• RSA 登陆加密与解密


      最近公司项目验收后,客户请来的信息安全技术人员对我们的网站进行了各种安全测试与排查问题,其中就有一个登陆时的加密问题。本来如果只是单纯的加密,可以直接在前台用MD5加密,将加密的值添加到数据库即可。但是现在的项目里有很多的用户,密码也是后台MD5加密了的。这样就不能单纯在前台用MD5加密,可能是本人能力有限,使用的前台MD5加密与后台的MD5加密的值不一致,用户登陆在密码比对的时候就会失败登陆不了。只能使用非对称加密,前台加密后台解密后使用MD5加密再作对比,这种做法才能使用改动最少。网上查资料后就使用了RSA非对称加密。

    https://www.cnblogs.com/amylis_chen/p/6054414.html

    前端代码

     <script src="http://code.jquery.com/jquery-1.8.3.min.js"></script>

     <script src="http://passport.cnblogs.com/scripts/jsencrypt.min.js"></script>

    <script>

       var encrypt = new JSEncrypt();

        encrypt.setPublicKey("公钥可以用工具生成");
        var userPwd = encrypt.encrypt(输入的密码);     //加密后的密码

    </script>

    后端代码

    var publicKey = "公钥可以用工具生成"

    var privateKey = "私钥可以用工具生成“

    RSACrypto rsaCrypto = new RSACrypto(privateKey, publicKey);
    userPwd = rsaCrypto.Decrypt(userPwd);    //解密后的密码,就是输入密码的值

    /// <summary>
    /// RSA非对称加密
    /// </summary>
    public class RSACrypto
    {
    private RSACryptoServiceProvider _privateKeyRsaProvider;
    private RSACryptoServiceProvider _publicKeyRsaProvider;

    public RSACrypto(string privateKey, string publicKey = null)
    {
    if (!string.IsNullOrEmpty(privateKey))
    {
    _privateKeyRsaProvider = CreateRsaProviderFromPrivateKey(privateKey);
    }

    if (!string.IsNullOrEmpty(publicKey))
    {
    _publicKeyRsaProvider = CreateRsaProviderFromPublicKey(publicKey);
    }
    }

    public string Decrypt(string cipherText)
    {
    if (_privateKeyRsaProvider == null)
    {
    throw new Exception("_privateKeyRsaProvider is null");
    }
    return Encoding.UTF8.GetString(_privateKeyRsaProvider.Decrypt(System.Convert.FromBase64String(cipherText), false));
    }

    public string Encrypt(string text)
    {
    if (_publicKeyRsaProvider == null)
    {
    throw new Exception("_publicKeyRsaProvider is null");
    }
    return Convert.ToBase64String(_publicKeyRsaProvider.Encrypt(Encoding.UTF8.GetBytes(text), false));
    }

    private RSACryptoServiceProvider CreateRsaProviderFromPrivateKey(string privateKey)
    {
    var privateKeyBits = System.Convert.FromBase64String(privateKey);

    var RSA = new RSACryptoServiceProvider();
    var RSAparams = new RSAParameters();

    using (BinaryReader binr = new BinaryReader(new MemoryStream(privateKeyBits)))
    {
    byte bt = 0;
    ushort twobytes = 0;
    twobytes = binr.ReadUInt16();
    if (twobytes == 0x8130)
    binr.ReadByte();
    else if (twobytes == 0x8230)
    binr.ReadInt16();
    else
    throw new Exception("Unexpected value read binr.ReadUInt16()");

    twobytes = binr.ReadUInt16();
    if (twobytes != 0x0102)
    throw new Exception("Unexpected version");

    bt = binr.ReadByte();
    if (bt != 0x00)
    throw new Exception("Unexpected value read binr.ReadByte()");

    RSAparams.Modulus = binr.ReadBytes(GetIntegerSize(binr));
    RSAparams.Exponent = binr.ReadBytes(GetIntegerSize(binr));
    RSAparams.D = binr.ReadBytes(GetIntegerSize(binr));
    RSAparams.P = binr.ReadBytes(GetIntegerSize(binr));
    RSAparams.Q = binr.ReadBytes(GetIntegerSize(binr));
    RSAparams.DP = binr.ReadBytes(GetIntegerSize(binr));
    RSAparams.DQ = binr.ReadBytes(GetIntegerSize(binr));
    RSAparams.InverseQ = binr.ReadBytes(GetIntegerSize(binr));
    }

