完成数据库敏感信息的加密

2021-04-17 17:34:48 +08:00
parent 11f2d8a1f4
commit bceda9a95c
25 changed files with 566 additions and 40 deletions
--- a/server/utils/util_test.go
+++ b/server/utils/util_test.go
@ -1,7 +1,10 @@
 package utils_test

 import (
+	"crypto/md5"
 	"encoding/base64"
+	"encoding/hex"
+	"fmt"
 	"net"
 	"testing"

@ -51,3 +54,26 @@ func TestAesDecryptCBC(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, "Hello Next Terminal", string(decryptCBC))
 }
+
+func TestPbkdf2(t *testing.T) {
+	pbkdf2, err := utils.Pbkdf2("1234")
+	assert.NoError(t, err)
+	println(hex.EncodeToString(pbkdf2))
+}
+
+func TestAesEncryptCBCWithAnyKey(t *testing.T) {
+	origData := []byte("admin")                                        // 待加密的数据
+	key := []byte(fmt.Sprintf("%x", md5.Sum([]byte("next-terminal")))) // 加密的密钥
+	encryptedCBC, err := utils.AesEncryptCBC(origData, key)
+	assert.NoError(t, err)
+	assert.Equal(t, "3qwawlPxghyiLS5hdr/p0g==", base64.StdEncoding.EncodeToString(encryptedCBC))
+}
+
+func TestAesDecryptCBCWithAnyKey(t *testing.T) {
+	origData, err := base64.StdEncoding.DecodeString("3qwawlPxghyiLS5hdr/p0g==") // 待解密的数据
+	assert.NoError(t, err)
+	key := []byte(fmt.Sprintf("%x", md5.Sum([]byte("next-terminal")))) // 加密的密钥
+	decryptCBC, err := utils.AesDecryptCBC(origData, key)
+	assert.NoError(t, err)
+	assert.Equal(t, "admin", string(decryptCBC))
+}
--- a/server/utils/utils.go
+++ b/server/utils/utils.go
@ -5,6 +5,8 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/md5"
+	"crypto/rand"
+	"crypto/sha256"
 	"database/sql/driver"
 	"encoding/base64"
 	"fmt"
@ -19,6 +21,8 @@ import (
 	"strings"
 	"time"

+	"golang.org/x/crypto/pbkdf2"
+
 	"github.com/gofrs/uuid"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/crypto/bcrypt"
@ -239,6 +243,7 @@ func PKCS5UnPadding(origData []byte) []byte {
 	return origData[:(length - unPadding)]
 }

+// AesEncryptCBC /*
 func AesEncryptCBC(origData, key []byte) ([]byte, error) {
 	block, err := aes.NewCipher(key)
 	if err != nil {
@ -266,3 +271,15 @@ func AesDecryptCBC(encrypted, key []byte) ([]byte, error) {
 	origData = PKCS5UnPadding(origData)
 	return origData, nil
 }
+
+func Pbkdf2(password string) ([]byte, error) {
+	//生成随机盐
+	salt := make([]byte, 32)
+	_, err := rand.Read(salt)
+	if err != nil {
+		return nil, err
+	}
+	//生成密文
+	dk := pbkdf2.Key([]byte(password), salt, 1, 32, sha256.New)
+	return dk, nil
+}