加密將在客戶端使用以下基于 Spring Security-Encryptors 的代碼完成:package at.wrwks.pipe.baumgmt.component.documentpreview;import static java.nio.charset.StandardCharsets.UTF_8;import java.net.URLEncoder;import java.util.Base64;import org.springframework.security.crypto.codec.Hex;import org.springframework.security.crypto.encrypt.Encryptors;import org.springframework.stereotype.Component;@Componentpublic class SecureResourceUrlComposer { public String compose(final String resource) { final var salt = new String(Hex.encode("salt".getBytes(UTF_8))); final var encryptor = Encryptors.stronger("password", salt); final var encryptedResource = encryptor.encrypt(resource.getBytes(UTF_8)); final var base64EncodedEncryptedResource = Base64.getEncoder().encodeToString(encryptedResource); final var urlEncodedBase64EncodedEncryptedResource = URLEncoder.encode(base64EncodedEncryptedResource, UTF_8); return "https://target" + "?resource=" + urlEncodedBase64EncodedEncryptedResource; }}樣本資源:aResourceURL 和 base64 編碼的輸出:https://target?resource=yEAdq1toEfbcTKcAeTJmw7zLYdk4fA2waASPzSfqQxAxiq7bmUarUYE%3Dcipher: message authentication failed在以下用 Go 編寫的后端代碼中,解密失敗gcm.Open:func decryptGcmAes32(ciphertext, key string) (plaintext string, err error) { if len(key) != 32 { msg := fmt.Sprintf("Unexpected key length (!= 32) '%s' %d", key, len(key)) err = errors.New(msg) log.Warn(err) sentry.CaptureException(err) return } keyBytes := []byte(key) c, err := aes.NewCipher(keyBytes) if err != nil { log.Warn("Couldn't create a cipher block", err) sentry.CaptureException(err) return } gcm, err := cipher.NewGCM(c) if err != nil { log.Warn("Couldn't wrap in gcm mode", err) sentry.CaptureException(err) return }
Spring Security 加密的字符串 - Go 中的解密失敗
慕碼人8056858
2022-05-23 16:25:46
