亲爱的,我需要在Java中使用带有哈希的Base64加密和解密密码。使用下面的代码,我可以存储我的密码并访问我的系统:
public class SystemUserDao {
@PersistenceContext
private EntityManager manager;
public void save(SystemUser systemUser) {
encryPassword(systemUser);
manager.persist(systemUser);
}
private void encryPassword(SystemUser systemUser) {
String password64 = generate(systemUser.getPassword());
systemUser.setPassword(password64);
}
public String generate(String plainText) {
try {
byte[] digest = MessageDigest.getInstance("sha-256").digest(plainText.getBytes());
return Base64Encoder.encode(digest);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
存储在数据库中的密码:
password64: pmWkWSBCL51Bfkhn79xPuKBKHz//H6B+mY6G9/eieuM=
计划文本:123
但是,我需要在我的密码中添加盐并使用如下代码:
public class SystemUserDao {
@PersistenceContext
private EntityManager manager;
public void save(SystemUser systemUser) {
encryDecryPasswordWithSalt(systemUser);
manager.persist(systemUser);
}
private String encryDecryPasswordWithSalt(SystemUser systemUser) {
String secretKey = systemUser.getPassword();
try {
String fSalt = "anySaltYouCanUseOfOn";
String plainText = "M0993000353";
String cipherText = encrypt(secretKey, fSalt, plainText);
System.out.println("Cipher: " + cipherText);
String dcrCipherText = decrypt(secretKey, fSalt, cipherText);
System.out.println("Decrypted: " + dcrCipherText);
System.out.println("secretKey: " + secretKey);
systemUser.setPassword(cipherText);
return plainText;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
public static String encrypt(String secretKey, String salt, String value) throws Exception {
Cipher cipher = initCipher(secretKey, salt, Cipher.ENCRYPT_MODE);
byte[] encrypted = cipher.doFinal(value.getBytes());
byte[] cipherWithIv = addIVToCipher(encrypted);
return Base64.encodeBase64String(cipherWithIv);
}
public static String decrypt(String secretKey, String salt, String encrypted) throws Exception {
Cipher cipher = initCipher(secretKey, salt, Cipher.DECRYPT_MODE);
byte[] original = cipher.doFinal(Base64.decodeBase64(encrypted));
byte[] originalWithoutIv = Arrays.copyOfRange(original, 16, original.length);
return new String(originalWithoutIv);
}
private static Cipher initCipher(String secretKey, String salt, int mode) throws Exception {
SecretKeyFactory factory = SecretKeyFactory.getInstance(factoryInstance);
KeySpec spec = new PBEKeySpec(secretKey.toCharArray(), salt.getBytes(), 65536, 256);
SecretKey tmp = factory.generateSecret(spec);
SecretKeySpec skeySpec = new SecretKeySpec(tmp.getEncoded(), secretKeyType);
Cipher cipher = Cipher.getInstance(cipherInstance);
// Generating random IV
SecureRandom random = new SecureRandom();
random.nextBytes(ivCode);
cipher.init(mode, skeySpec, new IvParameterSpec(ivCode));
return cipher;
}
private static byte[] addIVToCipher(byte[] encrypted) {
byte[] cipherWithIv = new byte[ivCode.length + encrypted.length];
System.arraycopy(ivCode, 0, cipherWithIv, 0, ivCode.length);
System.arraycopy(encrypted, 0, cipherWithIv, encrypted.length, encrypted.length);
return cipherWithIv;
}
在我的控制台中打印:
11:04:25,766 信息 [stdout] (默认任务-1( 密码: pd7suE4qmcdfWTvfNCNad7RRxUMUJahm0OXM0vSrpHY=
11:04:25,995 信息 [标准输出](默认任务-1( 解密:M0993000353
11:04:25,995 信息 [标准输出] (默认任务-1( 密钥: 123
这是存储在数据库中的密码: pd7suE4qmcdfWTvfNCNad7RRxUMUJahm0OXM0vSrpHY=
但是,我不使用此密码访问我的系统。 拜托,每个人都能帮我解决这个问题吗?
从 Java 8 开始,我们有一个漂亮的类Base64.
因此,您可以使用Base64.Encoder和Base64.Decoder来执行任务
更多信息: https://docs.oracle.com/javase/8/docs/api/java/util/Base64.html