASE64Encoder();
        try {
            byteMing = strMing.getBytes("UTF8");
            byteMi = this.getEncCode(byteMing);
            strMi = base64en.encode(byteMi);
        } catch (Exception e) {
            throw new RuntimeException(
                    "Error initializing SqlMap class. Cause: " + e);
        } finally {
            base64en = null;
            byteMing = null;
            byteMi = null;
        }
        return strMi;
    }

    /**
     * 解密 以String密文输入,String明文输出
     *
     * @param strMi
     * @return
     */
    public String decrypt(String strMi) {
        BASE64Decoder base64De = new BASE64Decoder();
        byte[] byteMing = null;
        byte[] byteMi = null;
        String strMing = "";
        try {
            byteMi = base64De.decodeBuffer(strMi);
            byteMing = this.getDesCode(byteMi);
            strMing = new String(byteMing, "UTF8");
        } catch (Exception e) {
            throw new RuntimeException(
                    "Error initializing SqlMap class. Cause: " + e);
        } finally {
            base64De = null;
            byteMing = null;
            byteMi = null;
        }
        return strMing;
    }

    /**
     * 加密以byte[]明文输入,byte[]密文输出
     *
     * @param byteS
     * @return
     */
    private byte[] getEncCode(byte[] byteS) {
        byte[] byteFina = null;
        Cipher cipher;
        try {//对比DES
            cipher = Cipher.getInstance("DESede");
            cipher.init(Cipher.ENCRYPT_MODE, key,SecureRandom.getInstance("SHA1PRNG"));
            byteFina = cipher.doFinal(byteS);
        } catch (Exception e) {
            throw new RuntimeException(
                    "Error initializing SqlMap class. Cause: " + e);
        } finally {
            cipher = null;
        }
        return byteFina;
    }

    /**
     * 解密以byte[]密文输入,以byte[]明文输出
     *
     * @param byteD
     * @return
     */
    private byte[] getDesCode(byte[] byteD) {
        Cipher cipher;
        byte[] byteFina = null;
        try {//对比DES
            cipher = Cipher.getInstance("DESede");
            cipher.init(Cipher.DECRYPT_MODE, key,SecureRandom.getInstance("SHA1PRNG"));
            byteFina = cipher.doFinal(byteD);
        } catch (Exception e) {
            throw new RuntimeException(
                    "Error initializing SqlMap class. Cause: " + e);
        } finally {
            cipher = null;
        }