Shulou(Shulou.com)06/01 Report--

This article to share with you is about how to achieve security.js RSA encryption and java client decryption, Xiaobian feel quite practical, so share with you to learn, I hope you can read this article after some harvest, not much to say, follow Xiaobian to see it.

In the usual http protocol website directly submitted data can be obtained through information to expose the information submitted by the submitter,(Wu Zixu: l47 can be 181O micro 51l3 can be differentiated), especially the password at the time of registration and the password at the time of login are easily leaked. So how do you prevent this phenomenon? Many people will think of encryption technology, yes, this article is talking about the use of rsa asymmetric encryption technology for data submission, by the customer to obtain the public key generated by the background to encrypt the submission field, after the user submits and then by the private key generated by the background to decrypt. Here, the user password is encrypted when the user logs in as a column, and the code is directly listed below:

The front-end JS code:

$(function(){

$('#subt').click(function(){

var name = jQuery('#loginName').val();

var password =jQuery('#loginPwd').val();

if(name==null||name==""){

alert("username must not be empty! ");

return;

}

if(password==null||password==""){

alert("Password must not be empty! ");

return;

}

jQuery.ajax({

type:"post",

url:"loginset",

success:function(rd){

if(rd!= null){

//encryption module

var Modulus = rd.split(';')[0];

//Public key index

var public_exponent = rd.split(';')[1];

//Get public key by module and public key parameters

var key = new RSAUtils.getKeyPair(private_exponent, "", Modulus);

//reverse the order of the password, or decrypt it and find that the password order is reversed

var reversedPwd = password.split("").reverse().join("");

//encrypt the password transmission

var encrypedPwd = RSAUtils.encryptedString(key,reversedPwd);

jQuery('#subPwd').val(encrypedPwd);

jQuery('#loginPwd').val("");

jQuery('#login').submit();

}

}

})

})

})

HTML code:

login

User Name:

dense Code:

Java generates RSA encryption parameter code in background:

RSAUtils rsa = new RSAUtils();

//Generate public key and secret key

Map keyMap = rsa.createKey();

RSAPublicKey publicKey = (RSAPublicKey) keyMap.get("publicKey");

RSAPrivateKey privateKey = (RSAPrivateKey) keyMap.get("privateKey");

//js Encrypt the string with the public key obtained by modulus and public key exponent, note that it must be converted to hexadecimal

//module

String Modulus = publicKey.getModulus().toString(16);

//Public key index

String Exponent = publicKey.getPublicExponent().toString(16);

//private key index

String private_exponent = privateKey.getPrivateExponent().toString();

HttpSession session = request.getSession();

//modulo and private key exponents in java do not need to be converted to hexadecimal, but those in js need to be converted to hexadecimal

session.setAttribute("Modulus",publicKey.getModulus().toString());

session.setAttribute("private_exponent",private_exponent);

String strSet = Modulus+";"+Exponent;

response.setContentType("text/html;charset=UTF-8");

response.setCharacterEncoding("UTF-8");

PrintWriter out = response.getWriter();

out.write(strSet);

out.flush();

The above is how to implement security.js RSA encryption and java client decryption, Xiaobian believes that some knowledge points may be seen or used in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.