安全

RSA加密解密样例

场景:当未启用HTTPS时,用户的登录密码,以及当用户修改密码时,密码在网络中需要加密传输。

一、交互逻辑

  上图中,前端部分运行在浏览器上,所以需要用JavaScript来加密需要传输的密码,后端部分使用Java来实现。

二、前端部分

  前端部分的加密,选择jsencrypt来实现,代码如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
//用户修改密码样例
$("#ModifyPasswordBtn").bind("click",function(){
  if($("#ModifyPasswordForm").valid()){
      //这里的RSA是使用的模块化加载的入口
      var encrypt = new RSA.JSEncrypt();
      //KEY为公钥
      encrypt.setPublicKey(KEY);
      var data = {
          userUuid:USER.userUuid,
          oldPassword:encrypt.encrypt($('#oldPassword').val()),
          newPassword:encrypt.encrypt($('#newPassword').val())
      };
      $.ajax({
          url:getServer()+"your action",
          type:"post",
          data:data,
          success:function(data){
              var status = data.modifyStatus;
              if(status==1){
                  Util.alert("修改成功");
              }else if(status==0){
                  Util.alert("原密码不正确.");
              }else{
                  Util.alert("修改失败");
              }
          }
      });
  }

三、后端部分

  后端部分使用Java来实现

工具类

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
package com.share.util;

import java.security.InvalidKeyException;  
import java.security.KeyFactory;  
import java.security.KeyPair;  
import java.security.KeyPairGenerator;  
import java.security.NoSuchAlgorithmException;  
import java.security.SecureRandom;  

import java.security.interfaces.RSAPrivateKey;  
import java.security.interfaces.RSAPublicKey;  
import java.security.spec.InvalidKeySpecException;  
import java.security.spec.PKCS8EncodedKeySpec;  
import java.security.spec.X509EncodedKeySpec;  

import java.util.HashMap;

import javax.crypto.BadPaddingException;  
import javax.crypto.Cipher;  
import javax.crypto.IllegalBlockSizeException;  
import javax.crypto.NoSuchPaddingException;  


public class RSATools {  

	/**
     * 生成RAS公钥与私钥字符串,直接返回
     * @return
     */
    public static HashMap<String,String> getKeys(){
    	HashMap<String,String> map = new HashMap<String,String>();
    	 KeyPairGenerator keyPairGen = null;  
         try {  
             keyPairGen = KeyPairGenerator.getInstance("RSA");  
         } catch (NoSuchAlgorithmException e) {  
             // TODO Auto-generated catch block  
             e.printStackTrace();  
         }  
         // 初始化密钥对生成器,密钥大小为96-1024位  
         keyPairGen.initialize(1024,new SecureRandom());  
         // 生成一个密钥对,保存在keyPair中  
         KeyPair keyPair = keyPairGen.generateKeyPair();  
         //得到公钥字符串  
         String publicKey	= base64ToStr(keyPair.getPublic().getEncoded());  
         //得到私钥字符串  
         String privateKey	= base64ToStr(keyPair.getPrivate().getEncoded());  
         map.put("publicKey", publicKey);
         map.put("privateKey", privateKey);
    	return map;
    }

    /**
     * 从字符串中加载公钥
     * @param publicKeyStr	公钥字符串
     * @return
     * @throws Exception
     */
    public static RSAPublicKey loadPublicKey(String publicKeyStr) throws Exception {  
        try {  
            byte[] buffer = javax.xml.bind.DatatypeConverter.parseBase64Binary(publicKeyStr);  
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");  
            X509EncodedKeySpec keySpec = new X509EncodedKeySpec(buffer);  
            return (RSAPublicKey) keyFactory.generatePublic(keySpec);  
        } catch (NoSuchAlgorithmException e) {  
            throw new Exception("无此算法");  
        } catch (InvalidKeySpecException e) {  
            throw new Exception("公钥非法");  
        } catch (NullPointerException e) {  
            throw new Exception("公钥数据为空");  
        }  
    }  

    /**
     * 从字符串中加载私钥
     * @param privateKeyStr		私钥字符串
     * @return
     * @throws Exception
     */
    public static RSAPrivateKey loadPrivateKey(String privateKeyStr) throws Exception {  
    	try {  
            byte[] buffer = javax.xml.bind.DatatypeConverter.parseBase64Binary(privateKeyStr);  
            PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer);  
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");  
            return (RSAPrivateKey) keyFactory.generatePrivate(keySpec);  
        } catch (NoSuchAlgorithmException e) {  
            throw new Exception("无此算法");  
        } catch (InvalidKeySpecException e) {  
            throw new Exception("私钥非法");  
        } catch (NullPointerException e) {  
            throw new Exception("私钥数据为空");  
        }  
    }  

    /**
     * 公钥加密过程
     * @param publicKey      公钥
     * @param plainTextData  明文数据
     * @return
     * @throws Exception     加密过程中的异常信息
     */  
    public static String encrypt(RSAPublicKey publicKey, byte[] plainTextData)throws Exception {  
        if (publicKey == null) {  
            throw new Exception("加密公钥为空, 请设置");  
        }  
        Cipher cipher = null;  
        try {  
            // 使用默认RSA  
            cipher = Cipher.getInstance("RSA");  
            cipher.init(Cipher.ENCRYPT_MODE, publicKey);  
            byte[] output = cipher.doFinal(plainTextData);  
            return base64ToStr(output);  
        } catch (NoSuchAlgorithmException e) {  
            throw new Exception("无此加密算法");  
        } catch (NoSuchPaddingException e) {  
            e.printStackTrace();  
            return null;  
        } catch (InvalidKeyException e) {  
            throw new Exception("加密公钥非法,请检查");  
        } catch (IllegalBlockSizeException e) {  
            throw new Exception("明文长度非法");  
        } catch (BadPaddingException e) {  
            throw new Exception("明文数据已损坏");  
        }  
    }  

