登录密码的加密处理
登录密码的加密处理
1.第一步:SHA加密,可以前端在传输过来的时候,已经加密处理
前端代码参考:
import sha1 from 'js-sha1'
sha1.hex(this.state.password)
2.加密(MAC),传输到后端的时候,再次加密(MAC),存储到数据库中。
package com.example.core.mydemo.des; import java.math.BigInteger; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.List; public class SHA1Example3 { public static String sha1Hex(String input) { try { // 获取 SHA-1 实例 MessageDigest md = MessageDigest.getInstance("SHA-1"); // 计算哈希值 byte[] messageDigest = md.digest(input.getBytes()); // 将字节数组转换为十六进制字符串 BigInteger no = new BigInteger(1, messageDigest); String hashtext = no.toString(16); // 补全前导0 while (hashtext.length() < 40) { hashtext = "0" + hashtext; } return hashtext; } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } } public static void main(String[] args) { List<String> list = Arrays.asList( "123456", "384213" ); for (int i = 0; i < list.size(); i++) { String str = list.get(i); System.out.println(str + "-" +sha1Hex(str) + "-" + EncryptUtil3.encode(sha1Hex(str)).toLowerCase()); } } }
package com.example.core.mydemo.des; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.util.encoders.Base64; import org.bouncycastle.util.encoders.Hex; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import javax.crypto.Mac; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.Security; public class EncryptUtil3 { private static final String ALGORITHM = "HmacSHA224"; private static final String ENCODEING = "UTF-8"; private static final String ENCRYPT_KEY = "testkeytestkey"; private static final byte[] key = Base64.decode(ENCRYPT_KEY); private static final SecretKey secretKey = new SecretKeySpec(key, ALGORITHM); private static Mac mac; static { Security.addProvider(new BouncyCastleProvider()); } private static Logger logger = LoggerFactory.getLogger(EncryptUtil3.class.getName()); /** * 对字符串进行加密(MAC) * * @param text 明文 * @return 密文 * @throws NoSuchAlgorithmException * @throws InvalidKeyException */ public static String encode(String text) { try { mac = (mac == null) ? Mac.getInstance(secretKey.getAlgorithm()) : mac; mac.init(secretKey); byte[] codedText = mac.doFinal(text.getBytes(ENCODEING)); return new String(Hex.encode(codedText), ENCODEING); } catch (Exception ex) { logger.info("对字符串进行加密(MAC)失败", ex); return null; } } public static void main(String[] args) { String password = "123456"; String code = EncryptUtil3.encode(password).toLowerCase(); System.out.println("pwd=" + code); } }
浙公网安备 33010602011771号