RSA encryption algorithm is currently the most influential public key encryption algorithm, and it can resist the vast majority of cryptographic attacks known so far.
So what are the applications of RSA encryption algorithm? The following is an example of database authentication.
When using the data set for identity authentication, the password is stored in the database. If the password entered by the user during authentication is the same as the password in the database, the authentication will pass. If the database is cracked, it will pose a threat to the system. How to ensure system security? Here you can apply the RSA encryption algorithm to encrypt permissions.
Idea:
When transmitting the username and password in the URL, first flip the username and then encrypt it. For example, if the entered password is 12, the actual value encrypted in the background is 21, and then verified with the database. This will prevent the database from being cracked and you will see the encryption code of 21. When logging in to the system, you will not be able to log in successfully with 21.
Take the reporting software FineReport as an example. This is a reporting software that can read various databases and is divided into client and front-end display.
Implementation plan:
1. Place the third-party package used for RSA encryption in the project web-inf/lib folder.
2. Call js files
When the RSA folder is encrypted for front-end js, you need to call js files, so you need to put Barrett.js, BigInt.js, and RSA.js in the project directory, such as: WebReport/js, and create a new js file folder into the js file.
3. Define the RSA encryption class
Define the RSAUtil.java class file. First run the generateKeyPair() method in the class. A random RSAKey.txt file will be generated in the server's D drive, and the public key and key will be saved. Each visit This method will refresh the txt file once.
package com.fr.privilege;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import javax.crypto.Cipher;
/**
* RSA 工具类。提供加密,解密,生成密钥对等方法。
* 需要到http://www.bouncycastle.org下载bcprov-jdk14-123.jar。
*
*/
public class RSAUtil {
/**
* * 生成密钥对 *
*
* @return KeyPair *
* @throws EncryptException
*/
public static KeyPair generateKeyPair() throws Exception {
try {
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA",
new org.bouncycastle.jce.provider.BouncyCastleProvider());
final int KEY_SIZE = 1024;// 没什么好说的了,这个值关系到块加密的大小,可以更改,但是不要太大,否则效率会低
keyPairGen.initialize(KEY_SIZE, new SecureRandom());
KeyPair keyPair = keyPairGen.generateKeyPair();
saveKeyPair(keyPair);
return keyPair;
} catch (Exception e) {
throw new Exception(e.getMessage());
}
}
public static KeyPair getKeyPair() throws Exception {
FileInputStream fis = new FileInputStream("C:/RSAKey.txt");
ObjectInputStream oos = new ObjectInputStream(fis);
KeyPair kp = (KeyPair) oos.readObject();
oos.close();
fis.close();
return kp;
}
public static void saveKeyPair(KeyPair kp) throws Exception {
FileOutputStream fos = new FileOutputStream("C:/RSAKey.txt");
ObjectOutputStream oos = new ObjectOutputStream(fos);
// 生成密钥
oos.writeObject(kp);
oos.close();
fos.close();
}
/**
* * 生成公钥 *
*
* @param modulus *
* @param publicExponent *
* @return RSAPublicKey *
* @throws Exception
*/
public static RSAPublicKey generateRSAPublicKey(byte[] modulus,
byte[] publicExponent) throws Exception {
KeyFactory keyFac = null;
try {
keyFac = KeyFactory.getInstance("RSA",
new org.bouncycastle.jce.provider.BouncyCastleProvider());
} catch (NoSuchAlgorithmException ex) {
throw new Exception(ex.getMessage());
}
RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger(
modulus), new BigInteger(publicExponent));
try {
return (RSAPublicKey) keyFac.generatePublic(pubKeySpec);
} catch (InvalidKeySpecException ex) {
throw new Exception(ex.getMessage());
}
}
/**
* * 生成私钥 *
*
* @param modulus *
* @param privateExponent *
* @return RSAPrivateKey *
* @throws Exception
*/
public static RSAPrivateKey generateRSAPrivateKey(byte[] modulus,
byte[] privateExponent) throws Exception {
KeyFactory keyFac = null;
try {
keyFac = KeyFactory.getInstance("RSA",
new org.bouncycastle.jce.provider.BouncyCastleProvider());
