环境:

在工作中,前端页面发送的报文可能涉及到用户信息,为确保数据安全,需要对请求的数据加密,采用SM2非对称加密,可以有效解决数据的安全问题。

 

前端加密,后端解密Demo源码下载地址

https://gitee.com/iroc-git/springboot-encryptreq.git

 

实现步骤:

第一步:在Maven项目中引入pom依赖

1
2
3
4
5
<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk15on</artifactId>
    <version>1.67</version>
</dependency>

 

第二步:生成公钥和私钥

工具类GetPKs

复制代码

package com.iroc.springboot.util;

import org.bouncycastle.asn1.gm.GMNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.util.encoders.Hex;

import java.math.BigInteger;
import java.security.SecureRandom;

//获取sm2公钥与私钥
public class GetPKs
{
    public static void main(String[] args)
    {
        try
        {
            X9ECParameters sm2ECParameters = GMNamedCurves.getByName("sm2p256v1");
            ECDomainParameters domainParameters = new ECDomainParameters(sm2ECParameters.getCurve(), sm2ECParameters.getG(), sm2ECParameters.getN());
            ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator();
            keyPairGenerator.init(new ECKeyGenerationParameters(domainParameters, SecureRandom.getInstance("SHA1PRNG")));
            AsymmetricCipherKeyPair asymmetricCipherKeyPair = keyPairGenerator.generateKeyPair();

            //上面的代码都是直接用maven依赖中的包直接import就可以用了
            //还有一些更底层的写法,可以自己搜索一下,图方便的这个挺好的

            //私钥,16进制格式,自己保存
            BigInteger privatekey = ((ECPrivateKeyParameters) asymmetricCipherKeyPair.getPrivate()).getD();
            String privateKeyHex = privatekey.toString(16);
            System.out.println("private Key :" + privateKeyHex);

            //公钥,16进制格式,发给前端
            ECPoint ecPoint = ((ECPublicKeyParameters) asymmetricCipherKeyPair.getPublic()).getQ();
            String publicKeyHex = Hex.toHexString(ecPoint.getEncoded(false));
            System.out.println("Public Key :" + publicKeyHex);
        } catch (Exception e)
        {
            e.printStackTrace();
        }
    }

}

复制代码

执行后:

private Key :5e3dcfb19758d7829ebce1ee4276f8193951e0cb77040a319403fce5231cab0e
Public Key :045417fe9233682d37355d2f64db75fb6ff1146efb68cf409cdd64bb7e31a448047c337b0edd919501f678181a230d91e621029bc64faf7fca3631ac2c869673b9

 

第三步:在前端页面中对请求数据加密

1.引入crypto-js.js和sm2.js

请在github中下载(https://github.com/Saberization/SM2

2.对请求报文加密

//sm2公钥var pubkeyHex = "045417fe9233682d37355d2f64db75fb6ff1146efb68cf409cdd64bb7e31a448047c337b0edd919501f678181a230d91e621029bc64faf7fca3631ac2c869673b9";//对请求报文加密jsonReqParams=sm2Encrypt(jsonReqParams, pubkeyHex, 0);

前端页面login.html完整的代码

复制代码

<!DOCTYPE html>

<head>
    <meta charset="utf-8" />
    <script src="../js/crypto-js.js"></script>
    <script src="../js/sm2.js"></script>
    <script src="../js/jquery-3.4.1.min.js"></script>
    <script>

        $(document).ready(function () {
            $("#submit").click(function () {                var username = $("#username").val();                var password = $("#password").val();                var jsonReqParams = {

