Springmvc encrypting a form using the RSA algorithm

Today is spit slot in the client with JS password MD5 encryption in fact, it is not necessarily safe. This kind of practice does not have any effect, learn the computer network all know, catch a bag on the net is very simple thing, even if others catch the bag to catch your original password, with this MD5 password can imitate login system. This is nothing more than directly through the login page can not directly enter the user name password, but using a program to simulate landing is not too difficult things. It has been written so much, has not been noticed, until today to be spit groove, only to find out how naïve their own practice.

The way to encrypt data, of course, more than one, can also encrypt data through HTTPS, but for general applications, but also need to pay for those certification bodies signed, anyway, I will not do, enterprises need to say otherwise. Let the certification body signed still not, also need to let the user install the certificate, so troublesome thing, the user does not have to browse your webpage, your webpage is to go to a show opportunity, and after all, not all users have so high level of computer operation.

The use of RSA Asymmetric encryption algorithm is most suitable for me, and no money, and more secure. Symmetric encryption Perhaps everyone is already familiar with, that is, encryption and decryption with the same key, without the key, it cannot be decrypted, this is symmetric encryption. In an asymmetric encryption algorithm, the key used for encryption is not the same as the key used to decrypt it: You use my public key to encrypt, I use my private key to decrypt it, and if you don't encrypt it with my public key, I can't decrypt it, and if I don't have a private key, I can't decrypt it.

An approximate process for using RSA:

1. Browser Initiating login Request

2. The server responds to the request, generates the RSA public and private key, and returns the public key to the browser

3. After the user enters the password, encrypts the password with the public key

4. Submit the encrypted password to the server

5. Use the private key to decrypt the password

The main considerations for using the RSA algorithm are:

1, add Security.js js file, and add a Bcprov-jdk16-1.45.jar package

2. Front-end

<script src= "<c:url value="/js/security.js "/>" type= "Text/javascript" ></script>    <script Type= "Text/javascript" >        function  cmdencrypt (form) {            rsautils.setmaxdigits ($);             varnew Rsautils.getkeypair ("${pubexponent}", "", "${pubmodules}");                          var encrypedpwd = rsautils.encryptedstring (key,form.password.value);               = encrypedpwd;            Form.submit ();             return true ;         </script>

3. Server

@RequestMapping (value= "/login", method=requestmethod.get) PublicString Login (Model model,httpservletrequest request)throwsexception{KeyPair KP=Rsautil.generatekeypair (); Rsapublickey PUBK= (Rsapublickey) kp.getpublic ();//generate public KeyRsaprivatekey prik= (Rsaprivatekey) kp.getprivate ();//Generate private keyString publickeyexponent = Pubk.getpublicexponent (). toString (16);//16 binaryString publickeymodulus = Pubk.getmodulus (). toString (16);//16 binaryModel.addattribute ("Pubexponent", publickeyexponent);//Save Public Key indexModel.addattribute ("Pubmodules", Publickeymodulus);//saving public key coefficientsRequest.getsession (). SetAttribute ("Prik", Prik); return"Login"; }

@RequestMapping (value= "/login", method=requestmethod.post) PublicString Login (Loginmodel lm,httpservletrequest request,model Model)throwsexception{
Rsaprivatekey Prik= (Rsaprivatekey) request.getsession (). getattribute ("Prik"); StringBuilder pwd=NewStringBuilder (); Pwd.append (Rsautil.decryptbyprivatekey (Lm.getpassword () toUpperCase (), Prik)). reverse ();//invert the obtained stringlist<user> users =Userservice.getbyloginname (Lm.getloginname (), pwd.tostring ()); Model.addattribute ("User", Users.get (0)); return"Redirect:/home/main";}

   The above files can be downloaded here
This is a personal experience, and there are mistakes that you are welcome to point out.

Springmvc encrypting a form using the RSA algorithm