Login using MD5 or base64 God horse encryption is not reliable, was caught or can be simulated login, basically no use, can say better than not ...
Next, we introduce how to use asymmetric encryption, the process of asymmetric encryption is the same as the HTTPS encryption principle, my process is as follows:
A. Generate the public and private keys on the login page, and the private key exists in sesion
B. Public key for front-end pages to encrypt data
C. Transfer data to the background, the background from the session to get the private key, and then decrypt the data, the session of the private key deleted
The following is a simple record of the implementation process, the implementation of the specific tool class Rsautils.java is not here to elaborate.
1. Generate the public and private keys in the JSP and place the public key in the session:
hashmap<string, object> map = Rsautils.getkeys (); Generate the public and private keys rsapublickey PublicKey = (rsapublickey) map.get ("publicly"); Rsaprivatekey Privatekey = (rsaprivatekey) map.get ("private"); The private key is stored in the session and is used to decrypt the session.setattribute ("Privatekey", Privatekey); The public key information is saved on the page and is used to encrypt String publickeyexponent = Publickey.getpublicexponent (). toString (+); String publickeymodulus = Publickey.getmodulus (). toString (+); Request.setattribute ("Publickeyexponent", publickeyexponent); Request.setattribute ("Publickeymodulus", Publickeymodulus);
2, the data encryption, the use of the front-end JS tools encapsulated in the rsa.js, to be introduced to the page.
Rsautils.setmaxdigits ($); var key = new Rsautils.getkeypair ("${publickeyexponent}", "", "${publickeymodulus}"); var encrypedpwd = rsautils.encryptedstring (Key,orgpwd.split (""). Reverse (). Join (""));
Where Orgpwd is the original data, here is my password.
3, the background docking received data to decrypt.
String password=request.getparameter ("password");
<span style= "White-space:pre" ></span>rsaprivatekey Privatekey = (rsaprivatekey) request.getSession (). GetAttribute ("Privatekey"), if (privatekey!=null) {Long time1 = System.currenttimemillis ();p assword = Rsautils.decryptbyprivatekey (password, privatekey); Log.info ("Decrypt Cost Time:" + (Double) ( System.currenttimemillis ()-time1)/1000d) + "s"); Request.getsession (). RemoveAttribute ("Privatekey");}
Special Note: Rsautils.java in the use of Org.bouncycastle.jce.provider.BouncyCastleProvider, deployed on the server to do the following two configuration:
A. Modify the/jre/lib/security/java.security in the JDK directory to add the following configuration:
B. Place the Bcprov-jdk16-146.jar under/jre/lib/ext in the JDK directory.
Debugging in Eclipse is not required, but it needs to be deployed on the server, remember!
Attachment:
1. Rsa.js Http://pan.baidu.com/s/1ntr99LR
2.rsautils.java http://pan.baidu.com/s/1o6l1Wnw
3.bcprov-jdk16-146.jar Http://pan.baidu.com/s/1i3EIw0P
Java Web Login with Asymmetric encryption (RSA algorithm)