nodejs中常⽤加密算法
在常⽤的nodejs+express⼯程中,为了安全在登录及表单传输时,应该都需进⾏加密传输,⽬前个⼈常⽤到的加密⽅式有下列⼏种:
1、Hash算法加密:
创建⼀个nodejs⽂件hash.js,输⼊内容如下:
1var crypto = require('crypto'); //加载crypto库
2 console.Hashes()); //打印⽀持的hash算法
结果如下:
1 [ 'DSA',
2'DSA-SHA',
3'DSA-SHA1',
4'DSA-SHA1-old',
5'RSA-MD4',
6'RSA-MD5',
7'RSA-MDC2',
8'RSA-RIPEMD160',
9'RSA-SHA',
10'RSA-SHA1',
11'RSA-SHA1-2',
12'RSA-SHA224',
13'RSA-SHA256',
14'RSA-SHA384',
15'RSA-SHA512',
16'dsaEncryption',
17'dsaWithSHA',
18'dsaWithSHA1',
19'dss1',
20'ecdsa-with-SHA1',
21'md4',
22'md4WithRSAEncryption',
23'md5',
24'md5WithRSAEncryption',
25'mdc2',
26'mdc2WithRSA',
27'ripemd',
28'ripemd160',
29'ripemd160WithRSA',
30'rmd160',
31'sha',
32'sha1',
33'sha1WithRSAEncryption',
34'sha224',
35'sha224WithRSAEncryption',
36'sha256',
37'sha256WithRSAEncryption',
38'sha384',
39'sha384WithRSAEncryption',
40'sha512',
41'sha512WithRSAEncryption',
42'shaWithRSAEncryption',
43'ssl2-md5',
44'ssl3-md5',
45'ssl3-sha1',
46'whirlpool' ]
View Code
在nodejs中使⽤:(createHash('md5')中的‘md5’可以换成袭击需要的hash加密⽅法)
1var content = 'password';//加密的明⽂;
2var md5 = ateHash('md5');//定义加密⽅式:md5不可逆,此处的md5可以换成任意hash加密的⽅法名称;
3 md5.update(content);
4var d = md5.digest('hex'); //加密后的值d
5 console.log("加密的结果:"+d);
2、Hmac算法加密:(主要⽤)
HMAC是密钥相关的哈希运算消息认证码(Hash-based Message Authentication Code),HMAC运算利⽤哈希算法,以⼀个密钥和⼀个消息为输⼊,⽣成⼀个消息摘要作为输出。HMAC可以有效防⽌⼀些类似md5的彩虹表等攻击,⽐如⼀些常见的密码直接MD5存⼊数据库的,可能被反向破解。
定义HMAC需要⼀个加密⽤散列函数(表⽰为H,可以是MD5或者SHA-1)和⼀个密钥K。我们⽤B来表⽰数据块的字节数。(以上所提到的散列函数的分割数据块字长B=64),⽤L来表⽰散列函数的输出数据字节数(MD5中L=16,SHA-1中L=20)。鉴别密钥的长度可以是⼩于等于数据块字长的任何正整数值。
应⽤程序中使⽤的密钥长度若是⽐B⼤,则⾸先⽤使⽤散列函数H作⽤于它,然后⽤H输出的L长度字符串作
为在HMAC中实际使⽤的密钥。⼀般情况下,推荐的最⼩密钥K长度是L个字节。
下⾯为我在项⽬中使⽤到的Hmac加密(采⽤sha1⽅式):(由于密钥会通过随机⽣成的16位数进⾏加密后再对明⽂加密,每次⽣成的新密钥(token)都不同,所以最后⽣成的密⽂也不会相同,这种加密不可逆,
即使为md5⽅式,也难以通过彩虹表来攻击)
/********hmac-sha1加密***************/
var content = 'password';//加密的明⽂;
var token1='miyue';//加密的密钥;
var buf = crypto.randomBytes(16);
token1 = String('hex');//密钥加密;
console.log("⽣成的token(⽤于加密的密钥):"+token1);
var SecrectKey=token1;//秘钥;
var Signture = ateHmac('sha1', SecrectKey);//定义加密⽅式
Signture.update(content);
var miwen=Signture.digest().toString('base64');//⽣成的密⽂后将再次作为明⽂再通过pbkdf2算法迭代加密;
console.log("加密的结果f:"+miwen);
/**********对应的结果(每次⽣成的结果都不⼀样)******************/
⽣成的token(⽤于加密的密钥):de7c3dafede518a1ad9c2096ee9b4eff
加密的结果f:PUX7fnOMlqVj+BS9o6RnNgxfffY=
⽣成的token(⽤于加密的密钥):93fee046ebf47412c2d54c1e808218d2
加密的结果f:/ERkUcrjkwxzgxNM7WczU8RaX5o=
3、对称加密和⾮对称加密:
对称加密算法的原理很容易理解,通信⼀⽅⽤KEK加密明⽂,另⼀⽅收到之后⽤同样的KEY来解密就可以得到明⽂。
不对称加密算法,使⽤两把完全不同但⼜是完全匹配的⼀对Key:公钥和私钥。在使⽤不对称加密算法加密⽂件时,只有使⽤匹配的⼀对公钥和私钥,才能完成对明⽂的加密和解密过程。
3.1:对称加密:
创建⼀个nodejs⽂件cipher.js,输⼊内容如下:
var crypto = require('crypto'); //加载crypto库
console.Ciphers()); //打印⽀持的cipher算法
结果如下:
