MyBatis-Plus数据安全保护(加密解密)

项目创建

POM依赖

<dependency><!--MyBatis-Plus 企业级模块--><groupId>com.baomidou</groupId><artifactId>mybatis-mate-starter</artifactId><version>1.2.8</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.bouncycastle/bctls-jdk15on -->
<dependency><!--SM2 SM3 SM4 加密算法依赖--><groupId>org.bouncycastle</groupId><artifactId>bctls-jdk15on</artifactId><version>1.70</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.jasypt/jasypt -->
<dependency><!--混合加密算法依赖--><groupId>org.jasypt</groupId><artifactId>jasypt</artifactId><version>1.9.3</version>
</dependency>

YML配置

spring:datasource:# 配置安全:https://blog.csdn.net/tongxin_tongmeng/article/details/128664932url: mpw:IlcV2VrLIr+z3ruf0oHP1sV3JuEvntw9QZDEYhQWDNHJ9Xkm7qZokxkEeTCPNqmausername: mpw:aoVz0lDJNymnmrhw6LkQow==password: mpw:StRVtLG7vB6iKVt83du7fw==driver-class-name: com.mysql.cj.jdbc.Driver# Mybatis Mate 配置
mybatis-mate:cert:# 请添加微信wx153666购买授权，不白嫖从我做起！ 测试证书会失效，请勿正式环境使用grant: thisIsTestLicenselicense: TtY9GC88CzSkEmUhzIyvM2MJKvsgPyxoNCExH4/GhaBwuTQ93aeLaR6/dM49wMSk+oQdmqUibCM8b5H74s1Nx+2C5V3U1gKiLtddVc8Eg8oC1F2nLxOiDKDvPpdxWFGsPW6mQE2LDr+tK8GXpFS3N8xwmYy/gHCwQ4Avqp9JqBbke7pZzL2adIlxYHmCYpfNTN+NRHIEFaGFTBlzZHDb3UfJaeqLaAtWBol0QOPEM69Kz3JSemxBHnEO1ID75bwwmkgqC7Ps4z9iYAK9GLzzaPwSiFELNCmIvwa5YSJLxP9NMQUWbVGIRqehxnVqfgx/68+yIfpByqGTMxLR33yeEQ==# 全局配置加密算法密钥encryptor:# MD5_32 MD5_16 BASE64 AES SM2 SM3 SM4 需要 password，其他加密算法需要 password publicKey privateKeypassword: mybatis-mate-encryptor-password-666publicKey: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCEOCMScPeNaJ0DP9N9vd/fXwPGUVnuxeGPpRePXfWuX/X/Yk5IMhwEfYLXictxQk/oAqGnqtDuS/PCL/7mqL+8wFSYnWWErCSkDdT6LjyD07l9dWv+Xj1UTEjP24sEgYA92f4AZyvhsw8I/Bj6a9a30r+kVOGoEZgGMf2c2xK4CQIDAQABprivateKey: MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAIQ4IxJw941onQM/0329399fA8ZRWe7F4Y+lF49d9a5f9f9iTkgyHAR9gteJy3FCT+gCoaeq0O5L88Iv/uaov7zAVJidZYSsJKQN1PouPIPTuX11a/5ePVRMSM/biwSBgD3Z/gBnK+GzDwj8GPpr1rfSv6RU4agRmAYx/ZzbErgJAgMBAAECgYBAlFK9DSQ8k14tWh1oizcvmO71DIMKluhHCvHo+pGnLAOxS0jFBoScxNkFga42kZcJ0U8337zQx5Q1ws+TxdRwHxQO889ZGQH3kOFB0ErUMTgFrTOakZhV0dMWzebkYitNcduSKZ1yfgM5ekF9k3owPIQhUNy8eXjagiLLb9/woQJBALwofOx+fuanQLC1yotFqYAx0XED9EpVPhS/G8mc4dZSNWZ548bIyq3ozP0CoHqriQo/X3NVzIJOU3rhn92fwj0CQQCz5FaeHzSqe1H4bTxzwgR5BUHttxrAPtktwfgCRgaSrZByjFldtP/dGaJmjR2Vzp848WcusJZlSlaLTfndm6W9AkEAoSxlZgctGNKn3Ta7mvU/Lmp+J7rlZU8DcK4LVXYnFXkx+OfsLvkMdE/4V7oKUUnih36lepxCJFSHubjPQf55WQJBAIUa8yxUkreCQAi9avmMGZsiVMH7tgOBfVjqKQQlpD9rxXG8f3Nitd93VD7lM3rhQ9byaBKX/vA7rQWuUK+0t1ECQDTGhLRJFZK4J7UGklTX94pknM/5rO3N/JPkFJcGilbgzkqy0s13D1K+8cR0qTn2DPW8vPoLQpVGuaATTTmMdvg=

