双重加密 - 在Java Spring Boot与React/JS之间实现AES+RSA加密
在Java中加密,在浏览器中解密(或将JS加密的有效载荷嵌入Java中)。听起来很简单,但实际上并非如此。
你会遇到各种问题,比如:
- 不匹配的IV/标签默认值(Java Crypto API与WebCrypto之间的差异)
- 冲突的密钥格式(X.509与JWK与原始格式)
- 不同的Base64实现和编码细节
我花了几个小时来解决这些问题。因此,我制作了Dual-Crypt,这是一个完全可用的示例:
- AES-256-GCM + RSA-2048,正确连接Java与JS
- 使用spki格式的公钥,pkcs8格式的私钥,12字节的IV,128位的标签
- 现成的代码和实时演示
阅读我如何将其实现的过程,并亲自尝试:
https://muthuishere.medium.com/dual-crypt-cross-platform-encryption-spring-boot-react-that-actually-works-c713ecdbb89c
实时演示在这里:https://dualcrypt.muthuishere.site
查看原文
Encrypt in Java, decrypt in the browser (or seed JS-encrypted payloads into Java).
Sounds straightforward. It’s not.<p>You hit landmines like:<p>Mismatched IV/tag defaults (Java Crypto API vs WebCrypto)<p>Conflicting key formats (X.509 vs JWK vs raw)<p>Varied Base64 implementations and encoding subtleties<p>I spent hours chasing these. So I made Dual-Crypt, a fully working example:<p>AES-256-GCM + RSA-2048, wired correctly across Java ↔ JS<p>Uses spki for public key, pkcs8 for private key, 12-byte IV, 128-bit tag<p>Copy-paste ready code and a live demo<p>Read how I hacked it into existence, and try it yourself:
https://muthuishere.medium.com/dual-crypt-cross-platform-encryption-spring-boot-react-that-actually-works-c713ecdbb89c
Live demo here: https://dualcrypt.muthuishere.site