方式一(加密解密):
1.前端
(1)安装 crypto-js
npm install crypto-js
(2)util下创建asc.js
asc.js
import CryptoJS from 'crypto-js'
// 需要和后端一致
const KEY = CryptoJS.enc.Utf8.parse('genePiCloudSecre');
const IV = CryptoJS.enc.Utf8.parse('genePiCloudSecre');
export default {
/**
* 加密
* @param {*} word
* @param {*} keyStr
* @param {*} ivStr
*/
encrypt (word, keyStr, ivStr) {
let key = KEY;
let iv = IV;
if (keyStr) {
key = CryptoJS.enc.Utf8.parse(keyStr);
iv = CryptoJS.enc.Utf8.parse(ivStr);
}
let srcs = CryptoJS.enc.Utf8.parse(word);
var encrypted = CryptoJS.AES.encrypt(srcs, key, {
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.ZeroPadding
});
return CryptoJS.enc.Base64.stringify(encrypted.ciphertext);
},
/**
* 解密
* @param {*} word
* @param {*} keyStr
* @param {*} ivStr
*/
decrypt (word, keyStr, ivStr) {
let key = KEY;
let iv = IV;
if (keyStr) {
key = CryptoJS.enc.Utf8.parse(keyStr);
iv = CryptoJS.enc.Utf8.parse(ivStr);
}
let base64 = CryptoJS.enc.Base64.parse(word);
let src = CryptoJS.enc.Base64.stringify(base64);
let decrypt = CryptoJS.AES.decrypt(src, key, {
iv: iv,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.ZeroPadding
});
let decryptedStr = decrypt.toString(CryptoJS.enc.Utf8);
return decryptedStr.toString();
}
}
(3)页面引用
import asc from '@/utils/asc';
/** 提交按钮 */
submitForm() {
this.$refs["form"].validate(valid => {
if (valid) {
this.form.content = asc.encrypt(this.form.content,null,null);//加密
}
});
},
2.后端
(1)SecurityUtils
/**
* 安全服务工具类
*
* @author ruoyi
*/
public class SecurityUtils {
/***
* key和iv值需要和前端一致
*/
public static final String KEY = "genePiCloudSecre";
public static final String IV = "genePiCloudSecre";
/**
* 加密方法
*
* @param data 要加密的数据
* @param key 加密key
* @param iv 加密iv
* @return 加密的结果
*/
public static String encrypt(String data, String key, String iv) {
if (StringUtils.isBlank(key)){
key=KEY;
iv=IV;
}
try {
//"算法/模式/补码方式"NoPadding PkcsPadding
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
int blockSize = cipher.getBlockSize();
byte[] dataBytes = data.getBytes();
int plaintextLength = dataBytes.length;
if (plaintextLength % blockSize != 0) {
plaintextLength = plaintextLength + (blockSize - (plaintextLength % blockSize));
}
byte[] plaintext = new byte[plaintextLength];
System.arraycopy(dataBytes, 0, plaintext, 0, dataBytes.length);
SecretKeySpec keyspec = new SecretKeySpec(key.getBytes(), "AES");
IvParameterSpec ivspec = new IvParameterSpec(iv.getBytes());
cipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec);
byte[] encrypted = cipher.doFinal(plaintext);
return new Base64().encodeToString(encrypted);
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
/**
* 解密方法
*
* @param data 要解密的数据
* @param key 解密key
* @param iv 解密iv
* @return 解密的结果
*/
public static String desEncrypt(String data, String key, String iv) {
if (StringUtils.isBlank(key)){
key=KEY;
iv=IV;
}
try {
byte[] encrypted1 = new Base64().decode(data);
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "AES");
IvParameterSpec ivSpec = new IvParameterSpec(iv.getBytes());
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
byte[] original = cipher.doFinal(encrypted1);
return new String(original).trim();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
}
(2)使用
/**
* 新增学生信息测试
*/
@PostMapping
public AjaxResult add(@RequestBody TStudentTest tStudentTest) {
tStudentTest.setContent(SecurityUtils.desEncrypt(tStudentTest.getContent(), null, null));
return toAjax(tStudentTestService.save(tStudentTest));
}
/**
* 修改学生信息测试
*/
@PutMapping
public AjaxResult edit(@RequestBody TStudentTest tStudentTest) {
tStudentTest.setContent(SecurityUtils.desEncrypt(tStudentTest.getContent(), null, null));
return toAjax(tStudentTestService.updateById(tStudentTest));
}
![[漏洞复现]泛微e-mobile cdnfile文件读取漏洞分析复现](https://i-blog.csdnimg.cn/direct/7266ee7d68584fce91140b7d4855c1fb.png)
