mysql加密解密函數AES_ENCRYPT與AES_DECRYPT
mysql下的加密函數有如下幾個
PASSWORD():創建一個經過加密的密碼字符串,適合於插入到MySQL的安全系
統。該加密過程不可逆,和unix密碼加密過程使用不同的算法。主要用於MySQL的認證系統。
ENCRYPT(,):使用UNIX crypt()系統加密字符串,ENCRYPT()函數接收要加密的字符串和(可選的)用於加密過程的salt(一個可以唯一確定口令的字符串,就像鑰匙一樣),注意,windows上不支持
ENCODE(,) DECODE(,):加密解密字符串。該函數有兩個參數:被加密或解密的字符串和作為加密或解密基礎的密鑰。Encode結果是一個二進制字符串,以BLOB類型存儲。加密成都相對比較弱
MD5():計算字符串的MD5校驗和(128位)
SHA5():計算字符串的SHA5校驗和(160位)
以上兩個函數返回的校驗和是16進制的,適合與認證系統中使用的口令。
AES_ENCRYPT AES_DECRYPT示例
insert into users(test) values(AES_ENCRYPT('teststr','salt'));
select AES_DECRYPT(test,'salt') from users;
AES_ENCRYPT AES_DECRYPT實驗:(注意數據庫中的sid是自增的,不必去報與本實驗一致)
經加密后的數據:
通過key取回加密后的數據:
Java編程具體操作,插入和查詢(以以上user表為例)
Java數據庫操作類,主要封裝了java對數據庫的基本操作
比如如果需要插入數據只需要設定sql語句和paramers參數的值即可
String sql = "insert into user(sname,password) values(?,AES_ENCRYPT(?,?))";
String paramers[] = { user.getSname(), user.getPassword(),
user.getPassword() };
package com.chen.toolsbean;
import java.io.InputStream;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Properties;
public class SqlHelper {
private static Connection conn;
private static PreparedStatement pStream = null;
private static ResultSet rSet = null;
private static String username;
private static String password;
private static String driver;
private static String url;
// 使用靜態塊加載驅動
static {
try {
Properties properties = new Properties();
InputStream is = SqlHelper.class
.getClassLoader()
.getResourceAsStream("com/chen/toolsbean/dbinfo.properties");
properties.load(is);
url = (String) properties.getProperty("url");
username = (String) properties.getProperty("username");
password = (String) properties.getProperty("password");
driver = (String) properties.getProperty("driver");
Class.forName(driver);
} catch (Exception e) {
e.printStackTrace();
}
}
public static Connection openConnection() {
try {
return DriverManager.getConnection(url, username, password);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
// 同一的cud操作
public static void executeUpdate(String sql, String[] parameters) {
try {
conn = openConnection();
pStream = conn.prepareStatement(sql);
if (parameters != null) {
for (int i = 0; i < parameters.length; i++) {
pStream.setString(i + 1, parameters[i]);
}
}
pStream.executeUpdate();
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException(e.getMessage());
} finally {
close(null, pStream, conn);
}
}
// 同一的cud操作
public static void executeUpdate2(String sql[], String[][] parameters) {
try {
conn = openConnection();
// conn設為不要自動提交
conn.setAutoCommit(false);
for (int i = 0; i < sql.length; i++) {
pStream = conn.prepareStatement(sql[i]);
if (parameters[i] != null) {
for (int j = 0; j < parameters[i].length; j++) {
pStream.setString(j + 1, parameters[i][j]);
}
pStream.executeUpdate();
}
}
conn.commit();
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException(e.getMessage());
} finally {
close(null, pStream, conn);
}
}
public static Connection getConn() {
return conn;
}
public static PreparedStatement getpStream() {
return pStream;
}
public static ResultSet getrSet() {
return rSet;
}
// 寫一個方法,完成查詢任務
// sql表示要執行的sql語句
// select * from emp where ename=?
public static ResultSet executeQuery(String sql, String[] parameters) {
// 根據實際情況,對sql語句的?賦值
try {
conn = DriverManager.getConnection(url, username, password);
// 創建pStream對象<==>sql語句
pStream = conn.prepareStatement(sql);
// 如果parameters不為null,才去賦值
if (parameters != null) {
for (int i = 0; i < parameters.length; i++) {
pStream.setString(i + 1, parameters[i]);
}
}
rSet = pStream.executeQuery();
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException(e.getMessage());
} finally {
}
return rSet;
}
public static void close(ResultSet rSet, Statement pStream, Connection conn) {
if (rSet != null) {
try {
rSet.close();
} catch (SQLException e) {
e.printStackTrace();
}
rSet = null;
}
if (pStream != null) {
try {
pStream.close();
} catch (SQLException e) {
e.printStackTrace();
}
pStream = null;
}
if (conn != null) {
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
conn = null;
}
}
}
User.java user表的domain對象
package com.domain;
public class User {
private String sid;
private String sname;
private String password;
public String getSid() {
return sid;
}
public void setSid(String sid) {
this.sid = sid;
}
public String getSname() {
return sname;
}
public void setSname(String sname) {
this.sname = sname;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
Userdao.java往數據庫中添加數據,以及插敘數據
package com.domain.dao;
import java.sql.ResultSet;
import com.chen.toolsbean.SqlHelper;
import com.domain.User;
public class UserDao {
public static void insert(User user) {
String sql = "insert into user(sname,password) values(?,AES_ENCRYPT(?,?))";
String paramers[] = { user.getSname(), user.getPassword(),
user.getPassword() };
SqlHelper.executeUpdate(sql, paramers);
}
public static boolean check(User user) {
String sql = "select sid,sname from user where AES_DECRYPT(password,?)=?";
String paramers[] = { user.getPassword(), user.getPassword() };
ResultSet rs = null;
boolean flag = false;
try {
rs = SqlHelper.executeQuery(sql, paramers);
if (rs.next()) {
flag = true;
}
} catch (Exception e) {
flag = false;
e.printStackTrace();
} finally {
SqlHelper.close(rs, null, null);
}
return flag;
}
}
Junit測試:
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import com.domain.User;
import com.domain.dao.UserDao;
public class TestUserDao {
@BeforeClass
public static void setUpBeforeClass() throws Exception {
}
@Before
public void setUp() throws Exception {
}
// 插入一個user(sname,password) values(java,java)
@Test
public void testInsert() {
User user = new User();
user.setSname("java");
user.setPassword("java");
UserDao.insert(user);
}
// 查詢剛才插入的user
@Test
public void testCheck() {
User user = new User();
user.setSname("java");
user.setPassword("java");
System.out.println(UserDao.check(user));
}
}
-
運行testInsert之后:
查詢結果:
