项目漏扫要求涉及到密码传输的页面对密码进行加密,下面是需求详情:
1.需求:客户、客户经理、管理员登录页面的密码需要加密传输
2.风险分析:程序在与服务器通信的过程中如果未做加密处理,数据可能被第三方截获,导致泄露隐私信息,服务器沦陷等风险
3.加密方式:3DES,AES,RSA,MD5其中之一即可
其中3DES和AES是对称加密算法,RSA是非对称加密算法,MD5是Hash加密算法,我选择了3DES加密,关于各种算法的比较可以参考https://blog.csdn.net/super_tianxinmomo/article/details/80062088
废话不多说,show you my code!希望对大家有帮助
JavaScript:
<script src="${ctxStatic}/core/js/tripledes2.js"></script>
<script src="${ctxStatic}/core/js/cipher-core.js"></script>
<script src="${ctxStatic}/core/js/core.js"></script>
<script src="${ctxStatic}/core/js/mode-ecb.js"></script>
<script src="${ctxStatic}/core/js/md5.js"></script>
<script type="text/javascript">
function encryptByDES(message, key) {
var keyHex = CryptoJS.enc.Utf8.parse(key);
var encrypted = CryptoJS.DES.encrypt(message, keyHex, {
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7
});
return encrypted.toString();
}
function decryptByDES(ciphertext, key) {
var keyHex = CryptoJS.enc.Utf8.parse(key);
// direct decrypt ciphertext
var decrypted = CryptoJS.DES.decrypt({
ciphertext: CryptoJS.enc.Base64.parse(ciphertext)
}, keyHex, {
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7
});
return decrypted.toString(CryptoJS.enc.Utf8);
}
$().ready(function() {
$(".loginform").validate({
submitHandler:function(form){
//这里需要输入和java里相同的key
var pw = encryptByDES($("#pw").val(),"abc123.*abc123.*abc123.*abc123.*");
$("#pw").val(pw);
document.loginForm.submit(); //fm为form表单name
}
});
});
</script>
Java:
package com.cs.core.modules.sys.security;
import java.security.Key;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
/**
* des加密解密
*
* @author
*
*/
public class DES {
Key key;
public DES(String str) {
setKey(str);// 生成密匙
}
public DES() {
setKey("abc123.*abc123.*abc123.*abc123.*");
}
/**
* 根据参数生成KEY
*/
public void setKey(String strKey) {
try {
//对比DES
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
this.key = keyFactory.generateSecret(new DESedeKeySpec(strKey.getBytes("UTF8")));
} catch (Exception e) {
throw new RuntimeException(
"Error initializing SqlMap class. Cause: " + e);
}
}
/**
* 加密String明文输入,String密文输出
*/
public String encrypt(String strMing) {
byte[] byteMi = null;
byte[] byteMing = null;
String strMi = "";
BASE64Encoder base64en = new BASE64Encoder();
try {
byteMing = strMing.getBytes("UTF8");
byteMi = this.getEncCode(byteMing);
strMi = base64en.encode(byteMi);
} catch (Exception e) {
throw new RuntimeException(
"Error initializing SqlMap class. Cause: " + e);
} finally {
base64en = null;
byteMing = null;
byteMi = null;
}
return strMi;
}
/**
* 解密 以String密文输入,String明文输出
*
* @param strMi
* @return
*/
public String decrypt(String strMi) {
BASE64Decoder base64De = new BASE64Decoder();
byte[] byteMing = null;
byte[] byteMi = null;
String strMing = "";
try {
byteMi = base64De.decodeBuffer(strMi);
byteMing = this.getDesCode(byteMi);
strMing = new String(byteMing, "UTF8");
} catch (Exception e) {
throw new RuntimeException(
"Error initializing SqlMap class. Cause: " + e);
} finally {
base64De = null;
byteMing = null;
byteMi = null;
}
return strMing;
}
/**
* 加密以byte[]明文输入,byte[]密文输出
*
* @param byteS
* @return
*/
private byte[] getEncCode(byte[] byteS) {
byte[] byteFina = null;
Cipher cipher;
try {//对比DES
cipher = Cipher.getInstance("DESede");
cipher.init(Cipher.ENCRYPT_MODE, key,SecureRandom.getInstance("SHA1PRNG"));
byteFina = cipher.doFinal(byteS);
} catch (Exception e) {
throw new RuntimeException(
"Error initializing SqlMap class. Cause: " + e);
} finally {
cipher = null;
}
return byteFina;
}
/**
* 解密以byte[]密文输入,以byte[]明文输出
*
* @param byteD
* @return
*/
private byte[] getDesCode(byte[] byteD) {
Cipher cipher;
byte[] byteFina = null;
try {//对比DES
cipher = Cipher.getInstance("DESede");
cipher.init(Cipher.DECRYPT_MODE, key,SecureRandom.getInstance("SHA1PRNG"));
byteFina = cipher.doFinal(byteD);
} catch (Exception e) {
throw new RuntimeException(
"Error initializing SqlMap class. Cause: " + e);
} finally {
cipher = null;
}