{"id":60210,"date":"2026-01-15T08:32:59","date_gmt":"2026-01-15T00:32:59","guid":{"rendered":"https:\/\/www.wsisp.com\/helps\/60210.html"},"modified":"2026-01-15T08:32:59","modified_gmt":"2026-01-15T00:32:59","slug":"%e5%8a%a0%e5%af%86%e4%b8%8e%e7%bc%96%e7%a0%81%e7%ae%97%e6%b3%95%e5%85%a8%e8%a7%a3%ef%bc%9a%e4%bb%8e%e5%8e%9f%e7%90%86%e5%88%b0%e7%b2%be%e9%80%9a%ef%bc%88java-js-%e5%ae%9e%e6%88%98%e7%89%88","status":"publish","type":"post","link":"https:\/\/www.wsisp.com\/helps\/60210.html","title":{"rendered":"\u52a0\u5bc6\u4e0e\u7f16\u7801\u7b97\u6cd5\u5168\u89e3\uff1a\u4ece\u539f\u7406\u5230\u7cbe\u901a\uff08Java &amp; JS \u5b9e\u6218\u7248)"},"content":{"rendered":"<\/p>\n<h4>\u6587\u7ae0\u76ee\u5f55<\/h4>\n<ul>\n<li>\n<ul>\n<li>1. \u6838\u5fc3\u6982\u5ff5\u5730\u56fe<\/li>\n<li>2. \u5bf9\u79f0\u52a0\u5bc6&#xff1a;AES \u7684\u5185\u90e8\u89e3\u5256\u4e0e\u5b9e\u6218<\/li>\n<li>\n<ul>\n<li>2.1 AES \u5355\u8f6e\u53d8\u6362\u6d41\u7a0b\u56fe<\/li>\n<li>2.2 \u5206\u7ec4\u6a21\u5f0f\u8be6\u89e3&#xff1a;ECB vs CBC<\/li>\n<li>2.3 \u5b9e\u6218&#xff1a;AES-GCM \u52a0\u5bc6\u4e0e\u89e3\u5bc6<\/li>\n<li>\n<ul>\n<li>Java (JDK 11&#043;)<\/li>\n<li>JavaScript (Node.js)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>3. \u975e\u5bf9\u79f0\u52a0\u5bc6&#xff1a;RSA \u7684\u6570\u7406\u903b\u8f91<\/li>\n<li>\n<ul>\n<li>3.1 RSA \u5bc6\u94a5\u751f\u6210\u6d41\u7a0b\u56fe<\/li>\n<li>3.2 \u586b\u5145\u7684\u91cd\u8981\u6027&#xff1a;OAEP<\/li>\n<li>3.3 \u5b9e\u6218&#xff1a;RSA-OAEP \u52a0\u5bc6\u4e0e\u89e3\u5bc6<\/li>\n<li>\n<ul>\n<li>Java (JDK 11&#043;)<\/li>\n<li>JavaScript (Node.js)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>4. \u6570\u5b57\u7b7e\u540d&#xff1a;\u8eab\u4efd\u9a8c\u8bc1<\/li>\n<li>\n<ul>\n<li>4.1 \u7b7e\u540d\u751f\u6210\u4e0e\u9a8c\u8bc1\u6d41\u7a0b<\/li>\n<li>4.2 \u5b9e\u6218&#xff1a;RSASSA-PSS \u7b7e\u540d<\/li>\n<li>\n<ul>\n<li>Java (JDK 11&#043;)<\/li>\n<li>JavaScript (Node.js)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>5. \u6df7\u5408\u52a0\u5bc6\u5b9e\u6218&#xff1a;HTTPS (TLS 1.2) \u63e1\u624b\u5168\u6d41\u7a0b<\/li>\n<li>\n<ul>\n<li>5.1 \u5b9e\u6218&#xff1a;\u4f7f\u7528 OpenSSL \u5206\u6790 HTTPS \u63e1\u624b<\/li>\n<\/ul>\n<\/li>\n<li>6. \u5bc6\u7801\u5b58\u50a8\u4e0e\u54c8\u5e0c&#xff1a;PBKDF2 \u5b9e\u6218<\/li>\n<li>\n<ul>\n<li>\n<ul>\n<li>Java (JDK 8&#043;)<\/li>\n<li>JavaScript (Node.js)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>7. \u6280\u672f\u6df1\u5ea6\u8865\u5145&#xff1a;\u5e38\u89c1\u653b\u51fb\u4e0e\u9632\u5fa1<\/li>\n<li>8. \u603b\u7ed3&#xff1a;\u73b0\u4ee3\u5b89\u5168\u67b6\u6784\u8bbe\u8ba1\u56fe<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\u5bfc\u8bfb&#xff1a;\u672c\u6587\u7ed3\u5408 Java \u540e\u7aef\u4e0e JavaScript (Node.js) \u524d\u540e\u7aef\u4ee3\u7801&#xff0c;\u5256\u6790\u5982\u4f55\u6b63\u786e\u5b9e\u73b0 AES-GCM\u3001RSA-OAEP \u548c PBKDF2&#xff0c;\u907f\u5f00\u5e38\u89c1\u5b89\u5168\u9677\u9631\u3002<\/p>\n<h3>1. \u6838\u5fc3\u6982\u5ff5\u5730\u56fe<\/h3>\n<table>\n<tr>\u7c7b\u578b\u529f\u80fd\u662f\u5426\u53ef\u9006\u5b89\u5168\u6027\u5178\u578b\u7528\u9014<\/tr>\n<tbody>\n<tr>\n<td>Base64<\/td>\n<td>\u7f16\u7801&#xff08;\u975e\u52a0\u5bc6&#xff09;<\/td>\n<td>\u2705 \u53ef\u9006<\/td>\n<td>\u274c \u65e0\u4fdd\u5bc6\u6027<\/td>\n<td>\u90ae\u4ef6\u3001JWT\u3001\u56fe\u7247\u5185\u5d4c<\/td>\n<\/tr>\n<tr>\n<td>MD5 \/ SHA-1<\/td>\n<td>\u54c8\u5e0c\u6458\u8981<\/td>\n<td>\u274c \u4e0d\u53ef\u9006<\/td>\n<td>\u26a0\ufe0f \u5df2\u4e0d\u5b89\u5168<\/td>\n<td>\u6587\u4ef6\u6821\u9a8c&#xff08;\u4ec5\u9650\u975e\u654f\u611f\u573a\u666f&#xff09;<\/td>\n<\/tr>\n<tr>\n<td>SHA-2 \/ SHA-3<\/td>\n<td>\u54c8\u5e0c\u6458\u8981<\/td>\n<td>\u274c \u4e0d\u53ef\u9006<\/td>\n<td>\u2705 \u5b89\u5168<\/td>\n<td>\u5bc6\u7801\u54c8\u5e0c\u3001\u6570\u5b57\u7b7e\u540d<\/td>\n<\/tr>\n<tr>\n<td>\u5bf9\u79f0\u52a0\u5bc6&#xff08;AES&#xff09;<\/td>\n<td>\u52a0\u5bc6<\/td>\n<td>\u2705 \u53ef\u9006<\/td>\n<td>\u2705 \u9ad8&#xff08;\u9700\u6b63\u786e\u4f7f\u7528&#xff09;<\/td>\n<td>\u6570\u636e\u4f20\u8f93\u3001\u6570\u636e\u5e93\u52a0\u5bc6<\/td>\n<\/tr>\n<tr>\n<td>\u975e\u5bf9\u79f0\u52a0\u5bc6&#xff08;RSA&#xff09;<\/td>\n<td>\u52a0\u5bc6\/\u7b7e\u540d<\/td>\n<td>\u2705 \u53ef\u9006<\/td>\n<td>\u2705 \u9ad8&#xff08;\u9700\u8db3\u591f\u5bc6\u94a5\u957f\u5ea6&#xff09;<\/td>\n<td>\u5bc6\u94a5\u4ea4\u6362\u3001\u8eab\u4efd\u8ba4\u8bc1<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u5173\u952e\u533a\u5206&#xff1a;<\/p>\n<ul>\n<li>\u7f16\u7801 \u2260 \u52a0\u5bc6&#xff08;Base64 \u662f\u7f16\u7801&#xff09;<\/li>\n<li>\u54c8\u5e0c \u2260 \u52a0\u5bc6&#xff08;MD5\/SHA \u662f\u5355\u5411\u51fd\u6570&#xff09;<\/li>\n<li>\u52a0\u5bc6\u5fc5\u987b\u53ef\u9006&#xff08;\u5426\u5219\u65e0\u6cd5\u8fd8\u539f\u6570\u636e&#xff09;<\/li>\n<\/ul>\n<h3>2. \u5bf9\u79f0\u52a0\u5bc6&#xff1a;AES \u7684\u5185\u90e8\u89e3\u5256\u4e0e\u5b9e\u6218<\/h3>\n<p>AES (Advanced Encryption Standard) \u662f\u57fa\u4e8eSP \u7f51\u7edc&#xff08;\u4ee3\u6362-\u7f6e\u6362\u7f51\u7edc&#xff09;\u7684\u3002\u5b83\u662f\u76ee\u524d\u6700\u6d41\u884c\u7684\u5bf9\u79f0\u52a0\u5bc6\u7b97\u6cd5\u3002<\/p>\n<h4>2.1 AES \u5355\u8f6e\u53d8\u6362\u6d41\u7a0b\u56fe<\/h4>\n<p>AES \u52a0\u5bc6\u4e0d\u662f\u4e00\u6b65\u5b8c\u6210\u7684&#xff0c;\u800c\u662f\u9700\u8981\u591a\u8f6e\u8fed\u4ee3&#xff08;AES-128 \u4e3a 10 \u8f6e&#xff09;\u3002\u4e0b\u56fe\u5c55\u793a\u4e86\u6838\u5fc3\u7684\u6570\u636e\u5904\u7406\u6d41\u5411&#xff1a;<\/p>\n<p>  #mermaid-svg-kZK7x6lAQZvFzLPM{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#mermaid-svg-kZK7x6lAQZvFzLPM .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#mermaid-svg-kZK7x6lAQZvFzLPM .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#mermaid-svg-kZK7x6lAQZvFzLPM .error-icon{fill:#552222;}#mermaid-svg-kZK7x6lAQZvFzLPM .error-text{fill:#552222;stroke:#552222;}#mermaid-svg-kZK7x6lAQZvFzLPM .edge-thickness-normal{stroke-width:1px;}#mermaid-svg-kZK7x6lAQZvFzLPM .edge-thickness-thick{stroke-width:3.5px;}#mermaid-svg-kZK7x6lAQZvFzLPM .edge-pattern-solid{stroke-dasharray:0;}#mermaid-svg-kZK7x6lAQZvFzLPM .edge-thickness-invisible{stroke-width:0;fill:none;}#mermaid-svg-kZK7x6lAQZvFzLPM .edge-pattern-dashed{stroke-dasharray:3;}#mermaid-svg-kZK7x6lAQZvFzLPM .edge-pattern-dotted{stroke-dasharray:2;}#mermaid-svg-kZK7x6lAQZvFzLPM .marker{fill:#333333;stroke:#333333;}#mermaid-svg-kZK7x6lAQZvFzLPM .marker.cross{stroke:#333333;}#mermaid-svg-kZK7x6lAQZvFzLPM svg{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:16px;}#mermaid-svg-kZK7x6lAQZvFzLPM p{margin:0;}#mermaid-svg-kZK7x6lAQZvFzLPM .label{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;color:#333;}#mermaid-svg-kZK7x6lAQZvFzLPM .cluster-label text{fill:#333;}#mermaid-svg-kZK7x6lAQZvFzLPM .cluster-label span{color:#333;}#mermaid-svg-kZK7x6lAQZvFzLPM .cluster-label span p{background-color:transparent;}#mermaid-svg-kZK7x6lAQZvFzLPM .label text,#mermaid-svg-kZK7x6lAQZvFzLPM span{fill:#333;color:#333;}#mermaid-svg-kZK7x6lAQZvFzLPM .node rect,#mermaid-svg-kZK7x6lAQZvFzLPM .node circle,#mermaid-svg-kZK7x6lAQZvFzLPM .node ellipse,#mermaid-svg-kZK7x6lAQZvFzLPM .node polygon,#mermaid-svg-kZK7x6lAQZvFzLPM .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#mermaid-svg-kZK7x6lAQZvFzLPM .rough-node .label text,#mermaid-svg-kZK7x6lAQZvFzLPM .node .label text,#mermaid-svg-kZK7x6lAQZvFzLPM .image-shape .label,#mermaid-svg-kZK7x6lAQZvFzLPM .icon-shape .label{text-anchor:middle;}#mermaid-svg-kZK7x6lAQZvFzLPM .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#mermaid-svg-kZK7x6lAQZvFzLPM .rough-node .label,#mermaid-svg-kZK7x6lAQZvFzLPM .node .label,#mermaid-svg-kZK7x6lAQZvFzLPM .image-shape .label,#mermaid-svg-kZK7x6lAQZvFzLPM .icon-shape .label{text-align:center;}#mermaid-svg-kZK7x6lAQZvFzLPM .node.clickable{cursor:pointer;}#mermaid-svg-kZK7x6lAQZvFzLPM .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#mermaid-svg-kZK7x6lAQZvFzLPM .arrowheadPath{fill:#333333;}#mermaid-svg-kZK7x6lAQZvFzLPM .edgePath .path{stroke:#333333;stroke-width:2.0px;}#mermaid-svg-kZK7x6lAQZvFzLPM .flowchart-link{stroke:#333333;fill:none;}#mermaid-svg-kZK7x6lAQZvFzLPM .