实现注册登录时数据的加密传输(含前后端具体代码)
CSDN 2024-06-24 10:03:02 阅读 82
前言
http/https协议提交在被抓包时请求内容是明文的, 直接传输账号密码的风险非常大,故这里我们要对数据加密处理,并生成校验码,防止数据篡改
目录
编辑
前言
具体思路
代码实现
前端信息加密处理(Vue)
安装crypto-js库,用来AES加密
编写AES加密工具类
编写MD5加密类
后端处理(springboot)
自定义AES加密密钥以及盐值长度等配置
定义AES工具类
定义MD5工具类
随机盐值生成工具类(能生成随机字符串即可)
用户注册Controller层
用户注册Service层
用户登录Controller层
用户登录service层
总结
Http/https传输账户密码等数据时需要加密处理的原因主要有以下几点:
数据保密性:账户密码等敏感信息是用户的私密数据,如果明文传输,可能会被中间人窃取或篡改,导致用户的账户被盗用或信息泄露。通过加密处理,可以保证数据在传输过程中的保密性,使得只有合法的接收方能够解密和使用这些数据。防止篡改:在传输过程中,数据可能会被恶意篡改,例如中间人攻击、数据包劫持等。通过加密处理,可以在接收方验证数据的完整性,确保数据在传输过程中没有被篡改。身份验证:加密处理可以用于身份验证,确保数据的发送方和接收方的身份是合法的。例如,使用公钥加密算法对数据进行加密,只有拥有私钥的接收方才能解密,从而验证发送方的身份。
实现思路
1.前端对账户信息进行AES加密(与后端使用同一密钥),密码进行MD5加密,再将加密后面的两个字符串拼接在一起,进行MD5加密作为我们的校验码(校验加密数据在请求过程中是否被更改)
2.后端收到加密后的账户和密码以及校验码,同第一步加密得校验码,比较校验码是否一致,如果一致,进行后续操作
注册时,后端对接受到的MD5加密后的密码进行加盐加密操作,并将盐值一并存入库中,方便后续登录校验登录时,取得对应用户的盐值,对接收到的密码进行加盐加密,再与原先库中的密码相比较
以下是注册操作的大体流程
代码实现
前端信息加密处理(Vue)
安装crypto-js库,用来AES加密
npm install crypto-js --save-dev
编写AES加密工具类
这里AES加密算法可以自由选择,但是要与后端AES加密解密使用的算法一致,否则会出现验签不成功的问题
import CryptoJS from 'crypto-js';//加密export const aesEncrypt = (word : string, keyStr : string) => { keyStr = keyStr ? keyStr : 'abcdsxyzhkj12345'; //判断是否存在ksy,不存在就用定义好的key const key = CryptoJS.enc.Utf8.parse(keyStr); const srcs = CryptoJS.enc.Utf8.parse(word); const encrypted = CryptoJS.AES.encrypt(srcs, key, { mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7 }); return encrypted.toString();}//解密export const aesDecrypt = (word : string, keyStr : string) => { keyStr = keyStr ? keyStr : 'abcdsxyzhkj12345'; const key = CryptoJS.enc.Utf8.parse(keyStr); const decrypt = CryptoJS.AES.decrypt(word, key, { mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7 }); return CryptoJS.enc.Utf8.stringify(decrypt).toString();}//密钥(长度必须为16位,或者16位的倍数)export const encodeSecret = "1148+=--jkl;P,fj"
编写MD5加密类
// md5加密export function md5(string : string,bit : Number) { function md5_RotateLeft(lValue, iShiftBits) { return (lValue << iShiftBits) | (lValue >>> (32 - iShiftBits)); } function md5_AddUnsigned(lX, lY) { var lX4, lY4, lX8, lY8, lResult; lX8 = (lX & 0x80000000); lY8 = (lY & 0x80000000); lX4 = (lX & 0x40000000); lY4 = (lY & 0x40000000); lResult = (lX & 0x3FFFFFFF) + (lY & 0x3FFFFFFF); if (lX4 & lY4) { return (lResult ^ 0x80000000 ^ lX8 ^ lY8); } if (lX4 | lY4) { if (lResult & 0x40000000) { return (lResult ^ 0xC0000000 ^ lX8 ^ lY8); } else { return (lResult ^ 0x40000000 ^ lX8 ^ lY8); } } else { return (lResult ^ lX8 ^ lY8); } } function md5_F(x, y, z) { return (x & y) | ((~x) & z); } function md5_G(x, y, z) { return (x & z) | (y & (~z)); } function md5_H(x, y, z) { return (x ^ y ^ z); } function md5_I(x, y, z) { return (y ^ (x | (~z))); } function md5_FF(a, b, c, d, x, s, ac) { a = md5_AddUnsigned(a, md5_AddUnsigned(md5_AddUnsigned(md5_F(b, c, d), x), ac)); return md5_AddUnsigned(md5_RotateLeft(a, s), b); }; function md5_GG(a, b, c, d, x, s, ac) { a = md5_AddUnsigned(a, md5_AddUnsigned(md5_AddUnsigned(md5_G(b, c, d), x), ac)); return md5_AddUnsigned(md5_RotateLeft(a, s), b); }; function md5_HH(a, b, c, d, x, s, ac) { a = md5_AddUnsigned(a, md5_AddUnsigned(md5_AddUnsigned(md5_H(b, c, d), x), ac)); return md5_AddUnsigned(md5_RotateLeft(a, s), b); }; function md5_II(a, b, c, d, x, s, ac) { a = md5_AddUnsigned(a, md5_AddUnsigned(md5_AddUnsigned(md5_I(b, c, d), x), ac)); return md5_AddUnsigned(md5_RotateLeft(a, s), b); }; function md5_ConvertToWordArray(string) { var lWordCount; var lMessageLength = string.length; var lNumberOfWords_temp1 = lMessageLength + 8; var lNumberOfWords_temp2 = (lNumberOfWords_temp1 - (lNumberOfWords_temp1 % 64)) / 64; var lNumberOfWords = (lNumberOfWords_temp2 + 1) * 16; var lWordArray = Array(lNumberOfWords - 1); var lBytePosition = 0; var lByteCount = 0; while (lByteCount < lMessageLength) { lWordCount = (lByteCount - (lByteCount % 4)) / 4; lBytePosition = (lByteCount % 4) * 8; lWordArray[lWordCount] = (lWordArray[lWordCount] | (string.charCodeAt(lByteCount) << lBytePosition)); lByteCount++; } lWordCount = (lByteCount - (lByteCount % 4)) / 4; lBytePosition = (lByteCount % 4) * 8; lWordArray[lWordCount] = lWordArray[lWordCount] | (0x80 << lBytePosition); lWordArray[lNumberOfWords - 2] = lMessageLength << 3; lWordArray[lNumberOfWords - 1] = lMessageLength >>> 29; return lWordArray; }; function md5_WordToHex(lValue) { var WordToHexValue = "", WordToHexValue_temp = "", lByte, lCount; for (lCount = 0; lCount <= 3; lCount++) { lByte = (lValue >>> (lCount * 8)) & 255; WordToHexValue_temp = "0" + lByte.toString(16); WordToHexValue = WordToHexValue + WordToHexValue_temp.substr(WordToHexValue_temp.length - 2, 2); } return WordToHexValue; }; function md5_Utf8Encode(string) { string = string.replace(/\r\n/g, "\n"); var utftext = ""; for (var n = 0; n < string.length; n++) { var c = string.charCodeAt(n); if (c < 128) { utftext += String.fromCharCode(c); } else if ((c > 127) && (c < 2048)) { utftext += String.fromCharCode((c >> 6) | 192); utftext += String.fromCharCode((c & 63) | 128); } else { utftext += String.fromCharCode((c >> 12) | 224); utftext += String.fromCharCode(((c >> 6) & 63) | 128); utftext += String.fromCharCode((c & 63) | 128); } } return utftext; }; var x = Array(); var k, AA, BB, CC, DD, a, b, c, d; var S11 = 7, S12 = 12, S13 = 17, S14 = 22; var S21 = 5, S22 = 9, S23 = 14, S24 = 20; var S31 = 4, S32 = 11, S33 = 16, S34 = 23; var S41 = 6, S42 = 10, S43 = 15, S44 = 21; string = md5_Utf8Encode(string); x = md5_ConvertToWordArray(string); a = 0x67452301; b = 0xEFCDAB89; c = 0x98BADCFE; d = 0x10325476; for (k = 0; k < x.length; k += 16) { AA = a; BB = b; CC = c; DD = d; a = md5_FF(a, b, c, d, x[k + 0], S11, 0xD76AA478); d = md5_FF(d, a, b, c, x[k + 1], S12, 0xE8C7B756); c = md5_FF(c, d, a, b, x[k + 2], S13, 0x242070DB); b = md5_FF(b, c, d, a, x[k + 3], S14, 0xC1BDCEEE); a = md5_FF(a, b, c, d, x[k + 4], S11, 0xF57C0FAF); d = md5_FF(d, a, b, c, x[k + 5], S12, 0x4787C62A); c = md5_FF(c, d, a, b, x[k + 6], S13, 0xA8304613); b = md5_FF(b, c, d, a, x[k + 7], S14, 0xFD469501); a = md5_FF(a, b, c, d, x[k + 8], S11, 0x698098D8); d = md5_FF(d, a, b, c, x[k + 9], S12, 0x8B44F7AF); c = md5_FF(c, d, a, b, x[k + 10], S13, 0xFFFF5BB1); b = md5_FF(b, c, d, a, x[k + 11], S14, 0x895CD7BE); a = md5_FF(a, b, c, d, x[k + 12], S11, 0x6B901122); d = md5_FF(d, a, b, c, x[k + 13], S12, 0xFD987193); c = md5_FF(c, d, a, b, x[k + 14], S13, 0xA679438E); b = md5_FF(b, c, d, a, x[k + 15], S14, 0x49B40821); a = md5_GG(a, b, c, d, x[k + 1], S21, 0xF61E2562); d = md5_GG(d, a, b, c, x[k + 6], S22, 0xC040B340); c = md5_GG(c, d, a, b, x[k + 11], S23, 0x265E5A51); b = md5_GG(b, c, d, a, x[k + 0], S24, 0xE9B6C7AA); a = md5_GG(a, b, c, d, x[k + 5], S21, 0xD62F105D); d = md5_GG(d, a, b, c, x[k + 10], S22, 0x2441453); c = md5_GG(c, d, a, b, x[k + 15], S23, 0xD8A1E681); b = md5_GG(b, c, d, a, x[k + 4], S24, 0xE7D3FBC8); a = md5_GG(a, b, c, d, x[k + 9], S21, 0x21E1CDE6); d = md5_GG(d, a, b, c, x[k + 14], S22, 0xC33707D6); c = md5_GG(c, d, a, b, x[k + 3], S23, 0xF4D50D87); b = md5_GG(b, c, d, a, x[k + 8], S24, 0x455A14ED); a = md5_GG(a, b, c, d, x[k + 13], S21, 0xA9E3E905); d = md5_GG(d, a, b, c, x[k + 2], S22, 0xFCEFA3F8); c = md5_GG(c, d, a, b, x[k + 7], S23, 0x676F02D9); b = md5_GG(b, c, d, a, x[k + 12], S24, 0x8D2A4C8A); a = md5_HH(a, b, c, d, x[k + 5], S31, 0xFFFA3942); d = md5_HH(d, a, b, c, x[k + 8], S32, 0x8771F681); c = md5_HH(c, d, a, b, x[k + 11], S33, 0x6D9D6122); b = md5_HH(b, c, d, a, x[k + 14], S34, 0xFDE5380C); a = md5_HH(a, b, c, d, x[k + 1], S31, 0xA4BEEA44); d = md5_HH(d, a, b, c, x[k + 4], S32, 0x4BDECFA9); c = md5_HH(c, d, a, b, x[k + 7], S33, 0xF6BB4B60); b = md5_HH(b, c, d, a, x[k + 10], S34, 0xBEBFBC70); a = md5_HH(a, b, c, d, x[k + 13], S31, 0x289B7EC6); d = md5_HH(d, a, b, c, x[k + 0], S32, 0xEAA127FA); c = md5_HH(c, d, a, b, x[k + 3], S33, 0xD4EF3085); b = md5_HH(b, c, d, a, x[k + 6], S34, 0x4881D05); a = md5_HH(a, b, c, d, x[k + 9], S31, 0xD9D4D039); d = md5_HH(d, a, b, c, x[k + 12], S32, 0xE6DB99E5); c = md5_HH(c, d, a, b, x[k + 15], S33, 0x1FA27CF8); b = md5_HH(b, c, d, a, x[k + 2], S34, 0xC4AC5665); a = md5_II(a, b, c, d, x[k + 0], S41, 0xF4292244); d = md5_II(d, a, b, c, x[k + 7], S42, 0x432AFF97); c = md5_II(c, d, a, b, x[k + 14], S43, 0xAB9423A7); b = md5_II(b, c, d, a, x[k + 5], S44, 0xFC93A039); a = md5_II(a, b, c, d, x[k + 12], S41, 0x655B59C3); d = md5_II(d, a, b, c, x[k + 3], S42, 0x8F0CCC92); c = md5_II(c, d, a, b, x[k + 10], S43, 0xFFEFF47D); b = md5_II(b, c, d, a, x[k + 1], S44, 0x85845DD1); a = md5_II(a, b, c, d, x[k + 8], S41, 0x6FA87E4F); d = md5_II(d, a, b, c, x[k + 15], S42, 0xFE2CE6E0); c = md5_II(c, d, a, b, x[k + 6], S43, 0xA3014314); b = md5_II(b, c, d, a, x[k + 13], S44, 0x4E0811A1); a = md5_II(a, b, c, d, x[k + 4], S41, 0xF7537E82); d = md5_II(d, a, b, c, x[k + 11], S42, 0xBD3AF235); c = md5_II(c, d, a, b, x[k + 2], S43, 0x2AD7D2BB); b = md5_II(b, c, d, a, x[k + 9], S44, 0xEB86D391); a = md5_AddUnsigned(a, AA); b = md5_AddUnsigned(b, BB); c = md5_AddUnsigned(c, CC); d = md5_AddUnsigned(d, DD); } if(bit==32){ return (md5_WordToHex(a) + md5_WordToHex(b) + md5_WordToHex(c) + md5_WordToHex(d)).toLowerCase(); } return (md5_WordToHex(b) + md5_WordToHex(c)).toLowerCase();}
后端处理(springboot)
自定义AES加密密钥以及盐值长度等配置
encoding: # key需要为16位的倍数 aes-secret-key: "9948+=--jkl;P,fj" salt-length: 6
定义AES工具类
/** * java使用AES加密解密 AES-128-ECB加密 * 与mysql数据库aes加密算法通用 * 数据库aes加密解密 * -- 加密 * SELECT to_base64(AES_ENCRYPT('www.gowhere.so','jkl;POIU1234++==')); * -- 解密 * SELECT AES_DECRYPT(from_base64('Oa1NPBSarXrPH8wqSRhh3g=='),'jkl;POIU1234++=='); * @author 836508 * */public class AESUtil { // 加密 public static String Encrypt(String sSrc, String sKey) throws Exception { if (sKey == null) { System.out.print("Key为空null"); return null; } // 判断Key是否为16位 if (sKey.length() != 16) { System.out.print("Key长度不是16位"); return null; } byte[] raw = sKey.getBytes("utf-8"); SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES"); Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");//"算法/模式/补码方式" cipher.init(Cipher.ENCRYPT_MODE, skeySpec); byte[] encrypted = cipher.doFinal(sSrc.getBytes("utf-8")); return new BASE64Encoder().encode(encrypted);//此处使用BASE64做转码功能,同时能起到2次加密的作用。 } // 解密 public static String Decrypt(String sSrc, String sKey) throws Exception { try { // 判断Key是否正确 if (sKey == null) { System.out.print("Key为空null"); return null; } // 判断Key是否为16位 if (sKey.length() != 16) { System.out.print("Key长度不是16位"); return null; } byte[] raw = sKey.getBytes("utf-8"); SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES"); Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); cipher.init(Cipher.DECRYPT_MODE, skeySpec); byte[] encrypted1 = new BASE64Decoder().decodeBuffer(sSrc);//先用base64解密 try { byte[] original = cipher.doFinal(encrypted1); String originalString = new String(original,"utf-8"); return originalString; } catch (Exception e) { System.out.println(e.toString()); return null; } } catch (Exception ex) { System.out.println(ex.toString()); return null; } } public static void main(String[] args) throws Exception { /* * 此处使用AES-128-ECB加密模式,key需要为16位。 */ String cKey = "9948+=--jkl;P,fj"; // 需要加密的字串 String cSrc = "W2hXf6pAeuCP0u2Domsnfg=="; System.out.println(cSrc); // // 加密 // String enString = AESUtil.Encrypt(cSrc, cKey); // System.out.println("加密后的字串是:" + enString); // 解密 String DeString = AESUtil.Decrypt(cSrc, cKey); System.out.println("解密后的字串是:" + DeString); }}
定义MD5工具类