@SpringBootTest
class MybatisPlusApplicationTests {@Testvoid contextLoads() throws Exception {Map<String, Key> keyMap = RSA.genKeyPair();String publicKey = RSA.getPublicKey(keyMap);String privateKey = RSA.getPrivateKey(keyMap);System.out.println("publicKey========="+publicKey);System.out.println("privateKey========="+privateKey);}}注意：password为任意字符串，publicKey和privateKey通过如上方法生成

SQL脚本

CREATE TABLE `encrypt` (`id` bigint NOT NULL COMMENT '主键ID',`MD5_32` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'MD5_32',`MD5_16` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'MD5_16',`BASE64` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'BASE64',`AES` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'AES',`RSA` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'RSA',`SM2` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'SM2',`SM3` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'SM3',`SM4` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'SM4',`PBEWithMD5AndDES` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'PBEWithMD5AndDES',`PBEWithMD5AndTripleDES` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'PBEWithMD5AndTripleDES',`PBEWithHMACSHA512AndAES_256` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'PBEWithHMACSHA512AndAES_256',`PBEWithSHA1AndDESede` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'PBEWithSHA1AndDESede',`PBEWithSHA1AndRC2_40` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci DEFAULT NULL COMMENT 'PBEWithSHA1AndRC2_40',PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;

代码生成(MybatisX)

@RestController
@RequestMapping("/encrypt")
public class EncryptController {@Autowiredprivate EncryptService encrtptService;@PostMapping("/create")public Boolean create(@RequestBody Encrypt encrypt) {return encrtptService.save(encrypt);}@GetMapping("/get")public Encrypt get(@RequestBody Encrypt encrypt) {return encrtptService.getById(encrypt.getId());}@GetMapping("/getAll")public List<Encrypt> getAll() {return encrtptService.list();}@PutMapping("/update")public Boolean update(@RequestBody Encrypt encrypt) {return encrtptService.updateById(encrypt);}@DeleteMapping("/delete")public Boolean delete(@RequestBody Encrypt encrypt) {return encrtptService.removeById(encrypt);}@DeleteMapping("/deleteAll")public Boolean deleteAll() {return encrtptService.remove(new QueryWrapper<>());}}

加密算法

字段加密(@FieldEncrypt)

