在 WebApp 中加密密码
Encrypt passwords in a WebApp
我正在使用 JavaEE (Servlets + JSP) 开发 WebApp。
当我想在我的应用程序中写入一些密码时,例如 SMTP 密码,我发现了一个问题。在调试时,我已经将它写在代码中或属性文件中,但我想以某种方式加密它们。
我在开发阶段做了什么:
private static final String SMTP_PASS = "my_pass";
我该怎么做?任何 ideas/examples?
private static final String SMTP_PASS = "my_pass_identifier"; //here my_pass_identifier is not the actual password its just an identifier to identify the SMTP password
创建一个属性文件,以 key/val 对的形式以加密形式存储密码。请注意,您可以使用下面提到的 EncryptDecrypt class 加密密码,并在属性文件
中传递加密后的密码
SMTP_PASS = nPDHgg/DYzcL2+HsvYZruw==javaxMQyYxBZUsf7c0gh+vkisQA==javax0w+9tvuLzY04TA5FyTVSPw==
创建一个 class CredentialUtilities,它将通过读取 password.properties 文件来解密密码
public class CredentialUtilities {
static PasswordEncrypt pe = new PasswordEncrypt();
public static String getCredentials(String identifier) throws Exception{
String credential = "";
Properties prop = new Properties();
InputStream input = null;
try {
String filename = "password.properties";
input = CredentialUtilities.class.getClassLoader().getResourceAsStream(filename);
prop.load(input);
String property = prop.getProperty(identifier);
credential = pe.decrypt(property);
} catch (IOException ex) {
ex.printStackTrace();
} finally{
if(input!=null){
try {
input.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
return credential;
}
}
创建一个 class,它将 Encrypt/Decrypt 你的密码
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
public class EncryptDecrypt {
public static String ALGORITHM = "AES";
private static String AES_CBS_PADDING = "AES/CBC/PKCS5Padding";
private static int AES_128 = 128;
private static byte[] encryptDecrypt(final int mode, final byte[] key, final byte[] IV, final byte[] message)
throws Exception {
final Cipher cipher = Cipher.getInstance(AES_CBS_PADDING);
final SecretKeySpec keySpec = new SecretKeySpec(key, ALGORITHM);
final IvParameterSpec ivSpec = new IvParameterSpec(IV);
cipher.init(mode, keySpec, ivSpec);
return cipher.doFinal(message);
}
public static Map<String, SecretKey> keyGenerator() throws NoSuchAlgorithmException{
Map<String, SecretKey> map = new HashMap<String, SecretKey>();
KeyGenerator keyGenerator = KeyGenerator.getInstance(EncryptDecrypt.ALGORITHM);
keyGenerator.init(AES_128);
SecretKey key = keyGenerator.generateKey();
map.put("key", key);
SecretKey IV = keyGenerator.generateKey();
map.put("iv", IV);
return map;
}
public static String encrypt(String message) throws Exception{
Map<String , SecretKey> map = keyGenerator();
SecretKey key = map.get("key");
SecretKey IV = map.get("iv");
byte[] cipherText = encryptDecrypt(Cipher.ENCRYPT_MODE, key.getEncoded(), IV.getEncoded(), message.getBytes());
String encrypted_message = Base64.getEncoder().encodeToString(cipherText);
String encodedKey = Base64.getEncoder().encodeToString(map.get("key").getEncoded());
String encodedIV = Base64.getEncoder().encodeToString(map.get("iv").getEncoded());
return encrypted_message+"javax"+encodedIV+"javax"+encodedKey;
}
public static String decrypt(String encryptedMessage) throws Exception{
String[] result = encryptedMessage.split("javax");
byte[] decodedIV = Base64.getDecoder().decode(result[1]);
byte[] decodedKey = Base64.getDecoder().decode(result[2]);
byte[] cipher_text = Base64.getDecoder().decode(result[0]);
SecretKey IV = new SecretKeySpec(decodedIV, 0, decodedIV.length, "AES");
SecretKey key = new SecretKeySpec(decodedKey, 0, decodedKey.length, "AES");
byte[] decryptedString = encryptDecrypt(Cipher.DECRYPT_MODE, key.getEncoded(), IV.getEncoded(), cipher_text);
String decryptedMessage = new String(decryptedString);
return decryptedMessage;
}
public static void main(String[] args) throws Exception {
EncryptDecrypt cu = new EncryptDecrypt();
String encryptedmessage = cu.encrypt("usrpswd");
System.out.println(encryptedmessage);
String decryptedMessage = cu.decrypt(encryptedmessage);
System.out.println(decryptedMessage);
}
}
您现在可以随时随地获取解密后的密码。
String SMTP_PASSWORD = new CredentialUtilities().getCredentials(SMTP_PASS);
我正在使用 JavaEE (Servlets + JSP) 开发 WebApp。
当我想在我的应用程序中写入一些密码时,例如 SMTP 密码,我发现了一个问题。在调试时,我已经将它写在代码中或属性文件中,但我想以某种方式加密它们。
我在开发阶段做了什么:
private static final String SMTP_PASS = "my_pass";
我该怎么做?任何 ideas/examples?
