rsa javascript 라이블러리
rsa.jsp - 로그인 암호화
<%@page import="java.security.PublicKey"%>
<%@page import="java.security.spec.RSAPublicKeySpec"%>
<%@page import="java.security.PrivateKey"%>
<%@page import="java.security.KeyFactory"%>
<%@page import="java.security.KeyPair"%>
<%@page import="java.security.KeyPairGenerator"%>
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(2048);
KeyPair keyPair = generator.genKeyPair();
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
session.setAttribute("__RSA_Private_Key__", privateKey);
RSAPublicKeySpec publicSpec = keyFactory.getKeySpec(publicKey, RSAPublicKeySpec.class);
String publicKeyModulus = publicSpec.getModulus().toString(16);
String publicKeyExponent = publicSpec.getPublicExponent().toString(16);
%>
<!DOCTYPE html>
<html lang="ko">
<head>
<meta charset="utf-8">
<title>RSA</title>
<script type="text/javascript" src="/resources/lib/rsa/rsa.js"></script>
<script type="text/javascript" src="/resources/lib/rsa/jsbn.js"></script>
<script type="text/javascript" src="/resources/lib/rsa/prng4.js"></script>
<script type="text/javascript" src="/resources/lib/rsa/rng.js"></script>
</head>
<body>
<label for="username">사용자ID : <input type="text" id="username" size="16"/></label>
<label for="password">비밀번호 : <input type="password" id="password" size="16" /></label>
<a href="./rsa_proc.jsp" onclick="validateRSA(); return false;">로그인</a>
<form id="frm" name="frm" action="./rsa_proc.jsp" method="post" style="display: none;">
<input type="hidden" name="securedUsername" id="securedUsername" value="" />
<input type="hidden" name="securedPassword" id="securedPassword" value="" />
</form>
<script type="text/javascript">
function validateRSA() {
var username = document.getElementById("username").value;
var password = document.getElementById("password").value;
try {
var rsaPublicKeyModulus = "<%=publicKeyModulus%>";
var rsaPublicKeyExponent = "<%=publicKeyExponent%>";
var rsa = new RSAKey();
rsa.setPublic(rsaPublicKeyModulus, rsaPublicKeyExponent);
// 사용자ID, 비밀번호를 RSA로 암호화
var securedUsername = rsa.encrypt(username);
var securedPassword = rsa.encrypt(password);
var frm = document.getElementById("frm");
frm.securedUsername.value = securedUsername;
frm.securedPassword.value = securedPassword;
frm.submit();
} catch(e) {
alert(e);
}
}
</script>
</body>
</html>
rsa_proc.jsp - 복호화 처리
<%@page import="javax.crypto.Cipher"%>
<%@page import="java.security.PrivateKey"%>
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%!
private String decryptRsa(PrivateKey privateKey, String securedValue) throws Exception {
//System.out.println("privateKey : " + privateKey);
System.out.println("securedValue : " + securedValue);
Cipher cipher = Cipher.getInstance("RSA");
byte[] encryptedBytes = hexToByteArray(securedValue);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] decryptedBytes = cipher.doFinal(encryptedBytes);
String decryptedValue = new String(decryptedBytes, "utf-8");
return decryptedValue;
}
/**
* 16진 문자열을 byte 배열로 변환한다.
*/
public static byte[] hexToByteArray(String hex) {
if (hex == null || hex.length() % 2 != 0) {
return new byte[]{};
}
byte[] bytes = new byte[hex.length() / 2];
for (int i = 0; i < hex.length(); i += 2) {
byte value = (byte)Integer.parseInt(hex.substring(i, i + 2), 16);
bytes[(int) Math.floor(i / 2)] = value;
}
return bytes;
}
%>
<%
String securedUsername = request.getParameter("securedUsername");
String securedPassword = request.getParameter("securedPassword");
PrivateKey privateKey = (PrivateKey)session.getAttribute("__RSA_Private_Key__");
// 키의 재사용을 막는다. 항상 새로운 키를 받도록 강제.
session.removeAttribute("__RSA_Private_Key__");
if (privateKey == null) {
System.out.println("암호화 비밀키 정보를 찾을 수 없습니다.");
}
try {
String username = decryptRsa(privateKey, securedUsername);
String password = decryptRsa(privateKey, securedPassword);
System.out.println("username : " + username);
System.out.println("password : " + password);
request.setAttribute("username", username);
request.setAttribute("password", password);
request.getRequestDispatcher("/login.jsp").forward(request, response);
} catch (Exception e) {
e.printStackTrace();
}
%>
반응형
'JAVA, JSP' 카테고리의 다른 글
[JAVA] JDK 환경변수 설정 - 윈도우10 (1) | 2016.08.13 |
---|