加密分類
可逆加密和不可逆加密
- 不可逆加密: 加密后不可解密,只能通過碰撞密文以極小的概率解密;
- 可逆加密: 加密后可以解密;包括對稱加密與非對稱加密;
- 對稱加密雙方采用共同密鑰;
- 非對稱加密: 這種加密方式存在兩個密鑰盖奈,密鑰-- 一種是公鑰季希,一種是密鑰肆饶。使用公鑰加密,則只能使用密鑰解密呻袭,使用密鑰加密露戒,則只能使用公鑰解密;
不可逆加密
const crypto = require('crypto');
let str = 'abcd';
let password = 'hello';
// 不可逆加密
// 支持md5/sha1/sha256等加密
let data1 = crypto.createHash('md5').update(str).digest('hex');
console.log(data1);
// 以指定key作為密碼進行加密
let data2 = crypto.createHmac('md5', password).update(str).digest('hex');
console.log(data2);
可逆加密
對稱加解密
const crypto = require('crypto');
let str = 'abcd';
const password = 'FnJL7EDzjqWjcaY9';
const iv = 'FnJL7EDzjqWjcaY9';
// 加密
const cipher = crypto.createCipheriv('aes-128-cbc', password, iv);
cipher.update(str,'utf8', 'hex')
let data3 = cipher.final('hex');
console.log(data3);
// 解密
const decipher = crypto.createDecipheriv('aes-128-cbc', password, iv);
decipher.update(data3, 'hex', 'utf8')
let data4 = decipher.final().toString();
console.log(data4);
非對稱加解密(基于公鑰密鑰)
-
生成公鑰密鑰
openssl genrsa -out server.key openssl req -new -key server.key -out server.csr openssl x509 -req -in server.csr -signkey server.key -out server.crt -
驗證證書功能
const crypto = require('crypto'); const fs = require('fs'); const sign = crypto.createSign('RSA-SHA256'); const verify = crypto.createVerify('RSA-SHA256'); const privateKey = fs.readFileSync('./server.key').toString(); //rsa私鑰 const publicKey = fs.readFileSync('./server.crt').toString(); const str = 'abcd'; sign.update(str); verify.update(str); let signture = sign.sign(privateKey); let result = verify.verify(publicKey, signture); console.log(result); // true/false -
公鑰密鑰加解密
const crypto = require('crypto'); const fs = require('fs'); const privateKey = fs.readFileSync('./server.key').toString(); //rsa私鑰 const publicKey = fs.readFileSync('./server.crt').toString(); const str = 'abcd'; // 公鑰加密,密鑰解密 const publicEncodeData = crypto.publicEncrypt(publicKey, Buffer.from(str)).toString('base64'); console.log("encode: ", publicEncodeData); const privateDecodeData = crypto.privateDecrypt(privateKey, Buffer.from(publicEncodeData.toString('base64'), 'base64')); console.log("decode: ", privateDecodeData.toString()) // 密鑰加密,公鑰解密 const privateEncodeData = crypto.privateEncrypt(privateKey, Buffer.from(str)).toString('base64'); console.log("encode: ", privateEncodeData); const publicDecodeData = crypto.publicDecrypt(privateKey, Buffer.from(privateEncodeData.toString('base64'), 'base64')); console.log("decode: ", publicDecodeData.toString())
example
var crypto = require('crypto');
/**
* 加密方法
* @param key 加密key
* @param iv 向量
* @param data 需要加密的數(shù)據(jù)
* @returns string
*/
var encrypt = function (key, iv, data) {
var cipher = crypto.createCipheriv('aes-128-cbc', key, iv);
var crypted = cipher.update(data, 'utf8', 'binary');
crypted += cipher.final('binary');
crypted = Buffer.from(crypted, 'binary').toString('base64');
return crypted;
};
/**
* 解密方法
* @param key 解密的key
* @param iv 向量
* @param crypted 密文
* @returns string
*/
var decrypt = function (key, iv, crypted) {
crypted = Buffer.from(crypted, 'base64').toString('binary');
var decipher = crypto.createDecipheriv('aes-128-cbc', key, iv);
var decoded = decipher.update(crypted, 'binary', 'utf8');
decoded += decipher.final('utf8');
return decoded;
};
var key = '751f621ea5c8f930';
console.log('加密的key:', key.toString('hex'));
var iv = '2624750004598718';
console.log('加密的iv:', iv);
// var data = "Hello, nodejs. 演示aes-128-cbc加密和解密";
var data =JSON.stringify({user: "www", pass:"wwwww/"})
console.log("需要加密的數(shù)據(jù):", data);
var crypted = encrypt(key, iv, data);
console.log("數(shù)據(jù)加密后:", crypted);
var dec = decrypt(key, iv, crypted);
console.log("數(shù)據(jù)解密后:", JSON.parse(dec));