    RSA.ImportParameters(RSAparams);
    return RSA;
    }

    private int GetIntegerSize(BinaryReader binr)
    {
    byte bt = 0;
    byte lowbyte = 0x00;
    byte highbyte = 0x00;
    int count = 0;
    bt = binr.ReadByte();
    if (bt != 0x02)
    return 0;
    bt = binr.ReadByte();

    if (bt == 0x81)
    count = binr.ReadByte();
    else
    if (bt == 0x82)
    {
    highbyte = binr.ReadByte();
    lowbyte = binr.ReadByte();
    byte[] modint = { lowbyte, highbyte, 0x00, 0x00 };
    count = BitConverter.ToInt32(modint, 0);
    }
    else
    {
    count = bt;
    }

    while (binr.ReadByte() == 0x00)
    {
    count -= 1;
    }
    binr.BaseStream.Seek(-1, SeekOrigin.Current);
    return count;
    }

    private RSACryptoServiceProvider CreateRsaProviderFromPublicKey(string publicKeyString)
    {
    // encoded OID sequence for PKCS #1 rsaEncryption szOID_RSA_RSA = "1.2.840.113549.1.1.1"
    byte[] SeqOID = { 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00 };
    byte[] x509key;
    byte[] seq = new byte[15];
    int x509size;

    x509key = Convert.FromBase64String(publicKeyString);
    x509size = x509key.Length;

    // --------- Set up stream to read the asn.1 encoded SubjectPublicKeyInfo blob ------
    using (MemoryStream mem = new MemoryStream(x509key))
    {
    using (BinaryReader binr = new BinaryReader(mem)) //wrap Memory Stream with BinaryReader for easy reading
    {
    byte bt = 0;
    ushort twobytes = 0;

    twobytes = binr.ReadUInt16();
    if (twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81)
    binr.ReadByte(); //advance 1 byte
    else if (twobytes == 0x8230)
    binr.ReadInt16(); //advance 2 bytes
    else
    return null;

    seq = binr.ReadBytes(15); //read the Sequence OID
    if (!CompareBytearrays(seq, SeqOID)) //make sure Sequence for OID is correct
    return null;

    twobytes = binr.ReadUInt16();
    if (twobytes == 0x8103) //data read as little endian order (actual data order for Bit String is 03 81)
    binr.ReadByte(); //advance 1 byte
    else if (twobytes == 0x8203)
    binr.ReadInt16(); //advance 2 bytes
    else
    return null;

    bt = binr.ReadByte();
    if (bt != 0x00) //expect null byte next
    return null;

    twobytes = binr.ReadUInt16();
    if (twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81)
    binr.ReadByte(); //advance 1 byte
    else if (twobytes == 0x8230)
    binr.ReadInt16(); //advance 2 bytes
    else
    return null;

    twobytes = binr.ReadUInt16();
    byte lowbyte = 0x00;
    byte highbyte = 0x00;

    if (twobytes == 0x8102) //data read as little endian order (actual data order for Integer is 02 81)
    lowbyte = binr.ReadByte(); // read next bytes which is bytes in modulus
    else if (twobytes == 0x8202)
    {
    highbyte = binr.ReadByte(); //advance 2 bytes
    lowbyte = binr.ReadByte();
    }
    else
    return null;
    byte[] modint = { lowbyte, highbyte, 0x00, 0x00 }; //reverse byte order since asn.1 key uses big endian order
    int modsize = BitConverter.ToInt32(modint, 0);

    int firstbyte = binr.PeekChar();
    if (firstbyte == 0x00)
    { //if first byte (highest order) of modulus is zero, don't include it
    binr.ReadByte(); //skip this null byte
    modsize -= 1; //reduce modulus buffer size by 1
    }

    byte[] modulus = binr.ReadBytes(modsize); //read the modulus bytes

    if (binr.ReadByte() != 0x02) //expect an Integer for the exponent data
    return null;
    int expbytes = (int)binr.ReadByte(); // should only need one byte for actual exponent data (for all useful values)
    byte[] exponent = binr.ReadBytes(expbytes);

    // ------- create RSACryptoServiceProvider instance and initialize with public key -----
    RSACryptoServiceProvider RSA = new RSACryptoServiceProvider();
    RSAParameters RSAKeyInfo = new RSAParameters();
    RSAKeyInfo.Modulus = modulus;
    RSAKeyInfo.Exponent = exponent;
    RSA.ImportParameters(RSAKeyInfo);

    return RSA;
    }

    }
    }

    private bool CompareBytearrays(byte[] a, byte[] b)
    {
    if (a.Length != b.Length)
    return false;
    int i = 0;
    foreach (byte c in a)
    {
    if (c != b[i])
    return false;
    i++;
    }
    return true;
    }
    }

    RSA密钥对生成工具---------http://web.chacuo.net/netrsakeypair

    请选用PKCS#1来生成公钥与私钥

  • 相关阅读:
    记CentOS-7-x86_64-DVD-1503与Windows7单硬盘双系统的安装
    NetCFSvcUtil.exe and Windows 7
    qq 通信原理(转)
    Qt通过odbc读取excel数据
    Qt中gb2312/GBK的URL编解码函数
    Qt将表格table保存为excel(odbc方式)
    Qt根据类名创建对象(元对象反射)
    亲试,Windows平台上使用Qt5.2.1编写Android
    使用正则表达式限制swing (JTextField等) 的输入
    Winform的"透明"
  • 原文地址:https://www.cnblogs.com/w1-y2-q5/p/11695070.html
Copyright © 2020-2023  润新知