/** * @description MD5加密工具类,支持位数,加盐,无盐,大小写 */public class MD5Util { /** * @Title: md5Lower * @Description:不加盐值32位小写 */ public static String md5Lower(String plainText) { String md5 = null; if (null != plainText && !"".equals(plainText)) { try { MessageDigest md = MessageDigest.getInstance("MD5"); md.update(plainText.getBytes("UTF-8")); md5 = new BigInteger(1, md.digest()).toString(16); } catch (Exception e) { e.printStackTrace(); } } return md5; } /** * @Title: md5Lower * @Description:加盐值32位小写 */ public static String md5Lower(String plainText, String saltValue) { String md5 = null; if (null != plainText && !"".equals(plainText) && null != saltValue && !"".equals(saltValue)) { try { MessageDigest md = MessageDigest.getInstance("MD5"); md.update(plainText.getBytes("UTF-8")); md.update(saltValue.getBytes("UTF-8")); md5 = new BigInteger(1, md.digest()).toString(16); } catch (Exception e) { e.printStackTrace(); } } return md5; } /** * @Title: md5_16Lower * @Description:不加盐值16位小写 */ public static String md5_16Lower(String plainText) { String md5 = md5Lower(plainText); return null==md5?md5:md5.substring(8, 24); } /** * @Title: md5_16Lower * @Description:加盐值16位小写 */ public static String md5_16Lower(String plainText, String saltValue) { String md5 = md5Lower(plainText, saltValue); return null==md5?md5:md5.substring(8, 24); } /** * @Title: md5_16Upper * @Description:不加盐值16位大写 */ public static String md5_16Upper(String plainText) { String md5 = md5_16Lower(plainText); return null==md5?md5:md5.toUpperCase(); } /** * @Title: md5_16Upper * @Description:加盐值16位大写 */ public static String md5_16Upper(String plainText, String saltValue) { String md5 = md5_16Lower(plainText, saltValue); return null==md5?md5:md5.toUpperCase(); } /** * @Title: md5Upper * @Description:不加盐值32位大写 */ public static String md5Upper(String plainText) { String md5 = md5Lower(plainText); return null==md5?md5:md5.toUpperCase(); } /** * @Title: md5Upper * @Description:加盐值32位大写 */ public static String md5Upper(String plainText, String saltValue) { String md5 = md5Lower(plainText, saltValue); return null==md5?md5:md5.toUpperCase(); }}
随机盐值生成工具类(能生成随机字符串即可)
public class RandUtils { /** * 生成count长度的验证码 * @param count * @return */ public static String getRandomCode(Integer count){ Random r = new Random(); String includes = "qwertyuiopasdfghjklzxcvbnm1234567890"; String code = ""; for (int i = 0; i < count; i++) { Integer index = r.nextInt(36); code += includes.charAt(index); } return code; }}
用户注册Controller层
@PostMapping("/register") public R register(@Valid @RequestBody UserRegisterDto registerQo) throws Exception { // 1.数据hash校验 String username = registerQo.getUsername(); String password = registerQo.getPassword(); String hashCode = MD5Util.md5Lower(username + password); //重新生成校验码 if(!hashCode.equals(registerQo.getHashCode())){ return R.error("数据异常,请重试"); } // 2.用户名AES解密还原 registerQo.setUsername(AESUtil.Decrypt(username, AES_SECRET)); // 3.校验通过,开始注册流程 userService.userRegister(registerQo); return R.success("用户注册成功"); }
用户注册Service层