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#mermaid-svg-kZK7x6lAQZvFzLPM .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#mermaid-svg-kZK7x6lAQZvFzLPM .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#mermaid-svg-kZK7x6lAQZvFzLPM .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#mermaid-svg-kZK7x6lAQZvFzLPM .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#mermaid-svg-kZK7x6lAQZvFzLPM .cluster text{fill:#333;}#mermaid-svg-kZK7x6lAQZvFzLPM .cluster span{color:#333;}#mermaid-svg-kZK7x6lAQZvFzLPM div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#mermaid-svg-kZK7x6lAQZvFzLPM .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#mermaid-svg-kZK7x6lAQZvFzLPM rect.text{fill:none;stroke-width:0;}#mermaid-svg-kZK7x6lAQZvFzLPM .icon-shape,#mermaid-svg-kZK7x6lAQZvFzLPM .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#mermaid-svg-kZK7x6lAQZvFzLPM .icon-shape p,#mermaid-svg-kZK7x6lAQZvFzLPM .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#mermaid-svg-kZK7x6lAQZvFzLPM .icon-shape rect,#mermaid-svg-kZK7x6lAQZvFzLPM .image-shape rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#mermaid-svg-kZK7x6lAQZvFzLPM .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#mermaid-svg-kZK7x6lAQZvFzLPM .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#mermaid-svg-kZK7x6lAQZvFzLPM :root{&#8211;mermaid-font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;}<\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/p>\n<p>\u662f Rounds 1-9<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/p>\n<p>\u5426 Final Round<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u8f93\u5165: 128\u4f4d\u660e\u6587\u5757<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>AddRoundKey (\u4e0e\u8f6e\u5bc6\u94a5\u5f02\u6216)<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>SubBytes (S\u76d2\u66ff\u6362)<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>ShiftRows (\u884c\u79fb\u4f4d)<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>MixColumns (\u5217\u6df7\u5408)<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>AddRoundKey (\u4e0e\u8f6e\u5bc6\u94a5\u5f02\u6216)<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>SubBytes (S\u76d2\u66ff\u6362)<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>ShiftRows (\u884c\u79fb\u4f4d)<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>AddRoundKey (\u6700\u7ec8\u8f6e\u5bc6\u94a5\u5f02\u6216)<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u8f93\u51fa: 128\u4f4d\u5bc6\u6587\u5757<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u8f6e\u6b21\u8ba1\u6570 &lt; 9?<\/p>\n<p><\/span><\/p>\n<h4>2.2 \u5206\u7ec4\u6a21\u5f0f\u8be6\u89e3&#xff1a;ECB vs CBC<\/h4>\n<p>AES \u53ea\u80fd\u5904\u7406 16 \u5b57\u8282&#xff08;128\u4f4d&#xff09;\u7684\u5757\u3002\u5bf9\u4e8e\u957f\u6570\u636e&#xff0c;\u9700\u8981\u6a21\u5f0f\u6765\u5207\u5206\u3002\u4e0b\u56fe\u5bf9\u6bd4\u4e86\u4e0d\u5b89\u5168\u7684 ECB \u6a21\u5f0f\u4e0e\u5b89\u5168\u7684 CBC \u6a21\u5f0f&#xff1a;<\/p>\n<p>  #mermaid-svg-ZWgLped5enguTCaV{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#mermaid-svg-ZWgLped5enguTCaV .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#mermaid-svg-ZWgLped5enguTCaV .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#mermaid-svg-ZWgLped5enguTCaV .error-icon{fill:#552222;}#mermaid-svg-ZWgLped5enguTCaV .error-text{fill:#552222;stroke:#552222;}#mermaid-svg-ZWgLped5enguTCaV .edge-thickness-normal{stroke-width:1px;}#mermaid-svg-ZWgLped5enguTCaV .edge-thickness-thick{stroke-width:3.5px;}#mermaid-svg-ZWgLped5enguTCaV .edge-pattern-solid{stroke-dasharray:0;}#mermaid-svg-ZWgLped5enguTCaV .edge-thickness-invisible{stroke-width:0;fill:none;}#mermaid-svg-ZWgLped5enguTCaV .edge-pattern-dashed{stroke-dasharray:3;}#mermaid-svg-ZWgLped5enguTCaV .edge-pattern-dotted{stroke-dasharray:2;}#mermaid-svg-ZWgLped5enguTCaV .marker{fill:#333333;stroke:#333333;}#mermaid-svg-ZWgLped5enguTCaV .marker.cross{stroke:#333333;}#mermaid-svg-ZWgLped5enguTCaV svg{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:16px;}#mermaid-svg-ZWgLped5enguTCaV p{margin:0;}#mermaid-svg-ZWgLped5enguTCaV .label{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;color:#333;}#mermaid-svg-ZWgLped5enguTCaV .cluster-label text{fill:#333;}#mermaid-svg-ZWgLped5enguTCaV .cluster-label span{color:#333;}#mermaid-svg-ZWgLped5enguTCaV .cluster-label span p{background-color:transparent;}#mermaid-svg-ZWgLped5enguTCaV .label text,#mermaid-svg-ZWgLped5enguTCaV span{fill:#333;color:#333;}#mermaid-svg-ZWgLped5enguTCaV .node rect,#mermaid-svg-ZWgLped5enguTCaV .node circle,#mermaid-svg-ZWgLped5enguTCaV .node ellipse,#mermaid-svg-ZWgLped5enguTCaV .node polygon,#mermaid-svg-ZWgLped5enguTCaV .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#mermaid-svg-ZWgLped5enguTCaV .rough-node .label text,#mermaid-svg-ZWgLped5enguTCaV .node .label text,#mermaid-svg-ZWgLped5enguTCaV .image-shape .label,#mermaid-svg-ZWgLped5enguTCaV .icon-shape .label{text-anchor:middle;}#mermaid-svg-ZWgLped5enguTCaV .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#mermaid-svg-ZWgLped5enguTCaV .rough-node .label,#mermaid-svg-ZWgLped5enguTCaV .node .label,#mermaid-svg-ZWgLped5enguTCaV .image-shape .label,#mermaid-svg-ZWgLped5enguTCaV .icon-shape .label{text-align:center;}#mermaid-svg-ZWgLped5enguTCaV .node.clickable{cursor:pointer;}#mermaid-svg-ZWgLped5enguTCaV .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#mermaid-svg-ZWgLped5enguTCaV .arrowheadPath{fill:#333333;}#mermaid-svg-ZWgLped5enguTCaV .edgePath .path{stroke:#333333;stroke-width:2.0px;}#mermaid-svg-ZWgLped5enguTCaV .flowchart-link{stroke:#333333;fill:none;}#mermaid-svg-ZWgLped5enguTCaV .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#mermaid-svg-ZWgLped5enguTCaV .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#mermaid-svg-ZWgLped5enguTCaV .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#mermaid-svg-ZWgLped5enguTCaV .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#mermaid-svg-ZWgLped5enguTCaV .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#mermaid-svg-ZWgLped5enguTCaV .cluster text{fill:#333;}#mermaid-svg-ZWgLped5enguTCaV .cluster span{color:#333;}#mermaid-svg-ZWgLped5enguTCaV div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#mermaid-svg-ZWgLped5enguTCaV .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#mermaid-svg-ZWgLped5enguTCaV rect.text{fill:none;stroke-width:0;}#mermaid-svg-ZWgLped5enguTCaV .icon-shape,#mermaid-svg-ZWgLped5enguTCaV .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#mermaid-svg-ZWgLped5enguTCaV .icon-shape p,#mermaid-svg-ZWgLped5enguTCaV .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#mermaid-svg-ZWgLped5enguTCaV .icon-shape rect,#mermaid-svg-ZWgLped5enguTCaV .image-shape rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#mermaid-svg-ZWgLped5enguTCaV .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#mermaid-svg-ZWgLped5enguTCaV .