/**** @TableName encrypt*/
@TableName(value ="encrypt")
@Data
public class Encrypt implements Serializable {/*** 主键ID*/@TableId(value = "id")private Long id;/*** MD5_32*/@FieldEncrypt(algorithm = Algorithm.MD5_32)@TableField(value = "MD5_32")private String md532;/*** MD5_16*/@FieldEncrypt(algorithm = Algorithm.MD5_16)@TableField(value = "MD5_16")private String md516;/*** BASE64*/@FieldEncrypt(algorithm = Algorithm.BASE64)@TableField(value = "BASE64")private String base64;/*** AES*/@FieldEncrypt(algorithm = Algorithm.AES)@TableField(value = "AES")private String aes;/*** RSA*/@FieldEncrypt(algorithm = Algorithm.RSA)@TableField(value = "RSA")private String rsa;/*** SM2*/@FieldEncrypt(algorithm = Algorithm.SM2)@TableField(value = "SM2")private String sm2;/*** SM3*/@FieldEncrypt(algorithm = Algorithm.SM3)@TableField(value = "SM3")private String sm3;/*** SM4*/@FieldEncrypt(algorithm = Algorithm.SM4)@TableField(value = "SM4")private String sm4;/*** PBEWithMD5AndDES*/@FieldEncrypt(algorithm = Algorithm.PBEWithMD5AndDES)@TableField(value = "PBEWithMD5AndDES")private String pbewithmd5anddes;/*** PBEWithMD5AndTripleDES*/@FieldEncrypt(algorithm = Algorithm.PBEWithMD5AndTripleDES)@TableField(value = "PBEWithMD5AndTripleDES")private String pbewithmd5andtripledes;/*** PBEWithHMACSHA512AndAES_256*/@FieldEncrypt(algorithm = Algorithm.PBEWithHMACSHA512AndAES_256)@TableField(value = "PBEWithHMACSHA512AndAES_256")private String pbewithhmacsha512andaes256;/*** PBEWithSHA1AndDESede*/@FieldEncrypt(algorithm = Algorithm.PBEWithSHA1AndDESede)@TableField(value = "PBEWithSHA1AndDESede")private String pbewithsha1anddesede;/*** PBEWithSHA1AndRC2_40*/@FieldEncrypt(algorithm = Algorithm.PBEWithSHA1AndRC2_40)@TableField(value = "PBEWithSHA1AndRC2_40")private String pbewithsha1andrc240;@TableField(exist = false)private static final long serialVersionUID = 1L;@Overridepublic boolean equals(Object that) {if (this == that) {return true;}if (that == null) {return false;}if (getClass() != that.getClass()) {return false;}Encrypt other = (Encrypt) that;return (this.getId() == null ? other.getId() == null : this.getId().equals(other.getId()))&& (this.getMd532() == null ? other.getMd532() == null : this.getMd532().equals(other.getMd532()))&& (this.getMd516() == null ? other.getMd516() == null : this.getMd516().equals(other.getMd516()))&& (this.getBase64() == null ? other.getBase64() == null : this.getBase64().equals(other.getBase64()))&& (this.getAes() == null ? other.getAes() == null : this.getAes().equals(other.getAes()))&& (this.getRsa() == null ? other.getRsa() == null : this.getRsa().equals(other.getRsa()))&& (this.getSm2() == null ? other.getSm2() == null : this.getSm2().equals(other.getSm2()))&& (this.getSm3() == null ? other.getSm3() == null : this.getSm3().equals(other.getSm3()))&& (this.getSm4() == null ? other.getSm4() == null : this.getSm4().equals(other.getSm4()))&& (this.getPbewithmd5anddes() == null ? other.getPbewithmd5anddes() == null : this.getPbewithmd5anddes().equals(other.getPbewithmd5anddes()))&& (this.getPbewithmd5andtripledes() == null ? other.getPbewithmd5andtripledes() == null : this.getPbewithmd5andtripledes().equals(other.getPbewithmd5andtripledes()))&& (this.getPbewithhmacsha512andaes256() == null ? other.getPbewithhmacsha512andaes256() == null : this.getPbewithhmacsha512andaes256().equals(other.getPbewithhmacsha512andaes256()))&& (this.getPbewithsha1anddesede() == null ? other.getPbewithsha1anddesede() == null : this.getPbewithsha1anddesede().equals(other.getPbewithsha1anddesede()))&& (this.getPbewithsha1andrc240() == null ? other.getPbewithsha1andrc240() == null : this.getPbewithsha1andrc240().equals(other.getPbewithsha1andrc240()));}@Overridepublic int hashCode() {final int prime = 31;int result = 1;result = prime * result + ((getId() == null) ? 0 : getId().hashCode());result = prime * result + ((getMd532() == null) ? 0 : getMd532().hashCode());result = prime * result + ((getMd516() == null) ? 0 : getMd516().hashCode());result = prime * result + ((getBase64() == null) ? 0 : getBase64().hashCode());result = prime * result + ((getAes() == null) ? 0 : getAes().hashCode());result = prime * result + ((getRsa() == null) ? 0 : getRsa().hashCode());result = prime * result + ((getSm2() == null) ? 0 : getSm2().hashCode());result = prime * result + ((getSm3() == null) ? 0 : getSm3().hashCode());result = prime * result + ((getSm4() == null) ? 0 : getSm4().hashCode());result = prime * result + ((getPbewithmd5anddes() == null) ? 0 : getPbewithmd5anddes().hashCode());result = prime * result + ((getPbewithmd5andtripledes() == null) ? 0 : getPbewithmd5andtripledes().hashCode());result = prime * result + ((getPbewithhmacsha512andaes256() == null) ? 0 : getPbewithhmacsha512andaes256().hashCode());result = prime * result + ((getPbewithsha1anddesede() == null) ? 0 : getPbewithsha1anddesede().hashCode());result = prime * result + ((getPbewithsha1andrc240() == null) ? 0 : getPbewithsha1andrc240().hashCode());return result;}@Overridepublic String toString() {StringBuilder sb = new StringBuilder();sb.append(getClass().getSimpleName());sb.append(" [");sb.append("Hash = ").append(hashCode());sb.append(", id=").append(id);sb.append(", md532=").append(md532);sb.append(", md516=").append(md516);sb.append(", base64=").append(base64);sb.append(", aes=").append(aes);sb.append(", rsa=").append(rsa);sb.append(", sm2=").append(sm2);sb.append(", sm3=").append(sm3);sb.append(", sm4=").append(sm4);sb.append(", pbewithmd5anddes=").append(pbewithmd5anddes);sb.append(", pbewithmd5andtripledes=").append(pbewithmd5andtripledes);sb.append(", pbewithhmacsha512andaes256=").append(pbewithhmacsha512andaes256);sb.append(", pbewithsha1anddesede=").append(pbewithsha1anddesede);sb.append(", pbewithsha1andrc240=").append(pbewithsha1andrc240);sb.append(", serialVersionUID=").append(serialVersionUID);sb.append("]");return sb.toString();}
}

