wip:加密优化

core/util/rsaEncDec.go

@@ -12,9 +12,11 @@ import (
 	"fmt"
 	"github.com/gogf/gf/v2/frame/g"
 	"github.com/gogf/gf/v2/os/gctx"
+	"github.com/gogf/gf/v2/util/gconv"
 	"io"
-	"io/ioutil"
 	"log"
+	"os"
+	"time"
 )
 
 var (
@@ -22,9 +24,9 @@ var (
 	PrivateKey *rsa.PrivateKey
 )
 
-func InitPrivatePublicKey() {
+func InitApiEncryptPrivatePublicKey() {
 	// 读取私钥文件
-	privateKeyBytes, err := ioutil.ReadFile("./etc/rsa_private_key.pem")
+	privateKeyBytes, err := os.ReadFile("./etc/rsa/apiEncrypt_private_key.pem")
 	if err != nil {
 		log.Println("无法读取私钥文件：", err)
 		return
@@ -51,7 +53,7 @@ func InitPrivatePublicKey() {
 	}
 	PrivateKey = rsaPrivateKey
 	// 读取公钥文件
-	publicKeyBytes, err := ioutil.ReadFile("./etc/rsa_public_key.pem")
+	publicKeyBytes, err := os.ReadFile("./etc/rsa/apiEncrypt_public_key.pem")
 	if err != nil {
 		log.Println("无法读取公钥文件：", err)
 		return
@@ -79,14 +81,9 @@ func InitPrivatePublicKey() {
 	}
 	PublicKey = rsaPublicKey
 	log.Println("初始化公钥成功", PublicKey)
-	//对称key加密
-	//AesEncDecKey = g.Cfg().MustGet(gctx.New(), "aesEncDecKey").String()
-	//使用非对称加密key
-	//shiftValue := big.NewInt(g.Cfg().MustGet(ctx, "pos").Int64())
-	//PublicKey.E = int(shiftValue.Int64())
-
 }
 
+// JyAntiEncrypt 接口数据加密
 func JyAntiEncrypt(plaintext []byte) (out, PKeyStr string, err error) {
 	if plaintext == nil {
 		return
@@ -95,29 +92,34 @@ func JyAntiEncrypt(plaintext []byte) (out, PKeyStr string, err error) {
 		err = errors.New("无效公钥")
 		return
 	}
-	aesEncDecKey := g.Cfg().MustGet(gctx.New(), "aesEncDecKey").String()
-	if aesEncDecKey == "" {
-		err = errors.New("密钥获取失败")
+
+	var aseByte = func() (rBytes []byte) {
+		aesEncDecKey := g.Cfg().MustGet(gctx.New(), "apiEncryptKey", "JyEncrypt").String()
+		if len(aesEncDecKey) >= aes.BlockSize {
+			return gconv.Bytes(aesEncDecKey[:aes.BlockSize])
+		}
+		return gconv.Bytes(fmt.Sprintf("%s%s", aesEncDecKey, time.Now().Format("20060102150405"))[:aes.BlockSize])
+	}()
+
+	if len(aseByte) == 0 {
 		return
 	}
-	out, err = Encrypt(plaintext, []byte(aesEncDecKey))
+
+	out, err = SymmetricEncrypt(plaintext, aseByte)
 	if err != nil {
 		return
 	}
 	//非对称加密
 	var pKeyByte []byte
-	pKeyByte, err = rsa.EncryptPKCS1v15(rand.Reader, PublicKey, []byte(aesEncDecKey))
+	pKeyByte, err = rsa.EncryptPKCS1v15(rand.Reader, PublicKey, aseByte)
 	if err == nil {
 		PKeyStr = base64.StdEncoding.EncodeToString(pKeyByte)
 	}
-	log.Println("key加密前===", aesEncDecKey)
-	log.Println("key加密后===", PKeyStr)
-	//log.Println("加密后内容===", out)
 	return
 }
 
-// 对称加密
-func Encrypt(plaintext []byte, key []byte) (string, error) {
+// SymmetricEncrypt 对称加密
+func SymmetricEncrypt(plaintext []byte, key []byte) (string, error) {
 	block, err := aes.NewCipher(key)
 	if err != nil {
 		return "", err
@@ -135,12 +137,3 @@ func Encrypt(plaintext []byte, key []byte) (string, error) {
 
 	return base64.StdEncoding.EncodeToString(ciphertext), nil
 }
-
-/*func JyAntiDoc(plaintext []byte, pos int) (out string, err error) {
-	if plaintext == nil {
-		return "", errors.New("加密内容为空")
-	}
-	//exponent := big.NewInt(int64(pos)) // 位移处理的值
-	//PrivateKey.D = new(big.Int).Mul(PrivateKey.D, exponent)
-	return string(PrivateKey.D.Bytes()), nil
-}*/

etc/config.yaml

@@ -136,4 +136,4 @@ noPowerUrlSwitch:
   '/succbi/nzj/app/nzj.app/nzj_detail_1.spg' : '/succbi/nzj/app/nzj.app/nzj_detail_0.spg'
   '/succbi/nzj/app/nzj.app/nzj_search_1.spg': '/succbi/nzj/app/nzj.app/nzj_search_0.spg'
 
-aesEncDecKey: jianyu0123456789
+apiEncryptKey: "jy@123"

main.go

@@ -20,7 +20,7 @@ func init() {
 	logs.InitLogs()                                                           // 初始化日志组件
 	rpc.InitBaseServerRpc()                                                   // 初始化rpc服务连接
 	middleware.InitFilterPolyManager()                                        // 初始化
-	util.InitPrivatePublicKey()                                               //初始化公钥
+	util.InitApiEncryptPrivatePublicKey()                                     //初始化公钥
 }
 
 func main() {