新公司對於用戶密碼保護十分嚴密,采用了兩種加密方式,
例如修改密碼時,僅加密流程如下
首先在前端使用RSA加密方式對密碼進行一次加密,數據傳到后台, 然后RSA解密,最后存入數據庫前,再進行一次MD5鹽值加密
功能實現如下
項目中引用一個js文件 文件名 jsencrypt.min.js
下載地址:https://pan.baidu.com/s/1Nmb183-5-x8NmVu83ftnYg 提取碼: w3a7
前台加密部分:
var encrypt = new JSEncrypt();
encrypt.setPublicKey("此處為RSA公鑰");
var myPassword="123456";
myPassword= encodeURI(myPassword).replace(/\+/g, '%2B');
此時即得到加密處理過的密碼
后台處理部分:
注意添加命名空間 using System.Security.Cryptography;
private string Encryption(string myPassword, string key)
{
//RSA解密
string privateKey = "此處為RSA私鑰";
RSACreatKey RsaCreate = new RSACreatKey();
RSACryptoServiceProvider rsaCryptoServiceProvider = RsaCreate.CreateRsaKeyPair(privateKey);
byte[] rc = rsaCryptoServiceProvider.Decrypt(Convert.FromBase64String(myPassword.Replace("%2B", "+")), false);
//MD5+鹽值加密后返回
return MD5password.MD5Encoding(Encoding.UTF8.GetString(rc), key);
}
//RSA具體解密過程 即 RSACreatKey 類中CreateRsaKeyPair方法
public RSACryptoServiceProvider CreateRsaKeyPair(string privateKey)
{
var privateKeyBits = System.Convert.FromBase64String(privateKey);
var RSA = new RSACryptoServiceProvider();
var RSAparams = new RSAParameters();
using (BinaryReader binr = new BinaryReader(new MemoryStream(privateKeyBits)))
{
byte bt = 0;
ushort twobytes = 0;
twobytes = binr.ReadUInt16();
if (twobytes == 0x8130)
binr.ReadByte();
else if (twobytes == 0x8230)
binr.ReadInt16();
else
throw new Exception("Unexpected value read binr.ReadUInt16()");
twobytes = binr.ReadUInt16();
if (twobytes != 0x0102)
throw new Exception("Unexpected version");
bt = binr.ReadByte();
if (bt != 0x00)
throw new Exception("Unexpected value read binr.ReadByte()");
RSAparams.Modulus = binr.ReadBytes(GetIntegerSize(binr));
RSAparams.Exponent = binr.ReadBytes(GetIntegerSize(binr));
RSAparams.D = binr.ReadBytes(GetIntegerSize(binr));
RSAparams.P = binr.ReadBytes(GetIntegerSize(binr));
RSAparams.Q = binr.ReadBytes(GetIntegerSize(binr));
RSAparams.DP = binr.ReadBytes(GetIntegerSize(binr));
RSAparams.DQ = binr.ReadBytes(GetIntegerSize(binr));
RSAparams.InverseQ = binr.ReadBytes(GetIntegerSize(binr));
}
RSA.ImportParameters(RSAparams);
return RSA;
}
private int GetIntegerSize(BinaryReader binr)
{
byte bt = 0;
byte lowbyte = 0x00;
byte highbyte = 0x00;
int count = 0;
bt = binr.ReadByte();
if (bt != 0x02)
return 0;
bt = binr.ReadByte();
if (bt == 0x81)
count = binr.ReadByte();
else
if (bt == 0x82)
{
highbyte = binr.ReadByte();
lowbyte = binr.ReadByte();
byte[] modint = { lowbyte, highbyte, 0x00, 0x00 };
count = BitConverter.ToInt32(modint, 0);
}
else
{
count = bt;
}
while (binr.ReadByte() == 0x00)
{
count -= 1;
}
binr.BaseStream.Seek(-1, SeekOrigin.Current);
return count;
}
MD5鹽值加密過程 //即MD5password類中的MD5Encoding方法
//MD5加密
public static string MD5Encoding(string psw) {
MD5 md5 = MD5.Create();
byte[] bs = Encoding.UTF8.GetBytes(psw);
byte[] hs = md5.ComputeHash(bs);
StringBuilder stb = new StringBuilder();
foreach (byte b in hs)
{
// 以十六進制格式格式化
stb.Append(b.ToString("x2"));
}
return stb.ToString();
}
//MD5鹽值加密
public static string MD5Encoding(string rawPass, object salt)
{
if (salt == null) return rawPass;
return MD5Encoding(rawPass + "{" + salt.ToString() + "}");
}