    /**
     * 私钥加密过程
     *  
     * @param privateKey       私钥
     * @param plainTextData    明文数据
     * @return
     * @throws Exception       加密过程中的异常信息
     */  
    public static String encrypt(RSAPrivateKey privateKey, byte[] plainTextData) throws Exception {  
        if (privateKey == null) {  
            throw new Exception("加密私钥为空, 请设置");  
        }  
        Cipher cipher = null;  
        try {  
            // 使用默认RSA  
            cipher = Cipher.getInstance("RSA");  
            cipher.init(Cipher.ENCRYPT_MODE, privateKey);  
            byte[] output = cipher.doFinal(plainTextData);  
            return base64ToStr(output);  
        } catch (NoSuchAlgorithmException e) {  
            throw new Exception("无此加密算法");  
        } catch (NoSuchPaddingException e) {  
            e.printStackTrace();  
            return null;  
        } catch (InvalidKeyException e) {  
            throw new Exception("加密私钥非法,请检查");  
        } catch (IllegalBlockSizeException e) {  
            throw new Exception("明文长度非法");  
        } catch (BadPaddingException e) {  
            throw new Exception("明文数据已损坏");  
        }  
    }  

    /**
     * 私钥解密过程
     *  
     * @param privateKey   私钥
     * @param cipherData   密文数据
     * @return 			      明文
     * @throws Exception   解密过程中的异常信息
     */  
    public static String decrypt(RSAPrivateKey privateKey, byte[] cipherData) throws Exception {  
        if (privateKey == null) {  
            throw new Exception("解密私钥为空, 请设置");  
        }  
        Cipher cipher = null;  
        try {  
            // 使用默认RSA  
            cipher = Cipher.getInstance("RSA");  
            cipher.init(Cipher.DECRYPT_MODE, privateKey);  
            byte[] output = cipher.doFinal(cipherData);  
            return new String(output);
        } catch (NoSuchAlgorithmException e) {  
            throw new Exception("无此解密算法");  
        } catch (NoSuchPaddingException e) {  
            e.printStackTrace();  
            return null;  
        } catch (InvalidKeyException e) {  
            throw new Exception("解密私钥非法,请检查");  
        } catch (IllegalBlockSizeException e) {  
            throw new Exception("密文长度非法");  
        } catch (BadPaddingException e) {  
            throw new Exception("密文数据已损坏");  
        }  
    }  

    /**
     * 公钥解密过程
     * @param publicKey    	公钥
     * @param cipherData   	密文数据
     * @return 				明文
     * @throws Exception 	解密过程中的异常信息
     */  
    public static String decrypt(RSAPublicKey publicKey, byte[] cipherData) throws Exception {  
        if (publicKey == null) {  
            throw new Exception("解密公钥为空, 请设置");  
        }  
        Cipher cipher = null;  
        try {  
            // 使用默认RSA  
            cipher = Cipher.getInstance("RSA");  
            cipher.init(Cipher.DECRYPT_MODE, publicKey);  
            byte[] output = cipher.doFinal(cipherData);  
            return new String(output);
        } catch (NoSuchAlgorithmException e) {  
            throw new Exception("无此解密算法");  
        } catch (NoSuchPaddingException e) {  
            e.printStackTrace();  
            return null;  
        } catch (InvalidKeyException e) {  
            throw new Exception("解密公钥非法,请检查");  
        } catch (IllegalBlockSizeException e) {  
            throw new Exception("密文长度非法");  
        } catch (BadPaddingException e) {  
            throw new Exception("密文数据已损坏");  
        }  
    }

    public static String base64ToStr(byte[] b){
    	return javax.xml.bind.DatatypeConverter.printBase64Binary(b);
    }

    public static byte[] strToBase64(String str){
    	return javax.xml.bind.DatatypeConverter.parseBase64Binary(str);
    }
}

生成公钥/私钥

  在第一次请求时生成公钥与私钥,并放到当前线程上。返回公钥给客户端。

1
2
HashMap<String, String> map = RSATools.getKeys();
session.setAttribute("PD_CurrentRSAKey", map);

私钥解密

1
2
3
4
5
6
7
//从session上拿到上次生成的密钥
HashMap<String, String> map   = (HashMap<String, String>) session.getAttribute("PD_CurrentRSAKey");
RSAPrivateKey privateKey      = RSATools.loadPrivateKey(map.get("privateKey"));
//使用私钥解密传输过来的密码
String userUuid     = request.getParameter("userUuid");
String oldPassword  = RSATools.decrypt(privateKey, RSATools.strToBase64(request.getParameter("oldPassword")));
String newPassword  = RSATools.decrypt(privateKey, RSATools.strToBase64(request.getParameter("newPassword")));

四、可运行的样例

  后续提供github地址

留言

欢迎交流想法。留言会通过 GitHub Issues 保存,首次使用需要登录 GitHub。