热门标签
热门文章
- 1关于远程访问rabbitmq_远程连接rabbitmq用什么端口
- 22024全国危险化学品经营单位安全管理人员在线模拟
- 32024mathorcup数学建模C题保姆级思路模型代码_mathorcup2024c题
- 4Android自定义View,实现日历展示事件(java)_android calendarview显示当天的任务
- 5poj 2018 Best Cow Fences 二分查找dp_best cow fences题解
- 6Hadoop、HDFS_hdfs,hadoop
- 7git rebase & git pull --rebase_git pull --no-rebase
- 8信息系统高级项目管理师:十大知识领域+五大过程组_五大过程组十大知识领域
- 9Spring security 整合JWT 接口权限控制_springsecurity整合jwt实现访问控制
- 102024上半年软考中级《系统集成项目管理工程师》报名考试全攻略_系统集成项目管理中项考试时间2024
当前位置: article > 正文
Springboot 实现数据加解密_springboot 3des
作者:小小林熬夜学编程 | 2024-05-17 03:30:28
赞
踩
springboot 3des
Springboot 实现数据加解密
常用的算法介绍
- AES(Advanced Encryption Standard)**:是一种对称加密算法,用于替代过时的DES(Data Encryption Standard)。AES支持128位、192位和256位密钥长度,被广泛用于保护敏感信息。
- RSA(Rivest-Shamir-Adleman):是一种非对称加密算法,用于实现数据的加密和数字签名。RSA基于数学问题,涉及公钥和私钥,公钥用于加密,私钥用于解密。
- Diffie-Hellman密钥交换:是一种用于安全地交换密钥的协议,通过不安全的通信渠道,双方可以生成一个共享的密钥,然后用于对称加密。
- ECC(Elliptic Curve Cryptography):是一种基于椭圆曲线数学问题的非对称加密算法,与RSA相比,可以实现相同的安全性,但使用更短的密钥长度。
- Blowfish:是一种对称加密算法,适用于加密较大的数据块,由于其速度较快,被广泛用于加密通信和文件。
- Twofish:也是一种对称加密算法,是Blowfish的后续版本,被认为在安全性方面更为强大。
- DES(Data Encryption Standard):是一种对称加密算法,但由于其56位密钥长度较短,已被认为不够安全,逐渐被AES所取代。
- 3DES(Triple Data Encryption Standard):是对DES的改进,通过多次应用DES算法来增加安全性,但由于其计算开销较大,逐渐被更高效的加密算法取代。
实现数据的加解密
代码量过大,这里只展示了主要的逻辑,源代码已经放在github上
地址 https://github.com/yanghaiji/SecureTransmit
自定义注解
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface Decrypt {
}
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface Encrypt {
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
数加密
@Slf4j @RestControllerAdvice public class EncryptResponseBodyAdvice implements ResponseBodyAdvice<Object> { private boolean encrypt; private final SecretProperties secretProperties; private final ThreadLocal<String> publicKey = new ThreadLocal<>(); private final ThreadLocal<String> privateKey = new ThreadLocal<>(); public EncryptResponseBodyAdvice(SecretProperties secretProperties) { this.secretProperties = secretProperties; LocalKeysInitFactory.initLocalKeys(secretProperties, this.publicKey, this.privateKey); } private static final ThreadLocal<Boolean> ENCRYPT_LOCAL = new ThreadLocal<>(); @Override public boolean supports(MethodParameter returnType, Class<? extends HttpMessageConverter<?>> converterType) { encrypt = Objects.requireNonNull(returnType.getMethod()).isAnnotationPresent(Encrypt.class) && secretProperties.getEnable(); return encrypt; } @Override public Object beforeBodyWrite(Object body, MethodParameter returnType, MediaType selectedContentType, Class<? extends HttpMessageConverter<?>> selectedConverterType, ServerHttpRequest request, ServerHttpResponse response) { Boolean status = ENCRYPT_LOCAL.get(); if (null != status && !status) { ENCRYPT_LOCAL.remove(); return body; } if (encrypt) { try { // bug fix key is null LocalKeysInitFactory.initLocalKeys(secretProperties, this.publicKey, this.privateKey); String content = new SerializationStrategy().serialize(body); if (!StringUtils.hasText(publicKey.get())) { throw new NullPointerException("Please configure secure.transmit.encrypt.publicKey parameter!"); } String result = SecureTransmitDigest.getInstance(secretProperties).encrypt(publicKey.get(), content); if (secretProperties.getIsShowLog()) { log.info("Pre-encrypted data:{},After encryption:{}", content, result); } return result; } catch (Exception e) { log.error("Encrypted data exception {}", e.getMessage(), e); throw new SecurityException("Encrypted data exception"); } finally { cleanUp(); } } return body; } /** * 清除当前的 缓存key */ private void cleanUp() { privateKey.remove(); publicKey.remove(); } }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
数据解密
