在配置文件中加密密码? [英] Encrypt Password in Configuration Files?
问题描述
我有一个程序从配置文件读取服务器信息,并希望加密该配置中的密码,该密码可以由我的程序读取并解密。
要求:
- 加密要存储在文件中的明文密码
- 解密读取的加密密码从我的程序的文件
关于我将如何做这个的任何建议?我正在想写自己的算法,但我觉得这将是非常不安全。
在Java中使用基于密码的加密。这允许你使用密码加密和解密文本。
这基本上意味着初始化一个 这里是一个代码示例: 还有一个问题:存储用于加密密码的密码?您可以将其存储在源文件中并对其进行模糊处理,但是不难再次找到它。或者,您可以在启动Java进程时将其作为系统属性( 如果您使用KeyStore(也受密码保护),同样的问题仍然存在。基本上,你需要有一个主密码在某个地方,这很难保护。 I have a program that reads server information from a configuration file and would like to encrypt the password in that configuration that can be read by my program and decrypted. Requirments: Any reccomendations on how i would go about doing this? I was thinking of writing my own algorithm but i feel it would be terribly insecure. A simple way of doing this is to use Password Based Encryption in Java. This allows you to encrypt and decrypt a text by using a password. This basically means initializing a Here is a code example: One problem remains: Where should you store the password that you use to encrypt the passwords? You can store it in the source file and obfuscate it, but it's not too hard to find it again. Alternatively, you can give it as a system property when you start the Java process ( The same issue remains if you use the KeyStore, which also is protected by a password. Basically, you will need to have one master password somewhere, and it's pretty hard to protect. 这篇关于在配置文件中加密密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋! javax.crypto.Cipher 使用相同的算法从 javax.crypto.SecretKeyFactory 中获取一个键。 c>使用算法PBEWithMD5AndDES p>
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
public class ProtectedConfigFile {
private static final char [] PASSWORD =enfldsgbnlsngdlksdsgm.toCharArray();
private static final byte [] SALT = {
(byte)0xde,(byte)0x33,(byte)0x10,(byte)0x12,
(byte)0xde, ,(byte)0x10,(byte)0x12,
};
public static void main(String [] args)throws Exception {
String originalPassword =secret;
System.out.println(原始密码:+ originalPassword);
String encryptedPassword = encrypt(originalPassword);
System.out.println(加密的密码:+ encryptedPassword);
String decryptptedPassword = decrypt(encryptedPassword);
System.out.println(Decrypted password:+ decryptedPassword);
}
private static String encrypt(String property)throws GeneralSecurityException,UnsupportedEncodingException {
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(PBEWithMD5AndDES);
SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD));
Cipher pbeCipher = Cipher.getInstance(PBEWithMD5AndDES);
pbeCipher.init(Cipher.ENCRYPT_MODE,key,new PBEParameterSpec(SALT,20));
return base64Encode(pbeCipher.doFinal(property.getBytes(UTF-8)));
}
private static String base64Encode(byte [] bytes){
// NB:这个类是内部的,你可能应该使用另一个impl
return new BASE64Encoder()。encode(bytes);
}
私有静态字符串decrypt(String属性)throws GeneralSecurityException,IOException {
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(PBEWithMD5AndDES);
SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD));
Cipher pbeCipher = Cipher.getInstance(PBEWithMD5AndDES);
pbeCipher.init(Cipher.DECRYPT_MODE,key,new PBEParameterSpec(SALT,20));
return new String(pbeCipher.doFinal(base64Decode(property)),UTF-8);
}
private static byte [] base64Decode(String property)throws IOException {
// NB:这个类是内部的,你可能应该使用另一个impl
return new BASE64Decoder()。decodeBuffer(property);
}
}
-DpropertyProtectionPassword = ... )。
javax.crypto.Cipher with algorithm "PBEWithMD5AndDES" and getting a key from javax.crypto.SecretKeyFactory with the same algorithm.import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
public class ProtectedConfigFile {
private static final char[] PASSWORD = "enfldsgbnlsngdlksdsgm".toCharArray();
private static final byte[] SALT = {
(byte) 0xde, (byte) 0x33, (byte) 0x10, (byte) 0x12,
(byte) 0xde, (byte) 0x33, (byte) 0x10, (byte) 0x12,
};
public static void main(String[] args) throws Exception {
String originalPassword = "secret";
System.out.println("Original password: " + originalPassword);
String encryptedPassword = encrypt(originalPassword);
System.out.println("Encrypted password: " + encryptedPassword);
String decryptedPassword = decrypt(encryptedPassword);
System.out.println("Decrypted password: " + decryptedPassword);
}
private static String encrypt(String property) throws GeneralSecurityException, UnsupportedEncodingException {
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD));
Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES");
pbeCipher.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(SALT, 20));
return base64Encode(pbeCipher.doFinal(property.getBytes("UTF-8")));
}
private static String base64Encode(byte[] bytes) {
// NB: This class is internal, and you probably should use another impl
return new BASE64Encoder().encode(bytes);
}
private static String decrypt(String property) throws GeneralSecurityException, IOException {
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD));
Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES");
pbeCipher.init(Cipher.DECRYPT_MODE, key, new PBEParameterSpec(SALT, 20));
return new String(pbeCipher.doFinal(base64Decode(property)), "UTF-8");
}
private static byte[] base64Decode(String property) throws IOException {
// NB: This class is internal, and you probably should use another impl
return new BASE64Decoder().decodeBuffer(property);
}
}
-DpropertyProtectionPassword=...).
