Security Crypto Plugin
对应模块:
io.gitee.lcgyl:lcgyl-security-crypto-plugin
提供基于 Bouncy Castle 的高强度加密算法实现,支持 AES、RSA、BCrypt 等常用算法。
✨ 特性
- ✅ 对称加密 - AES-256-GCM
- ✅ 非对称加密 - RSA-2048/4096
- ✅ 密码哈希 - BCrypt, Argon2, PBKDF2
- ✅ 数字签名 - SHA256withRSA 等
- ✅ 密钥管理 - 安全的密钥生成和存储
🚀 快速开始
依赖引入
gradle
implementation 'io.gitee.lcgyl:lcgyl-security-crypto-plugin:2.2.0'配置
yaml
lcgyl:
security:
crypto:
aes:
key: ${AES_SECRET_KEY} # 从环境变量读取
algorithm: AES/GCM/NoPadding
rsa:
key-size: 2048
public-key: classpath:keys/public.pem
private-key: classpath:keys/private.pem
password:
encoder: bcrypt # bcrypt, argon2, pbkdf2
strength: 12对称加密 (AES)
java
@Service
public class DataEncryptionService {
@Inject
private AesEncryptor aesEncryptor;
// 加密敏感数据
public String encryptSensitiveData(String plainText) {
return aesEncryptor.encrypt(plainText);
}
// 解密
public String decryptSensitiveData(String cipherText) {
return aesEncryptor.decrypt(cipherText);
}
// 加密对象(自动序列化为 JSON)
public String encryptObject(Object obj) {
return aesEncryptor.encryptObject(obj);
}
// 解密为对象
public <T> T decryptObject(String cipherText, Class<T> type) {
return aesEncryptor.decryptObject(cipherText, type);
}
}非对称加密 (RSA)
java
@Service
public class RsaCryptoService {
@Inject
private RsaEncryptor rsaEncryptor;
// 公钥加密(用于客户端发送敏感数据)
public String encryptWithPublicKey(String plainText) {
return rsaEncryptor.encryptWithPublicKey(plainText);
}
// 私钥解密(服务端解密)
public String decryptWithPrivateKey(String cipherText) {
return rsaEncryptor.decryptWithPrivateKey(cipherText);
}
// 获取公钥(供前端使用)
public String getPublicKey() {
return rsaEncryptor.getPublicKeyBase64();
}
}密码哈希
java
@Service
public class PasswordService {
@Inject
private PasswordEncoder passwordEncoder;
// 用户注册时哈希密码
public String hashPassword(String rawPassword) {
return passwordEncoder.encode(rawPassword);
}
// 登录时验证密码
public boolean verifyPassword(String rawPassword, String encodedPassword) {
return passwordEncoder.matches(rawPassword, encodedPassword);
}
// 检查是否需要重新哈希(算法升级场景)
public boolean needsRehash(String encodedPassword) {
return passwordEncoder.upgradeEncoding(encodedPassword);
}
}数字签名
java
@Service
public class SignatureService {
@Inject
private DigitalSigner signer;
// 签名数据
public String sign(String data) {
return signer.sign(data);
}
// 验证签名
public boolean verify(String data, String signature) {
return signer.verify(data, signature);
}
// API 请求签名示例
public String signRequest(ApiRequest request) {
String signContent = request.getTimestamp() + request.getNonce() + request.getBody();
return signer.sign(signContent);
}
}数据库字段加密
java
@Entity
public class User {
@Id
private String id;
private String username;
// 自动加解密
@Encrypted
private String idCard;
@Encrypted
private String phone;
@Encrypted(algorithm = "AES")
private String bankAccount;
}
// JPA 转换器
@Converter
public class EncryptedStringConverter implements AttributeConverter<String, String> {
@Inject
private AesEncryptor encryptor;
@Override
public String convertToDatabaseColumn(String attribute) {
return encryptor.encrypt(attribute);
}
@Override
public String convertToEntityAttribute(String dbData) {
return encryptor.decrypt(dbData);
}
}密钥轮换
java
@Service
public class KeyRotationService {
@Inject
private KeyManager keyManager;
// 生成新密钥
public void rotateKey() {
keyManager.generateNewKey("aes-key");
keyManager.setActiveKey("aes-key", KeyVersion.LATEST);
}
// 使用指定版本密钥解密(兼容旧数据)
public String decryptWithVersion(String cipherText, String keyVersion) {
return keyManager.getEncryptor(keyVersion).decrypt(cipherText);
}
}