A, thinking
Use the RSA key generation tool to generate A pair of public keys (A) and private keys (B), reserving A at the front end and B at the back end.
When the front-end sends data, Mr. A forms A random 16-bit string as the AES secret key (C), and then uses A to encrypt C using the RSA algorithm to obtain the encrypted AES secret key (D). The data (E) to be sent is encrypted with C using AES, resulting in ciphertext (F). Send D and F to the back end for processing.
When the back end processes data, B decrypts D with RSA to obtain C, C decrypts F with AES to obtain E, and then obtains the result G. Then C encrypts G with AES to obtain H, and returns H to the front end.
After receiving H, the front end decrypts it with C to obtain the processed result G.
The AES secret key for data encryption is randomly generated in each request and asymmetric encryption is used during transmission. Therefore, data communication security can be ensured as long as the RSA private key held by the back end is not leaked.
Figure 2. Data flow diagram of back-end encryption and decryption
Figure 1 Front-end encryption and decryption data flow diagram
Two, the use of front-end components
1. Introduce plug-ins
① Introduce AES symmetric encryption plug-in
npm i –save crypto-js
② Introduction of RSA asymmetric plug-in
npm i –save jsencrypt
2. Create a page for encapsulating and using encrypt.js
Encrypt.js encapsulates the exported content as shown below:
use
AES encryption
Encrypt() is used for encryption. Two parameters are passed in: Encrypted and key. Key is a randomly generated 16-bit character string, and encrypted is the content to be encrypted
AES decryption
Decrypt is performed using the Decrypt() method. The parameters are data and key. Key is a randomly generated 16-bit string (the same as the key used in encryption), data is the AES encryption field returned by the back end, and return decrypts the string result
RSA encryption
EncryptRsa () encrypts the encryption result based on the public key and randomly generated key provided by the backend
3. Use of back-end modules
1. Use
The @decrypt annotation is used for decryption, and the @encrypt annotation is used for encryption, where the value property is written into the field that needs to be decrypted (in the form of EL). If the method return value needs to be decrypted, the @{return} mode is required. The type attribute indicates which encryption and decryption method is required.
As shown, decrypt the s parameter of the getUser() method and encrypt the return value as encryptType.controller_rsa_AES.
2. Add or modify the encryption mode
Just add a new enumeration method to the enumeration class EncryptType
Enumeration classes have three abstract methods: encrypt(), Decrypt (), and getKey(), which the new enumeration needs to implement.
Intercepts for annotations are the DecryptAspect and EncryptAspect classes, which are two facets. Intercepting the methods annotated by the two annotations gives the value to the SPEL parser to parse and modify the corresponding value.