                };
                jsonReqParams.username=username;
                jsonReqParams.password=password;
                jsonReqParams=JSON.stringify(jsonReqParams);                //sm2公钥
                var pubkeyHex = "045417fe9233682d37355d2f64db75fb6ff1146efb68cf409cdd64bb7e31a448047c337b0edd919501f678181a230d91e621029bc64faf7fca3631ac2c869673b9";                //对请求报文加密
                jsonReqParams=sm2Encrypt(jsonReqParams, pubkeyHex, 0);                //发送请求到后端                $.ajax({
                    type: 'POST', //方法类型
                    dataType: 'json', //预期服务器返回的数据类型
                    url: '/login', //请求地址
                    data: { 'jsonReqParams': jsonReqParams },
                    contentType: 'application/x-www-form-urlencoded; charset=utf-8',
                    success: function (data) {                        if(data.code == "1001"){
                            $("#result").html("登录成功");
                        }else if(data.code== "1002"){
                            $("#result").html("登录失败");
                        }else{
                            $("#result").html("出现异常,请联系管理员");
                        }
                    },
                    error: function () {
                        $("#result").html("出现异常,请联系管理员");
                    },
                });
            });
        });    </script>
</head>

<body>

    用户名:<input type="text" id="username" /><br />
    密码:<input type="password" id="password" /><br />
    <button id="submit">登录</button><br />
    <span id="result"></span>

</body>

复制代码

 

第四步:后端接收前端的请求报文,并解密

1.在后端引入解密工具类DecryptUtil.java

复制代码

package com.iroc.springboot.util;

import org.apache.tomcat.util.codec.binary.Base64;
import org.bouncycastle.asn1.gm.GMNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.util.encoders.Hex;

import java.math.BigInteger;

//解密前端页面的请求报文
public class DecryptUtil
{
    public static String decrypt(String cipherData) throws Exception{
        byte[] cipherDataByte = Hex.decode(cipherData);

        //sm2私钥
        String privateKey = "5e3dcfb19758d7829ebce1ee4276f8193951e0cb77040a319403fce5231cab0e";
        BigInteger privateKeyD = new BigInteger(privateKey, 16);
        X9ECParameters sm2ECParameters1 = GMNamedCurves.getByName("sm2p256v1");
        ECDomainParameters domainParameters1 = new ECDomainParameters(sm2ECParameters1.getCurve(), sm2ECParameters1.getG(), sm2ECParameters1.getN());
        ECPrivateKeyParameters privateKeyParameters = new ECPrivateKeyParameters(privateKeyD, domainParameters1);

        //用私钥解密
        SM2Engine sm2Engine = new SM2Engine();
        sm2Engine.init(false, privateKeyParameters);

        //processBlock得到Base64格式,记得解码
        byte[] arrayOfBytes = Base64.decodeBase64(sm2Engine.processBlock(cipherDataByte, 0, cipherDataByte.length));

        //得到明文:SM2 Encryption Test
        String data = new String(arrayOfBytes);
        return data;
    }
}

复制代码

2.解密前端请求的报文

复制代码


package com.iroc.springboot.controller;

import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.iroc.springboot.util.DecryptUtil;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;

@Controller
public class LoginController
{

    @RequestMapping(value = "/login",method = RequestMethod.POST)
    @ResponseBody
    public String login(@RequestParam(value = "jsonReqParams") String jsonReqParams){
        JsonObject result = new JsonObject();
        //设数据库中usernamezhangsanpassword123456
        try
        {
            //解密前端请求的报文
            jsonReqParams = DecryptUtil.decrypt(jsonReqParams);
            JsonObject jsonObject = new JsonParser().parse(jsonReqParams).getAsJsonObject();
            String username = jsonObject.get("username").getAsString();
            String password = jsonObject.get("password").getAsString();
            if("zhangsan".equals(username)&&"123456".equals(password)){
                result.addProperty("code","1001");
                result.addProperty("desc","登录成功");
            }else {
                result.addProperty("code","1002");
                result.addProperty("desc","账号或密码有误");
            }
        }catch (Exception e){
            e.printStackTrace();
            result.addProperty("code","1003");
            result.addProperty("desc","出现异常,请联系管理员");
        }

        return result.toString();
    }

}

复制代码

 

转自https://www.cnblogs.com/iroc1994/p/16399496.html