rsa-based Web front-end password encryption scheme

Source: Internet
Author: User
Tags asymmetric encryption

Subject to the Web page source code exposure, so the traditional symmetric encryption scheme and encryption key will be exposed in the JS file, the same can be decrypted.

At present, the better solution is to use HTTPS for the entire Web page or user login and other key links.

Another solution is to encrypt through Rsa.

RSA is an asymmetric encryption, that is, the client encrypts through the public key, and the server decrypts it through the private key . RSA algorithm Please click on Baidu Encyclopedia to Understand.

This means that the public key is not decrypted, so it is safe to transmit in Plaintext.

1. Encryption Process

The server generates a set of public and private keys, sends the public key to the client for password encryption, and decrypts it with the Key.

2. Key Generation (NodeJs)

Use Node-rsa primarily to generate RSA public and private keys:

1 import nodersa from ' Node-rsa '; 2  3 Let key=new nodersa ({b:512}); 4 Let Publicder=key.exportkey (' pkcs8-public '); 5 Let Privateder=key.exportkey (' pkcs8-private ');

In general, when the server starts, you can generate a set of keys, and cache them for easy subsequent decryption use!

3. Password encryption (browser Side)

After the client receives the public key, the password is encrypted before the form is submitted:

1Import Nodersa from ' Node-rsa ';2 3 4 varEncryptstr=function(password) {5Let Clientkey =NewNodersa ({b:512});6    varpublickey=localstorage.publickey;//the public key received from the server, cached to the local7 Clientkey.importkey (publickey);8Let encrypted = Clientkey.encrypt (password, ' base64 ');9    returnencrypted;Ten}

The questions to note are:

The client introduces the Node-rsa library to the relative increase of JS file volume, Please be careful to compress the code before going online or replace other smaller RSA class Libraries.

4. Password Decryption (NodeJS)

After a client request is received by the server, the encrypted password is decrypted by the generated private key:

1Import Nodersa from ' Node-rsa ';2 3 4 5Let decryptstr=function(){6Let key=NewNodersa ({b:512});7Let Privateder=await Util.getcache ("rsa.privatecache");//read private key from cache8     if(util.isempty (privateder)) {9Console.log ("get RSA private key Failed!!"));Ten         return NULL; one     } a Key.importkey (privateder); -     if(!key.isprivate ()) {//Verify that the private key is correct -Console.log ("import RSA private key Failed!!")); the         return NULL; -     } -     returnKey.decrypt (pwd, ' UTF8 ');//decryption - } +  

rsa-based Web front-end password encryption scheme

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.