@Slf4j @ControllerAdvice public class DecryptRequestBodyAdvice implements RequestBodyAdvice { /** * 是否开启加密 {@link SecretProperties#getEnable()} */ private boolean encrypt; /** * 安全信息配置 {@link SecretProperties} */ private final SecretProperties secretProperties; /** * 密钥和机密算法的配置 */ private final ThreadLocal<String> publicKey = new ThreadLocal<>(); private final ThreadLocal<String> privateKey = new ThreadLocal<>(); public DecryptRequestBodyAdvice(SecretProperties secretProperties) { this.secretProperties = secretProperties; LocalKeysInitFactory.initLocalKeys(secretProperties, this.publicKey, this.privateKey); } @Override public boolean supports(MethodParameter methodParameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) { if (Objects.requireNonNull(methodParameter.getMethod()).isAnnotationPresent(Decrypt.class) && secretProperties.getEnable()) { encrypt = true; } return encrypt; } @Override public Object handleEmptyBody(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) { return body; } @Override public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) { if (encrypt) { try { LocalKeysInitFactory.initLocalKeys(secretProperties, this.publicKey, this.privateKey); return new DecryptHttpInputMessage(inputMessage, privateKey.get(), secretProperties, secretProperties.getIsShowLog()); } catch (Exception e) { log.error("Decryption failed {}", e.getMessage(), e); throw new SecretException("DecryptRequestBodyAdvice.class error "); } finally { cleanUp(); } } return inputMessage; } @Override public Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) { return body; } /** * 清除当前的 缓存key */ private void cleanUp() { privateKey.remove(); publicKey.remove(); } }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
加解密算法
@Slf4j public class RsaEncryption implements SecureTransmitTemplate { /** * RSA最大加密明文大小 */ private static final int MAX_ENCRYPT_BLOCK = 117; /** * RSA最大解密密文大小 */ private static final int MAX_DECRYPT_BLOCK = 128; /** * 使用给定的公钥加密给定的字符串。 * * @param key 给定的公钥。 * @param plaintext 字符串。 * @return 给定字符串的密文。 */ @Override public String encrypt(String key, String plaintext) { if (key == null || plaintext == null) { return null; } byte[] data = plaintext.getBytes(); try { PublicKey publicKey = DataKeyGenerator.RSA.getPublicKey(key); byte[] enData = encrypt(publicKey, data); return Base64.encodeBase64String(enData); } catch (Exception ex) { log.error("encryptString error {}", ex.getMessage()); } return null; } /** * 使用指定的公钥加密数据。 * * @param key 给定的公钥。 * @param data 要加密的数据。 * @return 加密后的数据。 */ private byte[] encrypt(Key key, byte[] data) throws Exception { Cipher ci = Cipher.getInstance(EncryptConstant.ALGORITHM); ci.init(Cipher.ENCRYPT_MODE, key); return getEnDeData(data, ci, MAX_ENCRYPT_BLOCK); } /** * 使用给定的公钥解密给定的字符串。 * * @param key 给定的公钥 * @param data 密文 * @return 原文字符串。 */ @Override public String decrypt(String key, String data) { if (key == null || isBlank(data)) { return null; } try { PrivateKey privateKey = DataKeyGenerator.RSA.getPrivateKey(key); byte[] enData = Base64.decodeBase64(data); return new String(decrypt(privateKey, enData)); } catch (Exception ex) { log.error(" Decryption failed. Cause: {} , error {}", data, ex.getCause().getMessage()); } return null; } /** * 使用指定的公钥解密数据。 * * @param key 指定的公钥 * @param data 要解密的数据 * @return 原数据 */ private static byte[] decrypt(Key key, byte[] data) throws Exception { Cipher ci = Cipher.getInstance(EncryptConstant.ALGORITHM); ci.init(Cipher.DECRYPT_MODE, key); return getEnDeData(data, ci, MAX_DECRYPT_BLOCK); } /** * 数据加解密 */ private static byte[] getEnDeData(byte[] data, Cipher ci, int maxBlock) throws Exception { int inputLen = data.length; byte[] edData; try (ByteArrayOutputStream out = new ByteArrayOutputStream()) { int offSet = 0; byte[] cache; int i = 0; // 对数据分段解密 while (inputLen - offSet > 0) { if (inputLen - offSet > maxBlock) { cache = ci.doFinal(data, offSet, maxBlock); } else { cache = ci.doFinal(data, offSet, inputLen - offSet); } out.write(cache, 0, cache.length); i++; offSet = i * maxBlock; } edData = out.toByteArray(); } return edData; } /** * 判断非空字符串 * * @param cs 待判断的CharSequence序列 * @return 是否非空 */ private static boolean isBlank(final CharSequence cs) { int strLen; if (cs == null || (strLen = cs.length()) == 0) { return true; } for (int i = 0; i < strLen; i++) { if (!Character.isWhitespace(cs.charAt(i))) { return false; } } return true; } }
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
完整的代码连接 ,源代码地址https://github.com/yanghaiji/SecureTransmit
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/小小林熬夜学编程/article/detail/581761
推荐阅读
相关标签