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#mermaid-svg-ZWgLped5enguTCaV :root{&#8211;mermaid-font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;}<\/p>\n<p>           <span class=\"nodeLabel\"><\/p>\n<p>CBC \u6a21\u5f0f &#8211; \u5b89\u5168<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"edgeLabel\"><\/p>\n<p>\u5f02\u6216 XOR<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"edgeLabel\"><\/p>\n<p>AES\u52a0\u5bc6<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"edgeLabel\"><\/p>\n<p>\u5f02\u6216 XOR<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"edgeLabel\"><\/p>\n<p>AES\u52a0\u5bc6<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"nodeLabel\"><\/p>\n<p>\u521d\u59cb\u5316\u5411\u91cf IV<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"nodeLabel\"><\/p>\n<p>\u660e\u6587\u57571<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"nodeLabel\"><\/p>\n<p>\u5bc6\u65871<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"nodeLabel\"><\/p>\n<p>\u660e\u6587\u57572<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"nodeLabel\"><\/p>\n<p>\u5bc6\u65872<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"nodeLabel\"><\/p>\n<p>ECB \u6a21\u5f0f &#8211; \u4e0d\u5b89\u5168<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"edgeLabel\"><\/p>\n<p>AES\u52a0\u5bc6<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"edgeLabel\"><\/p>\n<p>AES\u52a0\u5bc6<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"edgeLabel\"><\/p>\n<p>AES\u52a0\u5bc6<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"nodeLabel\"><\/p>\n<p>\u660e\u6587\u57571<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"nodeLabel\"><\/p>\n<p>\u5bc6\u65871<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"nodeLabel\"><\/p>\n<p>\u660e\u6587\u57571<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"nodeLabel\"><\/p>\n<p>\u5bc6\u6587\u5757<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"nodeLabel\"><\/p>\n<p>\u660e\u6587\u57572<\/p>\n<p><\/span><\/p>\n<p>           <span class=\"nodeLabel\"><\/p>\n<p>\u5bc6\u65872<\/p>\n<p><\/span><\/p>\n<p>\u56fe\u89e3\u8bf4\u660e&#xff1a;<\/p>\n<ul>\n<li>ECB&#xff1a;\u76f8\u540c\u7684\u660e\u6587\u5757&#xff08;\u5982 P1_1 \u548c P1_2&#xff09;\u751f\u6210\u4e86\u5b8c\u5168\u76f8\u540c\u7684\u5bc6\u6587\u5757&#xff0c;\u8fd9\u4f1a\u66b4\u9732\u6570\u636e\u7684\u7edf\u8ba1\u89c4\u5f8b&#xff08;\u4f8b\u5982\u52a0\u5bc6\u4e00\u5f20\u9ed1\u767d\u56fe\u7247&#xff0c;\u8f6e\u5ed3\u4f9d\u7136\u53ef\u89c1&#xff09;\u3002<\/li>\n<li>CBC&#xff1a;\u5f15\u5165\u4e86\u968f\u673a\u521d\u59cb\u5316\u5411\u91cf&#xff08;IV&#xff09;&#xff0c;\u5e76\u5c06\u4e0a\u4e00\u4e2a\u5bc6\u6587\u5757\u53c2\u4e0e\u5230\u4e0b\u4e00\u4e2a\u5757\u7684\u52a0\u5bc6\u4e2d\u3002\u5373\u4f7f\u660e\u6587\u76f8\u540c&#xff0c;\u53ea\u8981 IV \u4e0d\u540c&#xff0c;\u5bc6\u6587\u5c31\u5b8c\u5168\u4e0d\u540c\u3002<\/li>\n<\/ul>\n<h4>2.3 \u5b9e\u6218&#xff1a;AES-GCM \u52a0\u5bc6\u4e0e\u89e3\u5bc6<\/h4>\n<p>\u63a8\u8350\u4f7f\u7528 AES-GCM \u6a21\u5f0f&#xff0c;\u56e0\u4e3a\u5b83\u4e0d\u4ec5\u52a0\u5bc6\u6570\u636e&#xff0c;\u8fd8\u751f\u6210\u8ba4\u8bc1\u6807\u7b7e&#xff0c;\u9632\u6b62\u7be1\u6539\u3002<\/p>\n<h5>Java (JDK 11&#043;)<\/h5>\n<p>Java \u6807\u51c6\u5e93 javax.crypto \u63d0\u4f9b\u4e86\u5b8c\u6574\u7684 AES-GCM \u652f\u6301\u3002<\/p>\n<p><span class=\"token keyword\">import<\/span> <span class=\"token namespace\">javax<span class=\"token punctuation\">.<\/span>crypto<span class=\"token punctuation\">.<\/span><\/span><span class=\"token class-name\">Cipher<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">import<\/span> <span class=\"token namespace\">javax<span class=\"token punctuation\">.<\/span>crypto<span class=\"token punctuation\">.<\/span>spec<span class=\"token punctuation\">.<\/span><\/span><span class=\"token class-name\">GCMParameterSpec<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">import<\/span> <span class=\"token namespace\">javax<span class=\"token punctuation\">.<\/span>crypto<span class=\"token punctuation\">.<\/span>spec<span class=\"token punctuation\">.<\/span><\/span><span class=\"token class-name\">SecretKeySpec<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">import<\/span> <span class=\"token namespace\">java<span class=\"token punctuation\">.<\/span>security<span class=\"token punctuation\">.<\/span><\/span><span class=\"token class-name\">SecureRandom<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">import<\/span> <span class=\"token namespace\">java<span class=\"token punctuation\">.<\/span>util<span class=\"token punctuation\">.<\/span><\/span><span class=\"token class-name\">Base64<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">public<\/span> <span class=\"token keyword\">class<\/span> <span class=\"token class-name\">AesGcmExample<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n    <span class=\"token keyword\">private<\/span> <span class=\"token keyword\">static<\/span> <span class=\"token keyword\">final<\/span> <span class=\"token class-name\">String<\/span> AES_GCM_NO_PADDING <span class=\"token operator\">&#061;<\/span> <span class=\"token string\">&#034;AES\/GCM\/NoPadding&#034;<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token keyword\">private<\/span> <span class=\"token keyword\">static<\/span> <span class=\"token keyword\">final<\/span> <span class=\"token keyword\">int<\/span> GCM_TAG_LENGTH_BITS <span class=\"token operator\">&#061;<\/span> <span class=\"token number\">128<\/span><span class=\"token punctuation\">;<\/span> <span class=\"token comment\">\/\/ \u5fc5\u987b\u662f 128, 120 \u6216 112<\/span><br \/>\n    <span class=\"token keyword\">private<\/span> <span class=\"token keyword\">static<\/span> <span class=\"token keyword\">final<\/span> <span class=\"token keyword\">int<\/span> GCM_IV_LENGTH_BYTES <span class=\"token operator\">&#061;<\/span> <span class=\"token number\">12<\/span><span class=\"token punctuation\">;<\/span>  <span class=\"token comment\">\/\/ \u63a8\u8350\u957f\u5ea6 12 bytes<\/span><br \/>\n    <span class=\"token keyword\">public<\/span> <span class=\"token keyword\">static<\/span> <span class=\"token class-name\">String<\/span> <span class=\"token function\">encrypt<\/span><span class=\"token punctuation\">(<\/span><span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> plaintext<span class=\"token punctuation\">,<\/span> <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> key<span class=\"token punctuation\">)<\/span> <span class=\"token keyword\">throws<\/span> <span class=\"token class-name\">Exception<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n        <span class=\"token comment\">\/\/ 1. \u751f\u6210\u968f\u673a IV (Nonce)<\/span><br \/>\n        <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> iv <span class=\"token operator\">&#061;<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span>GCM_IV_LENGTH_BYTES<span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">new<\/span> <span class=\"token class-name\">SecureRandom<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">nextBytes<\/span><span class=\"token punctuation\">(<\/span>iv<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token comment\">\/\/ 2. \u521d\u59cb\u5316 Cipher<\/span><br \/>\n        <span class=\"token class-name\">SecretKeySpec<\/span> keySpec <span class=\"token operator\">&#061;<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token class-name\">SecretKeySpec<\/span><span class=\"token punctuation\">(<\/span>key<span class=\"token punctuation\">,<\/span> <span class=\"token string\">&#034;AES&#034;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">GCMParameterSpec<\/span> gcmSpec <span class=\"token operator\">&#061;<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token class-name\">GCMParameterSpec<\/span><span class=\"token punctuation\">(<\/span>GCM_TAG_LENGTH_BITS<span class=\"token punctuation\">,<\/span> iv<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">Cipher<\/span> cipher <span class=\"token operator\">&#061;<\/span> <span class=\"token class-name\">Cipher<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">getInstance<\/span><span class=\"token punctuation\">(<\/span>AES_GCM_NO_PADDING<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        cipher<span class=\"token punctuation\">.<\/span><span class=\"token function\">init<\/span><span class=\"token punctuation\">(<\/span><span class=\"token class-name\">Cipher<\/span><span class=\"token punctuation\">.<\/span>ENCRYPT_MODE<span class=\"token punctuation\">,<\/span> keySpec<span class=\"token punctuation\">,<\/span> gcmSpec<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token comment\">\/\/ 3. \u52a0\u5bc6<\/span><br \/>\n        <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> ciphertext <span class=\"token operator\">&#061;<\/span> cipher<span class=\"token punctuation\">.<\/span><span class=\"token function\">doFinal<\/span><span class=\"token punctuation\">(<\/span>plaintext<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token comment\">\/\/ 4. \u62fc\u63a5 IV \u548c Ciphertext (IV \u4e0d\u9700\u8981\u4fdd\u5bc6&#xff0c;\u4f46\u5fc5\u987b\u548c\u5bc6\u6587\u4e00\u8d77\u4f20\u8f93)<\/span><br \/>\n        <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> encryptedBytes <span class=\"token operator\">&#061;<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span>iv<span class=\"token punctuation\">.