@Override public void userRegister(UserRegisterDto registerQo) { // 1.验证码校验 String code = redisService.getString(registerQo.getUserEmail()); if (!registerQo.getVericode().equals(code)) { throw new CustomException("验证码错误"); } // 2.查询信息是否存在 LambdaQueryWrapper<SystemUser> queryWrapper1 = new LambdaQueryWrapper<>(); queryWrapper1.eq(SystemUser::getUserEmail, registerQo.getUserEmail()); SystemUser systemUserOld = getOne(queryWrapper1); if (systemUserOld != null) { throw new CustomException("该邮箱已经被注册"); } LambdaQueryWrapper<SystemUser> queryWrapper2 = new LambdaQueryWrapper<>(); queryWrapper2.eq(SystemUser::getUsername, registerQo.getUsername()); systemUserOld = getOne(queryWrapper2); if (systemUserOld != null) { throw new CustomException("该用户名已经被注册"); } // 3.加盐加密操作 String salt = RandUtils.getRandomCode(SALT_LENGTH); //生成盐值 String passwordMd5WithSalt = MD5Util.md5Lower(registerQo.getPassword(), salt);//加盐MD5加密 // 4.添加用户 SystemUser systemUser = new SystemUser(); systemUser.setUsername(registerQo.getUsername()); systemUser.setPassword(passwordMd5WithSalt); systemUser.setUserEmail(registerQo.getUserEmail()); systemUser.setHash(salt); //一并保存盐值 save(systemUser); // 5.删除验证码缓存 redisService.delete(registerQo.getUserEmail()); }
用户登录Controller层
@PostMapping("/login") public R login(@Valid @RequestBody UserLoginDto userLoginDto) throws Exception { // 1.数据hash校验 String username = userLoginDto.getUsername(); String password = userLoginDto.getPassword(); String hashCode = MD5Util.md5Lower(username + password); //重新生成校验码 if(!hashCode.equals(userLoginDto.getHashCode())){ return R.error("数据异常,请重试"); } // 2.用户名AES解密还原 userLoginDto.setUsername(AESUtil.Decrypt(username, AES_SECRET)); // 3.校验通过,开始登录验证 LoginSuccessVo loginVo = userService.userLogin(userLoginDto); return R.success(loginVo); }
用户登录service层
@Override public LoginSuccessVo userLogin(UserLoginDto userLoginDto) { // 1.验证码校验 String code = redisService.getString(Constant.ImageCodePreKey + userLoginDto.getCodeUuid()); if (code == null) { throw new CustomException("验证码已过期"); } if (!code.toUpperCase().equals(userLoginDto.getVericode().toUpperCase())) { throw new CustomException("验证码错误"); } // 2.查找用户 SystemUser systemUser = seekUser(userLoginDto.getUsername()); if (systemUser == null) { throw new CustomException("用户不存在"); } // 3.密码校验 // 密码盐值处理 String password = MD5Util.md5Lower(userLoginDto.getPassword() + systemUser.getHash()); if (!systemUser.getPassword().equals(password)) { throw new CustomException("用户密码错误"); } // 4.封装token信息 UUID token = UUID.randomUUID(); /*将token存入缓存中,有效期为三天,这里我们把token当成key,用户id当成value*/ redisService.setStringTime(token.toString(), systemUser.getId().toString(), new Long(3), TimeUnit.DAYS); /*删除本次登录验证码的缓存*/ redisService.delete(Constant.ImageCodePreKey + userLoginDto.getCodeUuid()); /*返回登录成功的信息*/ LoginSuccessVo loginVo = new LoginSuccessVo(); systemUser.setPassword(""); loginVo.setSystemUser(systemUser); loginVo.setToken(token.toString()); return loginVo; }
总结
感谢您的阅读~~
声明
本文内容仅代表作者观点,或转载于其他网站,本站不以此文作为商业用途
如有涉及侵权,请联系本站进行删除
转载本站原创文章,请注明来源及作者。