MyBatis-Plus加密字段查询(密文检索)

news2024/9/21 12:36:01

MyBatis-Plus数据安全保护(加密解密)

解释说明

1.字段加密后，数据库存储的字段内容为十六进制格式的密文

2.条件查询时，若不对密文进行处理将无法匹配出想要的结果

3.处理方式是借助SQL的AES_DECRYPT函数将密文解密后匹配

4.SQL的解密函数只有AES_DECRYPT，条件查询只适用AES加密☆☆☆☆☆

密文检索

加密前：
{
	"md532": "md532",
	"md516": "md516",
	"base64": "base64",
	"aes": "我是中国人，我热爱我的祖国",
	"rsa": "rsa",
	"sm2": "sm2",
	"sm3": "sm3",
	"sm4": "sm4",
	"pbewithmd5anddes": "pbewithmd5anddes",
	"pbewithmd5andtripledes": "pbewithmd5andtripledes",
	"pbewithhmacsha512andaes256": "pbewithhmacsha512andaes256",
	"pbewithsha1anddesede": "pbewithsha1anddesede",
	"pbewithsha1andrc240": "pbewithsha1andrc240"
}
 
注意：调用控制器接口向数据库插入数据

加密后：
{
    "id": "1614832069533679617",
	"md532": "0ed5449e148dfaac16d1247667d62554",
	"md516": "838026c17d7ac626",
	"base64": "YmFzZTY0",
	"aes": "7d95a0541bc434fd44f39aac75b56255e948435c9d369b15c9cd5beac979c8fff4f570f57544de6bd7015fc012e36f18",
	"rsa": "FqVQIe05Q/usNmZZWA9omCf63WYbhT7z4Qsrpvr+RsWv70vV3hVK5sV1/HZvQL6uI9pU0dkdPDEwIzn0DCJIoVKCW3l7fubdOkjOgaqxv5tIdcLmZFl9XivzA6sDhSIzitFLAj4OJu2HgbF1fNDoVEdYqAD7BEMeNeCyQYyjNQk=",
	"sm2": "sm2",
	"sm3": "d0c7f21dc640a69786764d688920d4d968a103a437a6159b9e7cc7c4b826b8ac",
	"sm4": "sm4",
	"pbewithmd5anddes": "q30eLvs6615ATdqtscdIpSdZLgC+vg1/+8mLzeD2INo=",
	"pbewithmd5andtripledes": "PjjKX2OkRE2D/mz3UZLTXXAsLkjuAk6rF8l4WVz/CaE=",
	"pbewithhmacsha512andaes256": "N5GESK0bGjLsJGO4DadbUMNzPo6ov/svzNHCZg0S4gmrsMLSDMLHDO/6ZrPNsYhpBTR53Xmksi9fxwSU5ScshQ==",
	"pbewithsha1anddesede": "1kGvVHNUKDbwYG1ZnLhaK2QPre3jFddM3tB6MQETzwE=",
	"pbewithsha1andrc240": "my9MZrkBSRtwgV6/MjAjwug7HB/lKHTMzmZJeUOrCQY="
}
 
注意：数据库存储内容为密文，主要观察aes

QueryWrapper查询

@GetMapping("/getAll")
public List<Encrypt> getAll() {
    List<Encrypt> encrypts = encrtptService.list(new QueryWrapper<Encrypt>().like("AES_DECRYPT(UNHEX(AES), 'mybatis-mate-encryptor-password-666')", "中国人"));
    return encrtptService.list();
}

注意：UNHEX(AES)其中AES为条件查询的数据表列名，'mybatis-mate-encryptor-password-666'为YML配置的秘钥mybatis-mate.encryptor.password

SQL打印分析：
Execute SQL：SELECT id,MD5_32,MD5_16,BASE64,AES,RSA,SM2,SM3,SM4,PBEWithMD5AndDES,PBEWithMD5AndTripleDES,PBEWithHMACSHA512AndAES_256,PBEWithSHA1AndDESede,PBEWithSHA1AndRC2_40 FROM encrypt WHERE (AES_DECRYPT(UNHEX(AES), 'mybatis-mate-encryptor-password-666') LIKE '%中国人%')