加密测试

加密前：
{"md532": "md532","md516": "md516","base64": "base64","aes": "aes","rsa": "rsa","sm2": "sm2","sm3": "sm3","sm4": "sm4","pbewithmd5anddes": "pbewithmd5anddes","pbewithmd5andtripledes": "pbewithmd5andtripledes","pbewithhmacsha512andaes256": "pbewithhmacsha512andaes256","pbewithsha1anddesede": "pbewithsha1anddesede","pbewithsha1andrc240": "pbewithsha1andrc240"
}注意：调用控制器接口向数据库插入数据

加密后：
{"id": "1614832069533679617","md532": "0ed5449e148dfaac16d1247667d62554","md516": "838026c17d7ac626","base64": "YmFzZTY0","aes": "3420e2d91b8f913bb035258e5013cc6f","rsa": "FqVQIe05Q/usNmZZWA9omCf63WYbhT7z4Qsrpvr+RsWv70vV3hVK5sV1/HZvQL6uI9pU0dkdPDEwIzn0DCJIoVKCW3l7fubdOkjOgaqxv5tIdcLmZFl9XivzA6sDhSIzitFLAj4OJu2HgbF1fNDoVEdYqAD7BEMeNeCyQYyjNQk=","sm2": "sm2","sm3": "d0c7f21dc640a69786764d688920d4d968a103a437a6159b9e7cc7c4b826b8ac","sm4": "sm4","pbewithmd5anddes": "q30eLvs6615ATdqtscdIpSdZLgC+vg1/+8mLzeD2INo=","pbewithmd5andtripledes": "PjjKX2OkRE2D/mz3UZLTXXAsLkjuAk6rF8l4WVz/CaE=","pbewithhmacsha512andaes256": "N5GESK0bGjLsJGO4DadbUMNzPo6ov/svzNHCZg0S4gmrsMLSDMLHDO/6ZrPNsYhpBTR53Xmksi9fxwSU5ScshQ==","pbewithsha1anddesede": "1kGvVHNUKDbwYG1ZnLhaK2QPre3jFddM3tB6MQETzwE=","pbewithsha1andrc240": "my9MZrkBSRtwgV6/MjAjwug7HB/lKHTMzmZJeUOrCQY="
}注意：数据库存储内容为密文，其中SM2与SM4加密失败，其他算法加密成功

解密后：
{"id": 1614832069533679617,"md532": "0ed5449e148dfaac16d1247667d62554","md516": "838026c17d7ac626","base64": "base64","aes": "aes","rsa": "rsa","sm2": "sm2","sm3": "d0c7f21dc640a69786764d688920d4d968a103a437a6159b9e7cc7c4b826b8ac","sm4": "sm4","pbewithmd5anddes": "pbewithmd5anddes","pbewithmd5andtripledes": "pbewithmd5andtripledes","pbewithhmacsha512andaes256": "pbewithhmacsha512andaes256","pbewithsha1anddesede": "pbewithsha1anddesede","pbewithsha1andrc240": "pbewithsha1andrc240"
}注意：调用控制器接口查询数据，查询结果为加密前数据，其中MD5_32 MD5_16 SM3仍是密文，说明这三种算法不可逆

自定义算法

注意：自定义加密算法需实现IEncryptor接口，IEncryptor接口可有多个实现类，但只能有一个实现类添加@Component注解，添加
@Component注解便启用自定义加密算法，一旦启用自定义加密算法，那么项目中所有@FieldEncrypt加密的字段都将使用自定义加密
算法进行加密，其他算法均不再生效，如下CustomEncryptor自定义加密算法，加密时"##$$##=="+plaintext+"--&&$$&&"实现加密，
解密时encrypt.replace("##$$##==", "").replace("--&&$$&&", "")实现解密