} catch (NoSuchAlgorithmException ex) {
throw new Exception(ex.getMessage());
}
RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec(new BigInteger(
modulus), new BigInteger(privateExponent));
try {
return (RSAPrivateKey) keyFac.generatePrivate(priKeySpec);
} catch (InvalidKeySpecException ex) {
throw new Exception(ex.getMessage());
}
}
/**
* * 加密 *
*
* @param key
* 加密的密钥 *
* @param data
* 待加密的明文数据 *
* @return 加密后的数据 *
* @throws Exception
*/
public static byte[] encrypt(PublicKey pk, byte[] data) throws Exception {
try {
Cipher cipher = Cipher.getInstance("RSA",
new org.bouncycastle.jce.provider.BouncyCastleProvider());
cipher.init(Cipher.ENCRYPT_MODE, pk);
int blockSize = cipher.getBlockSize();// 获得加密块大小,如:加密前数据为128个byte,而key_size=1024
// 加密块大小为127
// byte,加密后为128个byte;因此共有2个加密块,第一个127
// byte第二个为1个byte
int outputSize = cipher.getOutputSize(data.length);// 获得加密块加密后块大小
int leavedSize = data.length % blockSize;
int blocksSize = leavedSize != 0 ? data.length / blockSize + 1
: data.length / blockSize;
byte[] raw = new byte[outputSize * blocksSize];
int i = 0;
while (data.length - i * blockSize > 0) {
if (data.length - i * blockSize > blockSize)
cipher.doFinal(data, i * blockSize, blockSize, raw, i
* outputSize);
else
cipher.doFinal(data, i * blockSize, data.length - i
* blockSize, raw, i * outputSize);
// 这里面doUpdate方法不可用,查看源代码后发现每次doUpdate后并没有什么实际动作除了把byte[]放到
// ByteArrayOutputStream中,而最后doFinal的时候才将所有的byte[]进行加密,可是到了此时加密块大小很可能已经超出了
// OutputSize所以只好用dofinal方法。
i++;
}
return raw;
} catch (Exception e) {
throw new Exception(e.getMessage());
}
}
/**
* * 解密 *
*
* @param key
* 解密的密钥 *
* @param raw
* 已经加密的数据 *
* @return 解密后的明文 *
* @throws Exception
*/
public static byte[] decrypt(PrivateKey pk, byte[] raw) throws Exception {
try {
Cipher cipher = Cipher.getInstance("RSA",
new org.bouncycastle.jce.provider.BouncyCastleProvider());
cipher.init(cipher.DECRYPT_MODE, pk);
int blockSize = cipher.getBlockSize();
ByteArrayOutputStream bout = new ByteArrayOutputStream(64);
int j = 0;
while (raw.length - j * blockSize > 0) {
bout.write(cipher.doFinal(raw, j * blockSize, blockSize));
j++;
}
return bout.toByteArray();
} catch (Exception e) {
throw new Exception(e.getMessage());
}
}
/**
* * *
*
* @param args *
* @throws Exception
*/
public static void main(String[] args) throws Exception {
RSAPublicKey rsap = (RSAPublicKey) RSAUtil.generateKeyPair()
.getPublic();
String test = "hello world";
byte[] en_test = encrypt(getKeyPair().getPublic(), test.getBytes());
System.out.println("123:" + new String(en_test));
byte[] de_test = decrypt(getKeyPair().getPrivate(), en_test);
System.out.println(new String(de_test));
}
}
4. Define the password verification class
Define the TestPasswordValidatorRSA.java password verification class
Define a class named TestPasswordValidatorRSA.java, extend it from AbstractPasswordValidator, rewrite the password verification method encodePassword, and first flip the entered password. Then encrypt and return the password for verification. The specific code is as follows:
package com.fr.privilege;
import com.fr.privilege.providers.dao.AbstractPasswordValidator;
public class TestPasswordValidatorRSA extends AbstractPasswordValidator{
//@Override
public String encodePassword( String clinetPassword) {
try {
//对密码进行翻转如输入ab翻转后为ba
StringBuffer sb = new StringBuffer();
sb.append(new String(clinetPassword));
String bb = sb.reverse().toString();
//进行加密
byte[] en_test = RSAUtil.encrypt(RSAUtil.getKeyPair().getPublic(),bb.getBytes());
//进行解密,如果数据库里面保存的是加密码,则此处不需要进行解密
byte[] de_test = RSAUtil.decrypt(RSAUtil.getKeyPair().getPrivate(),en_test);
//返回加密密码
clinetPassword=new String(de_test);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return clinetPassword; //即获取加密密码再与数据库密码匹配。
}
@Override
public boolean validatePassword(String arg0, String arg1) {
// TODO Auto-generated method stub
return false;
}
}5. Compile the class file
First compile the RSAUtil.java class file to generate the RSAKey.txt file on the server's D drive, and then compile the TestPasswordValidatorRSA.java class. The compiled class files are placed in the project project web-inf/classes/com/fr/privilege folder.