<\/span>length <span class=\"token operator\">&#043;<\/span> ciphertext<span class=\"token punctuation\">.<\/span>length<span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">System<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">arraycopy<\/span><span class=\"token punctuation\">(<\/span>iv<span class=\"token punctuation\">,<\/span> <span class=\"token number\">0<\/span><span class=\"token punctuation\">,<\/span> encryptedBytes<span class=\"token punctuation\">,<\/span> <span class=\"token number\">0<\/span><span class=\"token punctuation\">,<\/span> iv<span class=\"token punctuation\">.<\/span>length<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">System<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">arraycopy<\/span><span class=\"token punctuation\">(<\/span>ciphertext<span class=\"token punctuation\">,<\/span> <span class=\"token number\">0<\/span><span class=\"token punctuation\">,<\/span> encryptedBytes<span class=\"token punctuation\">,<\/span> iv<span class=\"token punctuation\">.<\/span>length<span class=\"token punctuation\">,<\/span> ciphertext<span class=\"token punctuation\">.<\/span>length<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">return<\/span> <span class=\"token class-name\">Base64<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">getEncoder<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">encodeToString<\/span><span class=\"token punctuation\">(<\/span>encryptedBytes<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token punctuation\">}<\/span><br \/>\n    <span class=\"token keyword\">public<\/span> <span class=\"token keyword\">static<\/span> <span class=\"token class-name\">String<\/span> <span class=\"token function\">decrypt<\/span><span class=\"token punctuation\">(<\/span><span class=\"token class-name\">String<\/span> encryptedStr<span class=\"token punctuation\">,<\/span> <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> key<span class=\"token punctuation\">)<\/span> <span class=\"token keyword\">throws<\/span> <span class=\"token class-name\">Exception<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n        <span class=\"token comment\">\/\/ 1. \u89e3\u7801 Base64<\/span><br \/>\n        <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> encryptedBytes <span class=\"token operator\">&#061;<\/span> <span class=\"token class-name\">Base64<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">getDecoder<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">decode<\/span><span class=\"token punctuation\">(<\/span>encryptedStr<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token comment\">\/\/ 2. \u5206\u79bb IV \u548c Ciphertext<\/span><br \/>\n        <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> iv <span class=\"token operator\">&#061;<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span>GCM_IV_LENGTH_BYTES<span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">System<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">arraycopy<\/span><span class=\"token punctuation\">(<\/span>encryptedBytes<span class=\"token punctuation\">,<\/span> <span class=\"token number\">0<\/span><span class=\"token punctuation\">,<\/span> iv<span class=\"token punctuation\">,<\/span> <span class=\"token number\">0<\/span><span class=\"token punctuation\">,<\/span> iv<span class=\"token punctuation\">.<\/span>length<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> ciphertext <span class=\"token operator\">&#061;<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span>encryptedBytes<span class=\"token punctuation\">.<\/span>length <span class=\"token operator\">&#8211;<\/span> GCM_IV_LENGTH_BYTES<span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">System<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">arraycopy<\/span><span class=\"token punctuation\">(<\/span>encryptedBytes<span class=\"token punctuation\">,<\/span> iv<span class=\"token punctuation\">.<\/span>length<span class=\"token punctuation\">,<\/span> ciphertext<span class=\"token punctuation\">,<\/span> <span class=\"token number\">0<\/span><span class=\"token punctuation\">,<\/span> ciphertext<span class=\"token punctuation\">.<\/span>length<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token comment\">\/\/ 3. \u521d\u59cb\u5316 Cipher \u89e3\u5bc6<\/span><br \/>\n        <span class=\"token class-name\">SecretKeySpec<\/span> keySpec <span class=\"token operator\">&#061;<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token class-name\">SecretKeySpec<\/span><span class=\"token punctuation\">(<\/span>key<span class=\"token punctuation\">,<\/span> <span class=\"token string\">&#034;AES&#034;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">GCMParameterSpec<\/span> gcmSpec <span class=\"token operator\">&#061;<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token class-name\">GCMParameterSpec<\/span><span class=\"token punctuation\">(<\/span>GCM_TAG_LENGTH_BITS<span class=\"token punctuation\">,<\/span> iv<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">Cipher<\/span> cipher <span class=\"token operator\">&#061;<\/span> <span class=\"token class-name\">Cipher<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">getInstance<\/span><span class=\"token punctuation\">(<\/span>AES_GCM_NO_PADDING<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        cipher<span class=\"token punctuation\">.<\/span><span class=\"token function\">init<\/span><span class=\"token punctuation\">(<\/span><span class=\"token class-name\">Cipher<\/span><span class=\"token punctuation\">.<\/span>DECRYPT_MODE<span class=\"token punctuation\">,<\/span> keySpec<span class=\"token punctuation\">,<\/span> gcmSpec<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token comment\">\/\/ 4. \u89e3\u5bc6 (\u5982\u679c\u88ab\u7be1\u6539&#xff0c;\u6b64\u5904\u4f1a\u629b\u51fa AEADBadTagException)<\/span><br \/>\n        <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> plaintext <span class=\"token operator\">&#061;<\/span> cipher<span class=\"token punctuation\">.<\/span><span class=\"token function\">doFinal<\/span><span class=\"token punctuation\">(<\/span>ciphertext<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">return<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token class-name\">String<\/span><span class=\"token punctuation\">(<\/span>plaintext<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token punctuation\">}<\/span><br \/>\n    <span class=\"token keyword\">public<\/span> <span class=\"token keyword\">static<\/span> <span class=\"token keyword\">void<\/span> <span class=\"token function\">main<\/span><span class=\"token punctuation\">(<\/span><span class=\"token class-name\">String<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> args<span class=\"token punctuation\">)<\/span> <span class=\"token keyword\">throws<\/span> <span class=\"token class-name\">Exception<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n        <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> key <span class=\"token operator\">&#061;<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token number\">32<\/span><span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">;<\/span> <span class=\"token comment\">\/\/ AES-256 Key (\u5728\u5b9e\u9645\u5e94\u7528\u4e2d\u8bf7\u4ece KMS \u83b7\u53d6)<\/span><br \/>\n        <span class=\"token keyword\">new<\/span> <span class=\"token class-name\">SecureRandom<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">nextBytes<\/span><span class=\"token punctuation\">(<\/span>key<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><\/p>\n<p>        <span class=\"token class-name\">String<\/span> msg <span class=\"token operator\">&#061;<\/span> <span class=\"token string\">&#034;Top Secret Message&#034;<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">String<\/span> encrypted <span class=\"token operator\">&#061;<\/span> <span class=\"token function\">encrypt<\/span><span class=\"token punctuation\">(<\/span>msg<span class=\"token punctuation\">.