// 自定义加密算法，这里为开启使用默认加密库
@Component
public class CustomEncryptor implements IEncryptor {/*** 加密** @param algorithm  算法* @param password   密码（对称加密算法密钥）* @param plaintext  明文* @param publicKey  非对称加密算法（公钥）* @param metaObject {@link MetaObject}* @return*/@Overridepublic String encrypt(Algorithm algorithm, String password, String publicKey, String plaintext, Object metaObject) {if (metaObject instanceof MetaObject) {// _metaObject为加密字段所属对象,可通过已知属性名获取属性值，_metaObject.getValue("属性名")MetaObject _metaObject = ((MetaObject) metaObject);}return "##$$##=="+plaintext+"--&&$$&&";}/*** 解密** @param algorithm  算法* @param password   密码（对称加密算法密钥）* @param encrypt    密文* @param privateKey 非对称加密算法（私钥）* @param metaObject {@link MetaObject}* @return*/@Overridepublic String decrypt(Algorithm algorithm, String password, String privateKey, String encrypt, Object metaObject) {if (metaObject instanceof MetaObject) {// _metaObject为加密字段所属对象,可通过已知属性名获取属性值，_metaObject.getValue("属性名")MetaObject _metaObject = ((MetaObject) metaObject);}return encrypt.replace("##$$##==", "").replace("--&&$$&&", "");}
}

MyBatis-Plus数据安全保护(加密解密)相关推荐

mybatis-plus数据安全保护加密解密
官网地址该功能为了保护数据库配置及数据安全,在一定的程度上控制开发人员流动导致敏感信息泄露. YML 配置: // 加密配置 mpw: 开头紧接加密内容( 非数据库配置专用 YML 中其它配置也是可 ...
1、【java数据安全】数据安全之加密解密（base64、MD、SHA、DES、AES、IDEA、PBE、DH、RSA、EIGamal）、数字签名（DSA、ECDSA）和数字证书介绍、应用示例详细介绍
java数据安全系列文章 1.[java数据安全]数据安全之加密解密(base64.MD.SHA.DES.AES.IDEA.PBE.DH.RSA.EIGamal).数字签名(DSA.ECDSA)和数 ...
Spring-Web - 数据库字段加密解密
在工作中,为了保证数据安全,需要对数据库字段进行加解密,之前工作中就遇到了这种情况,因为线上数据库有很多的人都有权限,运维,账务,运营(通过后台系统查看),出口太多了,但有用户向我们平台举报,说有 ...
IonCube Loaders 在Linux系统中的安装（PHP加密/解密工具）
IonCube是加密/解密工具用于使我们的PHP应用程序能够保护数据安全. 它也可以限制未经授权的PHP应用程序执行. 它还帮助加快页面响应速度. IonCube Loaders用于在网络服务器上运行 ...
如何使用MD5加密解密工具？
MD5加密解密工具是用于计算MD5消息摘要的工具,可以将文本.密码等数据进行加密处理以保护数据安全. 使用MD5加密解密工具通常需要输入待加密的字符串或文件,程序会自动通过预设的算法计算出与此字符串对 ...
企业数据安全保护规划
一.设计思路数据安全也是一个整体的体系,环环相扣. 数据安全防护六不原则: 全面的网络安全防护: 二.数据安全威胁企业面临的数据安全威胁/风险脑图: 三.规划内容 3.1 访问控制涉及数据相关的 ...
安全篇 ━━ JWT的用途和安全探讨，编码解码=\=加密解密
一.定义 JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred betw ...
Linux 加密解密技术基础及OpenSSL介绍
Linux 加密解密技术基础基础概念信息安全防护的目标安全防护环节安全攻击类型(STRIDE) 安全设计的基本原则常用的安全技术安全的解决方案 1.加密和解密 2.服务 3.密钥算法和协议 ...
linux密码加密文件,Linux下加密/解密及用密码保护文件的七把利器
加密是指对文件进行编码的过程,那样只有有权访问的人才可以访问文件.人类早在计算机还没有问世的时候就开始使用加密了.战争期间,人类会传输只有其部落或相关人员才能理解的某种信息. 作者:布加迪/编译来源: ...

MyBatis-Plus数据安全保护(加密解密)

MyBatis-Plus数据安全保护(加密解密)相关推荐

最新文章

热门文章