private static final String SMTP_PASS = "my_pass_identifier"; //here my_pass_identifier is not the actual password its just an identifier to identify the SMTP password
创建一个属性文件,以 key/val 对的形式以加密形式存储密码。请注意,您可以使用下面提到的 EncryptDecrypt class 加密密码,并在属性文件
中传递加密后的密码SMTP_PASS = nPDHgg/DYzcL2+HsvYZruw==javaxMQyYxBZUsf7c0gh+vkisQA==javax0w+9tvuLzY04TA5FyTVSPw==
创建一个 class CredentialUtilities,它将通过读取 password.properties 文件来解密密码
public class CredentialUtilities {
static PasswordEncrypt pe = new PasswordEncrypt();
public static String getCredentials(String identifier) throws Exception{
String credential = "";
Properties prop = new Properties();
InputStream input = null;
try {
String filename = "password.properties";
input = CredentialUtilities.class.getClassLoader().getResourceAsStream(filename);
prop.load(input);
String property = prop.getProperty(identifier);
credential = pe.decrypt(property);
} catch (IOException ex) {
ex.printStackTrace();
} finally{
if(input!=null){
try {
input.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
return credential;
}
}
创建一个 class,它将 Encrypt/Decrypt 你的密码
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
public class EncryptDecrypt {
public static String ALGORITHM = "AES";
private static String AES_CBS_PADDING = "AES/CBC/PKCS5Padding";
private static int AES_128 = 128;
private static byte[] encryptDecrypt(final int mode, final byte[] key, final byte[] IV, final byte[] message)
throws Exception {
final Cipher cipher = Cipher.getInstance(AES_CBS_PADDING);
final SecretKeySpec keySpec = new SecretKeySpec(key, ALGORITHM);
final IvParameterSpec ivSpec = new IvParameterSpec(IV);
cipher.init(mode, keySpec, ivSpec);
return cipher.doFinal(message);
}
public static Map<String, SecretKey> keyGenerator() throws NoSuchAlgorithmException{
Map<String, SecretKey> map = new HashMap<String, SecretKey>();
KeyGenerator keyGenerator = KeyGenerator.getInstance(EncryptDecrypt.ALGORITHM);
keyGenerator.init(AES_128);
SecretKey key = keyGenerator.generateKey();
map.put("key", key);
SecretKey IV = keyGenerator.generateKey();
map.put("iv", IV);
return map;
}
public static String encrypt(String message) throws Exception{
Map<String , SecretKey> map = keyGenerator();
SecretKey key = map.get("key");
SecretKey IV = map.get("iv");
byte[] cipherText = encryptDecrypt(Cipher.ENCRYPT_MODE, key.getEncoded(), IV.getEncoded(), message.getBytes());
String encrypted_message = Base64.getEncoder().encodeToString(cipherText);
String encodedKey = Base64.getEncoder().encodeToString(map.get("key").getEncoded());
String encodedIV = Base64.getEncoder().encodeToString(map.get("iv").getEncoded());
return encrypted_message+"javax"+encodedIV+"javax"+encodedKey;
}
public static String decrypt(String encryptedMessage) throws Exception{
String[] result = encryptedMessage.split("javax");
byte[] decodedIV = Base64.getDecoder().decode(result[1]);
byte[] decodedKey = Base64.getDecoder().decode(result[2]);
byte[] cipher_text = Base64.getDecoder().decode(result[0]);
SecretKey IV = new SecretKeySpec(decodedIV, 0, decodedIV.length, "AES");
SecretKey key = new SecretKeySpec(decodedKey, 0, decodedKey.length, "AES");
byte[] decryptedString = encryptDecrypt(Cipher.DECRYPT_MODE, key.getEncoded(), IV.getEncoded(), cipher_text);
String decryptedMessage = new String(decryptedString);
return decryptedMessage;
}
public static void main(String[] args) throws Exception {
EncryptDecrypt cu = new EncryptDecrypt();
String encryptedmessage = cu.encrypt("usrpswd");
System.out.println(encryptedmessage);
String decryptedMessage = cu.decrypt(encryptedmessage);
System.out.println(decryptedMessage);
}
}
您现在可以随时随地获取解密后的密码。
String SMTP_PASSWORD = new CredentialUtilities().getCredentials(SMTP_PASS);