<\/span><span class=\"token function\">getBytes<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">,<\/span> key<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">System<\/span><span class=\"token punctuation\">.<\/span>out<span class=\"token punctuation\">.<\/span><span class=\"token function\">println<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;Encrypted: &#034;<\/span> <span class=\"token operator\">&#043;<\/span> encrypted<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><\/p>\n<p>        <span class=\"token class-name\">String<\/span> decrypted <span class=\"token operator\">&#061;<\/span> <span class=\"token function\">decrypt<\/span><span class=\"token punctuation\">(<\/span>encrypted<span class=\"token punctuation\">,<\/span> key<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">System<\/span><span class=\"token punctuation\">.<\/span>out<span class=\"token punctuation\">.<\/span><span class=\"token function\">println<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;Decrypted: &#034;<\/span> <span class=\"token operator\">&#043;<\/span> decrypted<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token punctuation\">}<\/span><br \/>\n<span class=\"token punctuation\">}<\/span><\/p>\n<h5>JavaScript (Node.js)<\/h5>\n<p>Node.js \u5185\u7f6e crypto \u6a21\u5757\u5904\u7406 GCM \u6a21\u5f0f\u975e\u5e38\u65b9\u4fbf\u3002<\/p>\n<p><span class=\"token keyword\">const<\/span> crypto <span class=\"token operator\">&#061;<\/span> <span class=\"token function\">require<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#039;crypto&#039;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">const<\/span> <span class=\"token constant\">ALGO_NAME<\/span> <span class=\"token operator\">&#061;<\/span> <span class=\"token string\">&#039;aes-256-gcm&#039;<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">const<\/span> <span class=\"token constant\">IV_LENGTH<\/span> <span class=\"token operator\">&#061;<\/span> <span class=\"token number\">12<\/span><span class=\"token punctuation\">;<\/span> <span class=\"token comment\">\/\/ 12 bytes<\/span><br \/>\n<span class=\"token keyword\">const<\/span> <span class=\"token constant\">KEY_LENGTH<\/span> <span class=\"token operator\">&#061;<\/span> <span class=\"token number\">32<\/span><span class=\"token punctuation\">;<\/span> <span class=\"token comment\">\/\/ 32 bytes for AES-256<\/span><br \/>\n<span class=\"token keyword\">function<\/span> <span class=\"token function\">encrypt<\/span><span class=\"token punctuation\">(<\/span><span class=\"token parameter\">text<span class=\"token punctuation\">,<\/span> key<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n    <span class=\"token comment\">\/\/ 1. \u751f\u6210\u968f\u673a IV<\/span><br \/>\n    <span class=\"token keyword\">const<\/span> iv <span class=\"token operator\">&#061;<\/span> crypto<span class=\"token punctuation\">.<\/span><span class=\"token function\">randomBytes<\/span><span class=\"token punctuation\">(<\/span><span class=\"token constant\">IV_LENGTH<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token comment\">\/\/ 2. \u521b\u5efa\u52a0\u5bc6\u5668<\/span><br \/>\n    <span class=\"token keyword\">const<\/span> cipher <span class=\"token operator\">&#061;<\/span> crypto<span class=\"token punctuation\">.<\/span><span class=\"token function\">createCipheriv<\/span><span class=\"token punctuation\">(<\/span><span class=\"token constant\">ALGO_NAME<\/span><span class=\"token punctuation\">,<\/span> key<span class=\"token punctuation\">,<\/span> iv<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token comment\">\/\/ 3. \u52a0\u5bc6 (Buffer.concat \u62fc\u63a5)<\/span><br \/>\n    <span class=\"token keyword\">let<\/span> encrypted <span class=\"token operator\">&#061;<\/span> cipher<span class=\"token punctuation\">.<\/span><span class=\"token function\">update<\/span><span class=\"token punctuation\">(<\/span>text<span class=\"token punctuation\">,<\/span> <span class=\"token string\">&#039;utf8&#039;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    encrypted <span class=\"token operator\">&#061;<\/span> Buffer<span class=\"token punctuation\">.<\/span><span class=\"token function\">concat<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">[<\/span>encrypted<span class=\"token punctuation\">,<\/span> cipher<span class=\"token punctuation\">.<\/span><span class=\"token function\">final<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token comment\">\/\/ 4. \u83b7\u53d6 Auth Tag (\u5fc5\u987b\u968f\u5bc6\u6587\u53d1\u9001)<\/span><br \/>\n    <span class=\"token keyword\">const<\/span> authTag <span class=\"token operator\">&#061;<\/span> cipher<span class=\"token punctuation\">.<\/span><span class=\"token function\">getAuthTag<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token comment\">\/\/ 5. \u8fd4\u56de: IV &#043; AuthTag &#043; Ciphertext (\u901a\u5e38\u62fc\u63a5\u540e\u8f6c Base64)<\/span><br \/>\n    <span class=\"token keyword\">return<\/span> Buffer<span class=\"token punctuation\">.<\/span><span class=\"token function\">concat<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">[<\/span>iv<span class=\"token punctuation\">,<\/span> authTag<span class=\"token punctuation\">,<\/span> encrypted<span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">toString<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#039;base64&#039;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token punctuation\">}<\/span><br \/>\n<span class=\"token keyword\">function<\/span> <span class=\"token function\">decrypt<\/span><span class=\"token punctuation\">(<\/span><span class=\"token parameter\">encryptedData<span class=\"token punctuation\">,<\/span> key<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n    <span class=\"token comment\">\/\/ 1. \u89e3\u7801 Base64<\/span><br \/>\n    <span class=\"token keyword\">const<\/span> buffer <span class=\"token operator\">&#061;<\/span> Buffer<span class=\"token punctuation\">.<\/span><span class=\"token function\">from<\/span><span class=\"token punctuation\">(<\/span>encryptedData<span class=\"token punctuation\">,<\/span> <span class=\"token string\">&#039;base64&#039;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token comment\">\/\/ 2. \u63d0\u53d6 IV, AuthTag, Ciphertext<\/span><br \/>\n    <span class=\"token keyword\">const<\/span> iv <span class=\"token operator\">&#061;<\/span> buffer<span class=\"token punctuation\">.<\/span><span class=\"token function\">subarray<\/span><span class=\"token punctuation\">(<\/span><span class=\"token number\">0<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token constant\">IV_LENGTH<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token keyword\">const<\/span> authTag <span class=\"token operator\">&#061;<\/span> buffer<span class=\"token punctuation\">.<\/span><span class=\"token function\">subarray<\/span><span class=\"token punctuation\">(<\/span><span class=\"token constant\">IV_LENGTH<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token constant\">IV_LENGTH<\/span> <span class=\"token operator\">&#043;<\/span> <span class=\"token number\">16<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span> <span class=\"token comment\">\/\/ GCM Tag \u9ed8\u8ba4 16 bytes<\/span><br \/>\n    <span class=\"token keyword\">const<\/span> ciphertext <span class=\"token operator\">&#061;<\/span> buffer<span class=\"token punctuation\">.<\/span><span class=\"token function\">subarray<\/span><span class=\"token punctuation\">(<\/span><span class=\"token constant\">IV_LENGTH<\/span> <span class=\"token operator\">&#043;<\/span> <span class=\"token number\">16<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token comment\">\/\/ 3. \u521b\u5efa\u89e3\u5bc6\u5668\u5e76\u8bbe\u7f6e AuthTag (\u9a8c\u8bc1\u6570\u636e\u5b8c\u6574\u6027\u7684\u5173\u952e)<\/span><br \/>\n    <span class=\"token keyword\">const<\/span> decipher <span class=\"token operator\">&#061;<\/span> crypto<span class=\"token punctuation\">.