1 [ 'CAST-cbc',
2'aes-128-cbc',
3'aes-128-cfb',
4'aes-128-cfb1',
5'aes-128-cfb8',
6'aes-128-ctr',
7'aes-128-ecb',
8'aes-128-gcm',
9'aes-128-ofb',
10'aes-128-xts',
11'aes-192-cbc',
12'aes-192-cfb',
13'aes-192-cfb1',
14'aes-192-cfb8',
15'aes-192-ctr',
16'aes-192-ecb',
17'aes-192-gcm',
18'aes-192-ofb',
19'aes-256-cbc',
20'aes-256-cfb',
21'aes-256-cfb1',
22'aes-256-cfb8',
23'aes-256-ctr',
24'aes-256-ecb',
25'aes-256-gcm',
26'aes-256-ofb',
27'aes-256-xts',
28'aes128',
29'aes192',
30'aes256',
31'bf',
32'bf-cbc',
33'bf-cfb',
34'bf-ecb',
35'bf-ofb',
36'blowfish',
37'camellia-128-cbc',
38'camellia-128-cfb',
39'camellia-128-cfb1',
40'camellia-128-cfb8',
41'camellia-128-ecb',
42'camellia-128-ofb',
43'camellia-192-cbc',
44'camellia-192-cfb',
45'camellia-192-cfb1',
46'camellia-192-cfb8',
47'camellia-192-ecb',
48'camellia-192-ofb',
49'camellia-256-cbc',
50'camellia-256-cfb',
51'camellia-256-cfb1',
52'camellia-256-cfb8',
53'camellia-256-ecb',
54'camellia-256-ofb',
55'camellia128',
56'camellia192',
57'camellia256',
58'cast',
59'cast-cbc',
60'cast5-cbc',
61'cast5-cfb',
62'cast5-ecb',
63'cast5-ofb',
64'des',
65'des-cbc',
66'des-cfb',
67'des-cfb1',
68'des-cfb8',
69'des-ecb',
70'des-ede',
71'des-ede-cbc',
72'des-ede-cfb',
73'des-ede-ofb',
74'des-ede3',
75'des-ede3-cbc',
76'des-ede3-cfb',
77'des-ede3-cfb1',
78'des-ede3-cfb8',
79'des-ede3-ofb',
80'des-ofb',
81'des3',
82'desx',
83'desx-cbc',
84'id-aes128-GCM',
85'id-aes192-GCM',
86'id-aes256-GCM',
87'idea',
88'idea-cbc',
89'idea-cfb',
90'idea-ecb',
91'idea-ofb',
92'rc2',
93'rc2-40-cbc',
94'rc2-64-cbc',
95'rc2-cbc',
96'rc2-cfb',
97'rc2-ecb',
98'rc2-ofb',
99'rc4',
100'rc4-40',
101'rc4-hmac-md5',
102'seed',
103'seed-cbc',
104'seed-cfb',
105'seed-ecb',
106'seed-ofb' ]
View Code
下⾯是我在项⽬中⽤到的对称加密算法:
//在app.js中配置路由
...
var jiami=require("./routes/jiami");
....
app.use("/jiami",jiami);
在service中请求node端路由:
1 $http.post("/app/jiami/encrypt",{str:JSON.stringify(user)}).success(function(miwen){ 2// console.log("返回的密⽂:"+miwen);
3 }).error(function(error){
ject(error);
5 });
1var secret='pass';//密钥
2
3//加密
4 router.post("/encrypt",function(req,res){
5var str=req.body.str;//明⽂
6var cipher = ateCipher('aes192', secret);
7var enc = cipher.update(str, 'utf8', 'hex');//编码⽅式从utf-8转为hex;
8 enc += cipher.final('hex');//编码⽅式从转为hex;
9 res.send(enc);
10 });
11//解密
12 router.post("/decrypt",function(req,res){
13var str=req.body.str;//明⽂
14var decipher = ateDecipher('aes192', secret);
15var dec = decipher.update(str, 'hex', 'utf8');//编码⽅式从hex转为utf-8;
16 dec += decipher.final('utf8');//编码⽅式从utf-8;
字符串长度js
17 res.send(dec);
18 });
jiami.js
3.2、⾮对称加密:这种⽅法还没⽤到,待后⾯继续补充。
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论