在前端常见的加密方式中AES很少使用,因为相对于非对称的RSA安全性很低,AES是典型的对称加密,密钥就在前端源码里。
案列网站是ewt360.com,一个并不复杂的网站,首先抓个包看看:
image
加密字段只有password,粗略一看挺像MD5的加密方式,但是看看源码,有明确的key
image
image
复制加密函数在调试工具中试试:
image
其中引用函数只有几十行代码:
var com_str = { _KEY: "20171109124536982017110912453698",//32位 _IV: "2017110912453698",//16位 /************************************************************** *字符串加密 * str:需要加密的字符串 ****************************************************************/ Encrypt: function (str) { var key = CryptoJS.enc.Utf8.parse(this._KEY); var iv = CryptoJS.enc.Utf8.parse(this._IV); var encrypted = ''; var srcs = CryptoJS.enc.Utf8.parse(str); encrypted = CryptoJS.AES.encrypt(srcs, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 }); return encrypted.ciphertext.toString(); }, /************************************************************** *字符串解密 * str:需要解密的字符串 ****************************************************************/ Decrypt: function (str) { var key = CryptoJS.enc.Utf8.parse(this._KEY); var iv = CryptoJS.enc.Utf8.parse(this._IV); var encryptedHexStr = CryptoJS.enc.Hex.parse(str); var srcs = CryptoJS.enc.Base64.stringify(encryptedHexStr); var decrypt = CryptoJS.AES.decrypt(srcs, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 }); var decryptedStr = decrypt.toString(CryptoJS.enc.Utf8); return decryptedStr.toString(); } }
其中CryptoJS是加密的核心类,在另一个js文件中,需要来将两个js合并,CryptoJS如下:
/*CryptoJS v3.1.2code.google.com/p/crypto-js(c) 2009-2013 by Jeff Mott. All rights reserved.code.google.com/p/crypto-js/wiki/License*/var CryptoJS = CryptoJS || function(u, p) { var d = {} , l = d.lib = {} , s = function() {} , t = l.Base = { extend: function(a) { s.prototype = this; var c = new s; a && c.mixIn(a); c.hasOwnProperty("init") || (c.init = function() { c.$super.init.apply(this, arguments) } ); c.init.prototype = c; c.$super = this; return c }, create: function() { var a = this.extend(); a.init.apply(a, arguments); return a }, init: function() {}, mixIn: function(a) { for (var c in a) a.hasOwnProperty(c) && (this[c] = a[c]); a.hasOwnProperty("toString") && (this.toString = a.toString) }, clone: function() { return this.init.prototype.extend(this) } } , r = l.WordArray = t.extend({ init: function(a, c) { a = this.words = a || []; this.sigBytes = c != p ? c : 4 * a.length }, toString: function(a) { return (a || v).stringify(this) }, concat: function(a) { var c = this.words , e = a.words , j = this.sigBytes; a = a.sigBytes; this.clamp(); if (j % 4) for (var k = 0; k < a; k++) c[j + k >>> 2] |= (e[k >>> 2] >>> 24 - 8 * (k % 4) & 255) << 24 - 8 * ((j + k) % 4); else if (65535 < e.length) for (k = 0; k < a; k += 4) c[j + k >>> 2] = e[k >>> 2]; else c.push.apply(c, e); this.sigBytes += a; return this }, clamp: function() { var a = this.words , c = this.sigBytes; a[c >>> 2] &= 4294967295 << 32 - 8 * (c % 4); a.length = u.ceil(c / 4) }, clone: function() { var a = t.clone.call(this); a.words = this.words.slice(0); return a }, random: function(a) { for (var c = [], e = 0; e < a; e += 4) c.push(4294967296 * u.random() | 0); return new r.init(c,a) } }) , w = d.enc = {} , v = w.Hex = { stringify: function(a) { var c = a.words; a = a.sigBytes; for (var e = [], j = 0; j < a; j++) { ·········
上面便是一个AES加密的实例,至于python如何实现,已经在python加密全家桶里面《Python实现DES、DES3、AES、RSA、MD5、SHA、HMAC加密方式及示例》,感兴趣可以看看。
网友评论