<\/span><span class=\"token function\">createDecipheriv<\/span><span class=\"token punctuation\">(<\/span><span class=\"token constant\">ALGO_NAME<\/span><span class=\"token punctuation\">,<\/span> key<span class=\"token punctuation\">,<\/span> iv<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    decipher<span class=\"token punctuation\">.<\/span><span class=\"token function\">setAuthTag<\/span><span class=\"token punctuation\">(<\/span>authTag<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token comment\">\/\/ 4. \u89e3\u5bc6<\/span><br \/>\n    <span class=\"token keyword\">let<\/span> decrypted <span class=\"token operator\">&#061;<\/span> decipher<span class=\"token punctuation\">.<\/span><span class=\"token function\">update<\/span><span class=\"token punctuation\">(<\/span>ciphertext<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    decrypted <span class=\"token operator\">&#061;<\/span> Buffer<span class=\"token punctuation\">.<\/span><span class=\"token function\">concat<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">[<\/span>decrypted<span class=\"token punctuation\">,<\/span> decipher<span class=\"token punctuation\">.<\/span><span class=\"token function\">final<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token keyword\">return<\/span> decrypted<span class=\"token punctuation\">.<\/span><span class=\"token function\">toString<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#039;utf8&#039;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token punctuation\">}<\/span><br \/>\n<span class=\"token comment\">\/\/ \u4f7f\u7528\u793a\u4f8b<\/span><br \/>\n<span class=\"token keyword\">const<\/span> key <span class=\"token operator\">&#061;<\/span> crypto<span class=\"token punctuation\">.<\/span><span class=\"token function\">randomBytes<\/span><span class=\"token punctuation\">(<\/span><span class=\"token constant\">KEY_LENGTH<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span> <span class=\"token comment\">\/\/ \u751f\u6210\u968f\u673a\u5bc6\u94a5<\/span><br \/>\n<span class=\"token keyword\">const<\/span> msg <span class=\"token operator\">&#061;<\/span> <span class=\"token string\">&#034;Top Secret Message&#034;<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">const<\/span> encrypted <span class=\"token operator\">&#061;<\/span> <span class=\"token function\">encrypt<\/span><span class=\"token punctuation\">(<\/span>msg<span class=\"token punctuation\">,<\/span> key<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\nconsole<span class=\"token punctuation\">.<\/span><span class=\"token function\">log<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;Encrypted:&#034;<\/span><span class=\"token punctuation\">,<\/span> encrypted<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">const<\/span> decrypted <span class=\"token operator\">&#061;<\/span> <span class=\"token function\">decrypt<\/span><span class=\"token punctuation\">(<\/span>encrypted<span class=\"token punctuation\">,<\/span> key<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\nconsole<span class=\"token punctuation\">.<\/span><span class=\"token function\">log<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;Decrypted:&#034;<\/span><span class=\"token punctuation\">,<\/span> decrypted<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><\/p>\n<h3>3. \u975e\u5bf9\u79f0\u52a0\u5bc6&#xff1a;RSA \u7684\u6570\u7406\u903b\u8f91<\/h3>\n<p>RSA \u7684\u5b89\u5168\u6027\u4f9d\u8d56\u4e8e\u5927\u6574\u6570\u5206\u89e3\u96be\u9898\u3002<\/p>\n<h4>3.1 RSA \u5bc6\u94a5\u751f\u6210\u6d41\u7a0b\u56fe<\/h4>\n<p>\u4e0b\u56fe\u5c55\u793a\u4e86\u4ece\u9009\u62e9\u8d28\u6570\u5230\u751f\u6210\u516c\u79c1\u94a5\u5bf9\u7684\u5b8c\u6574\u6570\u5b66\u903b\u8f91\u6d41\u7a0b&#xff1a;<\/p>\n<p>  #mermaid-svg-Qj4iHTSCz8HKwhBq{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#mermaid-svg-Qj4iHTSCz8HKwhBq .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#mermaid-svg-Qj4iHTSCz8HKwhBq .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#mermaid-svg-Qj4iHTSCz8HKwhBq .error-icon{fill:#552222;}#mermaid-svg-Qj4iHTSCz8HKwhBq .error-text{fill:#552222;stroke:#552222;}#mermaid-svg-Qj4iHTSCz8HKwhBq .edge-thickness-normal{stroke-width:1px;}#mermaid-svg-Qj4iHTSCz8HKwhBq .edge-thickness-thick{stroke-width:3.5px;}#mermaid-svg-Qj4iHTSCz8HKwhBq .edge-pattern-solid{stroke-dasharray:0;}#mermaid-svg-Qj4iHTSCz8HKwhBq .edge-thickness-invisible{stroke-width:0;fill:none;}#mermaid-svg-Qj4iHTSCz8HKwhBq .edge-pattern-dashed{stroke-dasharray:3;}#mermaid-svg-Qj4iHTSCz8HKwhBq .edge-pattern-dotted{stroke-dasharray:2;}#mermaid-svg-Qj4iHTSCz8HKwhBq .marker{fill:#333333;stroke:#333333;}#mermaid-svg-Qj4iHTSCz8HKwhBq .marker.cross{stroke:#333333;}#mermaid-svg-Qj4iHTSCz8HKwhBq svg{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:16px;}#mermaid-svg-Qj4iHTSCz8HKwhBq p{margin:0;}#mermaid-svg-Qj4iHTSCz8HKwhBq .label{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;color:#333;}#mermaid-svg-Qj4iHTSCz8HKwhBq .cluster-label text{fill:#333;}#mermaid-svg-Qj4iHTSCz8HKwhBq .cluster-label span{color:#333;}#mermaid-svg-Qj4iHTSCz8HKwhBq .cluster-label span p{background-color:transparent;}#mermaid-svg-Qj4iHTSCz8HKwhBq .label text,#mermaid-svg-Qj4iHTSCz8HKwhBq span{fill:#333;color:#333;}#mermaid-svg-Qj4iHTSCz8HKwhBq .node rect,#mermaid-svg-Qj4iHTSCz8HKwhBq .node circle,#mermaid-svg-Qj4iHTSCz8HKwhBq .node ellipse,#mermaid-svg-Qj4iHTSCz8HKwhBq .node polygon,#mermaid-svg-Qj4iHTSCz8HKwhBq .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#mermaid-svg-Qj4iHTSCz8HKwhBq .rough-node .label text,#mermaid-svg-Qj4iHTSCz8HKwhBq .node .label text,#mermaid-svg-Qj4iHTSCz8HKwhBq .image-shape .label,#mermaid-svg-Qj4iHTSCz8HKwhBq .icon-shape .label{text-anchor:middle;}#mermaid-svg-Qj4iHTSCz8HKwhBq .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#mermaid-svg-Qj4iHTSCz8HKwhBq .rough-node .label,#mermaid-svg-Qj4iHTSCz8HKwhBq .node .label,#mermaid-svg-Qj4iHTSCz8HKwhBq .image-shape .label,#mermaid-svg-Qj4iHTSCz8HKwhBq .icon-shape .label{text-align:center;}#mermaid-svg-Qj4iHTSCz8HKwhBq .node.clickable{cursor:pointer;}#mermaid-svg-Qj4iHTSCz8HKwhBq .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#mermaid-svg-Qj4iHTSCz8HKwhBq .arrowheadPath{fill:#333333;}#mermaid-svg-Qj4iHTSCz8HKwhBq .edgePath .path{stroke:#333333;stroke-width:2.0px;}#mermaid-svg-Qj4iHTSCz8HKwhBq .flowchart-link{stroke:#333333;fill:none;}#mermaid-svg-Qj4iHTSCz8HKwhBq .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#mermaid-svg-Qj4iHTSCz8HKwhBq .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#mermaid-svg-Qj4iHTSCz8HKwhBq .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#mermaid-svg-Qj4iHTSCz8HKwhBq .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#mermaid-svg-Qj4iHTSCz8HKwhBq .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#mermaid-svg-Qj4iHTSCz8HKwhBq .cluster text{fill:#333;}#mermaid-svg-Qj4iHTSCz8HKwhBq .cluster span{color:#333;}#mermaid-svg-Qj4iHTSCz8HKwhBq div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#mermaid-svg-Qj4iHTSCz8HKwhBq .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#mermaid-svg-Qj4iHTSCz8HKwhBq rect.text{fill:none;stroke-width:0;}#mermaid-svg-Qj4iHTSCz8HKwhBq .icon-shape,#mermaid-svg-Qj4iHTSCz8HKwhBq .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#mermaid-svg-Qj4iHTSCz8HKwhBq .icon-shape p,#mermaid-svg-Qj4iHTSCz8HKwhBq .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#mermaid-svg-Qj4iHTSCz8HKwhBq .icon-shape rect,#mermaid-svg-Qj4iHTSCz8HKwhBq .image-shape rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#mermaid-svg-Qj4iHTSCz8HKwhBq .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#mermaid-svg-Qj4iHTSCz8HKwhBq .