cryptojs 进行AES对称加密、web登录加密处理思路

极速蜗牛
6,364 阅读2分钟

加解密的双方使用同一个密钥,密钥不能在网络中传输,避免被拦截。 如果要传输,必须要对密钥进行非对称加密再加密一次。

1、npm install crypto-js
2、新建util工具类
//引用AES源码js
import CryptoJS from 'crypto-js'

const key = CryptoJS.enc.Utf8.parse("1234123412ABCDEF");//十六位十六进制数作为密钥
const iv = CryptoJS.enc.Utf8.parse('ABCDEF1234123412');//十六位十六进制数作为密钥偏移量

//解密方法
function Decrypt(word) {
   //返回的是解密后的对象
   let decrypt = CryptoJS.AES.decrypt(restoreBase64,key,{
        iv:iv,
        mode:CryptoJS.mode.CBC,
        padding:CryptoJS.pad.Pkcs7
   });

   //将解密对象转换成UTF8的字符串
   let decryptedStr = decrypt.toString(CryptoJS.enc.Utf8);
   //返回解密结果
   return decryptedStr.toString();
}

//加密方法
function Encrypt(word){
    let srcs = CryptoJS.enc.Utf8.parse(word);
    //CipherOption,加密的一些选项:
    //mode:加密模式,可取值(CBC,CFB,CTR,CTRGladman,OFB,ECB),都在CryptoJS.mode对象下
    //padding:填充方式,可取值(Pkcs7,Ansix923,Iso10126,ZeroPadding,NoPadding),都在CryptoJS.pad对象下
    //iv:偏移量,mode===ECB时,不需要iv
    //返回的是一个加密对象
    let encrypted = CryptoJS.AES.encrypt(srcs,key,{
        iv:iv,
        mode:CryptoJS.mode.CBC,
        padding:CryptoJS.pad.Pkcs7
    });
    //将结果进行base64加密
    return encrypted.ciphertext.toString(CryptoJS.enc.Base64);
}

export {Decrypt,Encrypt}
3、使用
import {Encrypt} from "../../utils/secret";
var userName = Encrypt(this.userName)//加密用户名
var userPassword = Encrypt(this.password)//加密用户密码
console.log('加密后:',userName)
console.log('加密后:',userPassword)
4、aes相应方法
function uuid(len, radix) {
    var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'.split('');
    var uuid = [], i;
    radix = radix || chars.length;

    if (len) {
      // Compact form
      for (i = 0; i < len; i++) uuid[i] = chars[0 | Math.random()*radix];
    } else {
      // rfc4122, version 4 form
      var r;

      // rfc4122 requires these characters
      uuid[8] = uuid[13] = uuid[18] = uuid[23] = '-';
      uuid[14] = '4';

      // Fill in random data.  At i==19 set the high bits of clock sequence as
      // per rfc4122, sec. 4.1.5
      for (i = 0; i < 36; i++) {
        if (!uuid[i]) {
          r = 0 | Math.random()*16;
          uuid[i] = chars[(i == 19) ? (r & 0x3) | 0x8 : r];
        }
      }
    }


    return uuid.join('');
}



export const getKey = () => {
    return uuid(16,16);
};

export function AESEnc(key,content) {

    var key = CryptoJS.enc.Utf8.parse(key);   //加密密钥
    var srcs = CryptoJS.enc.Utf8.parse(content);
    var encrypted = CryptoJS.AES.encrypt(srcs, key, { iv: iv,mode:CryptoJS.mode.CBC});
    return encrypted.toString();
}

export function AESDec(key,content) {
    var key = CryptoJS.enc.Utf8.parse(key);   //加密密钥
    var decrypted = CryptoJS.AES.decrypt(content, key);
    return decrypted.toString(CryptoJS.enc.Utf8);
}
5、加入rsa传递aes秘钥的情况处理如下
// rsaHelper.js
import JsEncrypt from 'jsencrypt/bin/jsencrypt'
import { getKey, AESEnc, AESDec } from './lib/aes'


export const rsaEncode = (string = '') => {
    // const RSA = new
    const publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCRQZ5O/AOAjeYAaSFf6Rjhqovws78I716I9oGF7WxCIPmcaUa1YuyLOncCCuPsaw69+RMWjdbOBp8hd4PPM/d4mKTOVEYUE0SfxhhDTZaM5CzQEUXUyXy7icQTGR5wBjrbjU1yHCKOf5PJJZZQWB06husSFZ40TdL7FdlBpZ1u1QIDAQAB";
    const encrypt = new JsEncrypt.JSEncrypt();
    encrypt.setPublicKey(publicKey);
    return encrypt.encrypt(string);
}

export const createKey = () => (getKey());

export const AES_ENCODE = (key, string = '') => {
    if (!string) throw new Error('encry content is required');
    return AESEnc(key, string);
}

export const AES_DECODE = (key, string = '') => {
    if (!string) throw new Error('encry content is required');
    return AESDec(key, string);
}

// 使用
// import { rsaEncode, AES_ENCODE, createKey } from '@/utils/rsaHelper';
// rsaEncode, AES_ENCODE, createKey
// const key = createKey();
//                         const data = {
//                             username: this.addData.userName,
//                             password: AES_ENCODE(key, this.addData.passWord),
//                             rsaEncryptKey: rsaEncode(key),
//                         }
6、总结登录处理逻辑(rsa+aes)

  1. 服务端器生成公钥、私钥

  2. 安装crypto-js或者直接google官方下载aes文件解压单独引用

  3. 每次登录通过自己封装的uuid方法获取aes加密需要的十六位十六进制随机数和十六位十六进制偏移量 偏移量可自定义写死

  4. 将密码进行aes加密作为password参数

  5. 安装jsencrypt

  6. 通过服务器获取的公钥以rsa的方式对aes需要的私钥进行加密得到rsaEncryptKey传递给服务端

  7. 服务端获取到参数先解析出aes需要的私钥,然后再对密码password字段进行aes解码

avatar
文章
阅读
粉丝