6. Login.jsp page settings
The client requests to the login page and randomly generates a string. This random string is used as the key encryption password, as follows:
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%@page import="com.fr.privilege.providers.dao.RSAUtil"%>
<%!public String Testmo() {
String module = "";
try {
java.security.interfaces.RSAPublicKey rsap = (java.security.interfaces.RSAPublicKey) RSAUtil
.getKeyPair().getPublic();
module = rsap.getModulus().toString(16);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return module;
}%>
<%!public String Testem() {
String empoent = "";
try {
java.security.interfaces.RSAPublicKey rsap = (java.security.interfaces.RSAPublicKey) RSAUtil
.getKeyPair().getPublic();
empoent = rsap.getPublicExponent().toString(16);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return empoent;
}%>
<html>
<head>
<script type="text/javascript"
src="ReportServer?op=emb&resource=finereport.js"></script>
<script type="text/javascript" src="js/RSA.js"></script>
<script type="text/javascript" src="js/BigInt.js"></script>
<script type="text/javascript" src="js/Barrett.js"></script>
<script type="text/javascript">
function bodyRSA()
{
setMaxDigits(130);
var a = "<%=Testmo()%>";
var b = "<%=Testem()%>";
key = new RSAKeyPair(b,"",a);
}
function doSubmit() {
bodyRSA();
var username = FR.cjkEncode(document.getElementById("username").value); //获取输入的用户名
var password = FR.cjkEncode(document.getElementById("password").value); //获取输入的参数
$.ajax({
url : "ReportServer?op=auth_login&fr_username=" + username + "&fr_password=" + password, //将用户名和密码发送到报表认证地址op=auth_login
data : {__redirect__ : 'false'},
complete : function(res) {
var jo = FR.jsonDecode(res.responseText);
if(jo.url) {
window.location=jo.url+ "&_=" + new Date().getTime(); //认证成功跳转页面,因为ajax不支持重定向所有需要跳转的设置
}
else{
alert("用户名密码错误!") //认证失败
}
}
})
}
</script>
</head>
<body>
<p>
请登录
</p>
<form name="login" method="POST">
<p>
用户名:
<input id="username" type="text" />
</p>
<p>
密 码:
<input id="password" type="password" />
</p>
<input type="button" value="登录" onclick="doSubmit()" />
</form>
</body>
</html>
Javascript Data Types : Is there any difference between Browser and NodeJs?May 14, 2025 am 12:15 AMJavaScript core data types are consistent in browsers and Node.js, but are handled differently from the extra types. 1) The global object is window in the browser and global in Node.js. 2) Node.js' unique Buffer object, used to process binary data. 3) There are also differences in performance and time processing, and the code needs to be adjusted according to the environment.
JavaScript Comments: A Guide to Using // and /* */May 13, 2025 pm 03:49 PMJavaScriptusestwotypesofcomments:single-line(//)andmulti-line(//).1)Use//forquicknotesorsingle-lineexplanations.2)Use//forlongerexplanationsorcommentingoutblocksofcode.Commentsshouldexplainthe'why',notthe'what',andbeplacedabovetherelevantcodeforclari
Python vs. JavaScript: A Comparative Analysis for DevelopersMay 09, 2025 am 12:22 AMThe main difference between Python and JavaScript is the type system and application scenarios. 1. Python uses dynamic types, suitable for scientific computing and data analysis. 2. JavaScript adopts weak types and is widely used in front-end and full-stack development. The two have their own advantages in asynchronous programming and performance optimization, and should be decided according to project requirements when choosing.
Python vs. JavaScript: Choosing the Right Tool for the JobMay 08, 2025 am 12:10 AMWhether to choose Python or JavaScript depends on the project type: 1) Choose Python for data science and automation tasks; 2) Choose JavaScript for front-end and full-stack development. Python is favored for its powerful library in data processing and automation, while JavaScript is indispensable for its advantages in web interaction and full-stack development.
Python and JavaScript: Understanding the Strengths of EachMay 06, 2025 am 12:15 AMPython and JavaScript each have their own advantages, and the choice depends on project needs and personal preferences. 1. Python is easy to learn, with concise syntax, suitable for data science and back-end development, but has a slow execution speed. 2. JavaScript is everywhere in front-end development and has strong asynchronous programming capabilities. Node.js makes it suitable for full-stack development, but the syntax may be complex and error-prone.
JavaScript's Core: Is It Built on C or C ?May 05, 2025 am 12:07 AMJavaScriptisnotbuiltonCorC ;it'saninterpretedlanguagethatrunsonenginesoftenwritteninC .1)JavaScriptwasdesignedasalightweight,interpretedlanguageforwebbrowsers.2)EnginesevolvedfromsimpleinterpreterstoJITcompilers,typicallyinC ,improvingperformance.
JavaScript Applications: From Front-End to Back-EndMay 04, 2025 am 12:12 AMJavaScript can be used for front-end and back-end development. The front-end enhances the user experience through DOM operations, and the back-end handles server tasks through Node.js. 1. Front-end example: Change the content of the web page text. 2. Backend example: Create a Node.js server.
Python vs. JavaScript: Which Language Should You Learn?May 03, 2025 am 12:10 AMChoosing Python or JavaScript should be based on career development, learning curve and ecosystem: 1) Career development: Python is suitable for data science and back-end development, while JavaScript is suitable for front-end and full-stack development. 2) Learning curve: Python syntax is concise and suitable for beginners; JavaScript syntax is flexible. 3) Ecosystem: Python has rich scientific computing libraries, and JavaScript has a powerful front-end framework.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Atom editor mac version download
The most popular open source editor
WebStorm Mac version
Useful JavaScript development tools
SublimeText3 English version
Recommended: Win version, supports code prompts!
Dreamweaver Mac version
Visual web development tools
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