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#mermaid-svg-Qj4iHTSCz8HKwhBq :root{&#8211;mermaid-font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;}<\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u5f00\u59cb: \u751f\u6210\u5bc6\u94a5\u5bf9<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u968f\u673a\u9009\u62e9\u4e24\u4e2a\u5927\u8d28\u6570 p, q<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u8ba1\u7b97\u6a21\u6570 n &#061; p * q<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u8ba1\u7b97\u6b27\u62c9\u51fd\u6570 phi &#061; p-1 * q-1<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u9009\u62e9\u516c\u94a5\u6307\u6570 e\u6761\u4ef6: 1 &lt; e &lt; phi \u4e14\u4e92\u8d28<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u8ba1\u7b97\u79c1\u94a5\u6307\u6570 d\u6761\u4ef6: e * d \u2261 1 mod phi<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u751f\u6210\u7ed3\u679c<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u516c\u94a5n, e<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u79c1\u94a5n, d<\/p>\n<p><\/span><\/p>\n<h4>3.2 \u586b\u5145\u7684\u91cd\u8981\u6027&#xff1a;OAEP<\/h4>\n<p>\u76f4\u63a5\u7528 RSA \u52a0\u5bc6\u6570\u636e&#xff08;\u6559\u79d1\u4e66\u5f0f RSA&#xff09;\u662f\u6781\u5176\u5371\u9669\u7684\u3002\u5fc5\u987b\u4f7f\u7528\u586b\u5145\u3002OAEP (Optimal Asymmetric Encryption Padding) \u662f\u76ee\u524d\u7684\u6807\u51c6\u3002<\/p>\n<p>\u4e3a\u4f55\u9700\u8981 OAEP&#xff1f; \u6ca1\u6709\u586b\u5145\u7684 RSA \u662f\u786e\u5b9a\u6027\u7684&#xff08;\u76f8\u540c\u7684\u660e\u6587\u6c38\u8fdc\u5f97\u5230\u76f8\u540c\u7684\u5bc6\u6587&#xff09;&#xff0c;\u4e14\u5bb9\u6613\u6ee1\u8db3\u7279\u5b9a\u6570\u5b66\u7ed3\u6784\u5bfc\u81f4\u88ab\u7834\u89e3\u3002OAEP \u5f15\u5165\u4e86\u968f\u673a\u6027&#xff0c;\u4f7f\u52a0\u5bc6\u53d8\u6210\u6982\u7387\u6027\u7684\u3002<\/p>\n<h4>3.3 \u5b9e\u6218&#xff1a;RSA-OAEP \u52a0\u5bc6\u4e0e\u89e3\u5bc6<\/h4>\n<p>\u6ce8\u610f&#xff1a;RSA \u901f\u5ea6\u6162&#xff0c;\u901a\u5e38\u53ea\u7528\u6765\u52a0\u5bc6\u5bf9\u79f0\u5bc6\u94a5&#xff0c;\u4e0d\u76f4\u63a5\u52a0\u5bc6\u5927\u6587\u4ef6\u3002<\/p>\n<h5>Java (JDK 11&#043;)<\/h5>\n<p>\u4f7f\u7528 RSA\/ECB\/OAEPWithSHA-256AndMGF1Padding\u3002<\/p>\n<p><span class=\"token keyword\">import<\/span> <span class=\"token namespace\">javax<span class=\"token punctuation\">.<\/span>crypto<span class=\"token punctuation\">.<\/span><\/span><span class=\"token class-name\">Cipher<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">import<\/span> <span class=\"token namespace\">java<span class=\"token punctuation\">.<\/span>security<span class=\"token punctuation\">.<\/span><\/span><span class=\"token class-name\">KeyPair<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">import<\/span> <span class=\"token namespace\">java<span class=\"token punctuation\">.<\/span>security<span class=\"token punctuation\">.<\/span><\/span><span class=\"token class-name\">KeyPairGenerator<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">import<\/span> <span class=\"token namespace\">java<span class=\"token punctuation\">.<\/span>security<span class=\"token punctuation\">.<\/span><\/span><span class=\"token class-name\">SecureRandom<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">import<\/span> <span class=\"token namespace\">java<span class=\"token punctuation\">.<\/span>util<span class=\"token punctuation\">.<\/span><\/span><span class=\"token class-name\">Base64<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">public<\/span> <span class=\"token keyword\">class<\/span> <span class=\"token class-name\">RsaOaepExample<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n    <span class=\"token keyword\">public<\/span> <span class=\"token keyword\">static<\/span> <span class=\"token keyword\">void<\/span> <span class=\"token function\">main<\/span><span class=\"token punctuation\">(<\/span><span class=\"token class-name\">String<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> args<span class=\"token punctuation\">)<\/span> <span class=\"token keyword\">throws<\/span> <span class=\"token class-name\">Exception<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n        <span class=\"token comment\">\/\/ 1. \u751f\u6210 RSA \u5bc6\u94a5\u5bf9 (2048\u4f4d)<\/span><br \/>\n        <span class=\"token class-name\">KeyPairGenerator<\/span> keyGen <span class=\"token operator\">&#061;<\/span> <span class=\"token class-name\">KeyPairGenerator<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">getInstance<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;RSA&#034;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        keyGen<span class=\"token punctuation\">.<\/span><span class=\"token function\">initialize<\/span><span class=\"token punctuation\">(<\/span><span class=\"token number\">2048<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token class-name\">SecureRandom<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">KeyPair<\/span> keyPair <span class=\"token operator\">&#061;<\/span> keyGen<span class=\"token punctuation\">.<\/span><span class=\"token function\">generateKeyPair<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">String<\/span> message <span class=\"token operator\">&#061;<\/span> <span class=\"token string\">&#034;Here is the AES Key: 1234567890123456&#034;<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token comment\">\/\/ 2. \u52a0\u5bc6 (\u4f7f\u7528\u516c\u94a5)<\/span><br \/>\n        <span class=\"token comment\">\/\/ OAEPWithSHA-256AndMGF1Padding \u662f\u6700\u5b89\u5168\u7684\u914d\u7f6e\u4e4b\u4e00<\/span><br \/>\n        <span class=\"token class-name\">Cipher<\/span> encryptCipher <span class=\"token operator\">&#061;<\/span> <span class=\"token class-name\">Cipher<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">getInstance<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;RSA\/ECB\/OAEPWithSHA-256AndMGF1Padding&#034;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        encryptCipher<span class=\"token punctuation\">.<\/span><span class=\"token function\">init<\/span><span class=\"token punctuation\">(<\/span><span class=\"token class-name\">Cipher<\/span><span class=\"token punctuation\">.<\/span>ENCRYPT_MODE<span class=\"token punctuation\">,<\/span> keyPair<span class=\"token punctuation\">.<\/span><span class=\"token function\">getPublic<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> encryptedBytes <span class=\"token operator\">&#061;<\/span> encryptCipher<span class=\"token punctuation\">.<\/span><span class=\"token function\">doFinal<\/span><span class=\"token punctuation\">(<\/span>message<span class=\"token punctuation\">.<\/span><span class=\"token function\">getBytes<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">System<\/span><span class=\"token punctuation\">.<\/span>out<span class=\"token punctuation\">.<\/span><span class=\"token function\">println<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;Encrypted: &#034;<\/span> <span class=\"token operator\">&#043;<\/span> <span class=\"token class-name\">Base64<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">getEncoder<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">encodeToString<\/span><span class=\"token punctuation\">(<\/span>encryptedBytes<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token comment\">\/\/ 3. \u89e3\u5bc6 (\u4f7f\u7528\u79c1\u94a5)<\/span><br \/>\n        <span class=\"token class-name\">Cipher<\/span> decryptCipher <span class=\"token operator\">&#061;<\/span> <span class=\"token class-name\">Cipher<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">getInstance<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;RSA\/ECB\/OAEPWithSHA-256AndMGF1Padding&#034;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        decryptCipher<span class=\"token punctuation\">.<\/span><span class=\"token function\">init<\/span><span class=\"token punctuation\">(<\/span><span class=\"token class-name\">Cipher<\/span><span class=\"token punctuation\">.<\/span>DECRYPT_MODE<span class=\"token punctuation\">,<\/span> keyPair<span class=\"token punctuation\">.<\/span><span class=\"token function\">getPrivate<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> decryptedBytes <span class=\"token operator\">&#061;<\/span> decryptCipher<span class=\"token punctuation\">.<\/span><span class=\"token function\">doFinal<\/span><span class=\"token punctuation\">(<\/span>encryptedBytes<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">System<\/span><span class=\"token punctuation\">.<\/span>out<span class=\"token punctuation\">.<\/span><span class=\"token function\">println<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;Decrypted: &#034;<\/span> <span class=\"token operator\">&#043;<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token class-name\">String<\/span><span class=\"token punctuation\">(<\/span>decryptedBytes<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token punctuation\">}<\/span><br \/>\n<span class=\"token punctuation\">}<\/span><\/p>\n<h5>JavaScript (Node.js)<\/h5>\n<p>\u4f7f\u7528 crypto.publicEncrypt \u548c oaepHash \u9009\u9879\u3002<\/p>\n<p><span class=\"token keyword\">const<\/span> crypto <span class=\"token operator\">&#061;<\/span> <span class=\"token function\">require<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#039;crypto&#039;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token comment\">\/\/ 1. \u751f\u6210\u5bc6\u94a5\u5bf9<\/span><br \/>\n<span class=\"token keyword\">const<\/span> <span class=\"token punctuation\">{<\/span> publicKey<span class=\"token punctuation\">,<\/span> privateKey <span class=\"token punctuation\">}<\/span> <span class=\"token operator\">&#061;<\/span> crypto<span class=\"token punctuation\">.<\/span><span class=\"token function\">generateKeyPairSync<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#039;rsa&#039;<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n    <span class=\"token literal-property property\">modulusLength<\/span><span class=\"token operator\">:<\/span> <span class=\"token number\">2048<\/span><span class=\"token punctuation\">,<\/span><br \/>\n    <span class=\"token literal-property property\">publicKeyEncoding<\/span><span class=\"token operator\">:<\/span> <span class=\"token punctuation\">{<\/span> <span class=\"token literal-property property\">type<\/span><span class=\"token operator\">:<\/span> <span class=\"token string\">&#039;spki&#039;<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token literal-property property\">format<\/span><span class=\"token operator\">:<\/span> <span class=\"token string\">&#039;pem&#039;<\/span> <span class=\"token punctuation\">}<\/span><span class=\"token punctuation\">,<\/span><br \/>\n    <span class=\"token literal-property property\">privateKeyEncoding<\/span><span class=\"token operator\">:<\/span> <span class=\"token punctuation\">{<\/span> <span class=\"token literal-property property\">type<\/span><span class=\"token operator\">:<\/span> <span class=\"token string\">&#039;pkcs8&#039;<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token literal-property property\">format<\/span><span class=\"token operator\">:<\/span> <span class=\"token string\">&#039;pem&#039;<\/span> <span class=\"token punctuation\">}<\/span><br \/>\n<span class=\"token punctuation\">}<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">const<\/span> message <span class=\"token operator\">&#061;<\/span> <span class=\"token string\">&#034;Here is the AES Key: 1234567890123456&#034;<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token comment\">\/\/ 2. \u52a0\u5bc6 (\u4f7f\u7528\u516c\u94a5)<\/span><br \/>\n<span class=\"token keyword\">const<\/span> encrypted <span class=\"token operator\">&#061;<\/span> crypto<span class=\"token punctuation\">.<\/span><span class=\"token function\">publicEncrypt<\/span><span class=\"token punctuation\">(<\/span><br \/>\n    <span class=\"token punctuation\">{<\/span><br \/>\n        <span class=\"token literal-property property\">key<\/span><span class=\"token operator\">:<\/span> publicKey<span class=\"token punctuation\">,<\/span><br \/>\n        <span class=\"token literal-property property\">padding<\/span><span class=\"token operator\">:<\/span> crypto<span class=\"token punctuation\">.<\/span>constants<span class=\"token punctuation\">.<\/span><span class=\"token constant\">RSA_PKCS1_OAEP_PADDING<\/span><span class=\"token punctuation\">,<\/span><br \/>\n        <span class=\"token literal-property property\">oaepHash<\/span><span class=\"token operator\">:<\/span> <span class=\"token string\">&#034;sha256&#034;<\/span> <span class=\"token comment\">\/\/ \u6307\u5b9a OAEP \u7684 Hash \u7b97\u6cd5<\/span><br \/>\n    <span class=\"token punctuation\">}<\/span><span class=\"token punctuation\">,<\/span><br \/>\n    Buffer<span class=\"token punctuation\">.<\/span><span class=\"token function\">from<\/span><span class=\"token punctuation\">(<\/span>message<span class=\"token punctuation\">)<\/span><br \/>\n<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\nconsole<span class=\"token punctuation\">.<\/span><span class=\"token function\">log<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;Encrypted (len):&#034;<\/span><span class=\"token punctuation\">,<\/span> encrypted<span class=\"token punctuation\">.<\/span>length<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token comment\">\/\/ 3. \u89e3\u5bc6 (\u4f7f\u7528\u79c1\u94a5)<\/span><br \/>\n<span class=\"token keyword\">const<\/span> decrypted <span class=\"token operator\">&#061;<\/span> crypto<span class=\"token punctuation\">.<\/span><span class=\"token function\">privateDecrypt<\/span><span class=\"token punctuation\">(<\/span><br \/>\n    <span class=\"token punctuation\">{<\/span><br \/>\n        <span class=\"token literal-property property\">key<\/span><span class=\"token operator\">:<\/span> privateKey<span class=\"token punctuation\">,<\/span><br \/>\n        <span class=\"token literal-property property\">padding<\/span><span class=\"token operator\">:<\/span> crypto<span class=\"token punctuation\">.<\/span>constants<span class=\"token punctuation\">.<\/span><span class=\"token constant\">RSA_PKCS1_OAEP_PADDING<\/span><span class=\"token punctuation\">,<\/span><br \/>\n        <span class=\"token literal-property property\">oaepHash<\/span><span class=\"token operator\">:<\/span> <span class=\"token string\">&#034;sha256&#034;<\/span><br \/>\n    <span class=\"token punctuation\">}<\/span><span class=\"token punctuation\">,<\/span><br \/>\n    encrypted<br \/>\n<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\nconsole<span class=\"token punctuation\">.<\/span><span class=\"token function\">log<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;Decrypted:&#034;<\/span><span class=\"token punctuation\">,<\/span> decrypted<span class=\"token punctuation\">.<\/span><span class=\"token function\">toString<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><\/p>\n<h3>4. \u6570\u5b57\u7b7e\u540d&#xff1a;\u8eab\u4efd\u9a8c\u8bc1<\/h3>\n<p>\u6570\u5b57\u7b7e\u540d\u662f\u201c\u79c1\u94a5\u52a0\u5bc6\u54c8\u5e0c\u201d\u7684\u73b0\u4ee3\u4e25\u8c28\u8bf4\u6cd5&#xff08;\u5b9e\u9645\u64cd\u4f5c\u7565\u6709\u4e0d\u540c&#xff0c;\u5e38\u7528 PSS \u586b\u5145&#xff09;\u3002<\/p>\n<h4>4.1 \u7b7e\u540d\u751f\u6210\u4e0e\u9a8c\u8bc1\u6d41\u7a0b<\/h4>\n<p>\u4e0b\u56fe\u5c55\u793a\u4e86\u53d1\u9001\u65b9\u5982\u4f55\u4f7f\u7528\u79c1\u94a5\u7b7e\u540d&#xff0c;\u63a5\u6536\u65b9\u5982\u4f55\u4f7f\u7528\u516c\u94a5\u9a8c\u8bc1\u8eab\u4efd\u548c\u5b8c\u6574\u6027&#xff1a;<\/p>\n<p>     \u63a5\u6536\u65b9<\/p>\n<p>     \u53d1\u9001\u65b9<\/p>\n<p>      \u63a5\u6536\u65b9<\/p>\n<p>      \u53d1\u9001\u65b9<\/p>\n<p>  #mermaid-svg-vOOPKjB8LPvwtdBP{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#mermaid-svg-vOOPKjB8LPvwtdBP .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#mermaid-svg-vOOPKjB8LPvwtdBP .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#mermaid-svg-vOOPKjB8LPvwtdBP .error-icon{fill:#552222;}#mermaid-svg-vOOPKjB8LPvwtdBP .error-text{fill:#552222;stroke:#552222;}#mermaid-svg-vOOPKjB8LPvwtdBP .edge-thickness-normal{stroke-width:1px;}#mermaid-svg-vOOPKjB8LPvwtdBP .edge-thickness-thick{stroke-width:3.5px;}#mermaid-svg-vOOPKjB8LPvwtdBP .edge-pattern-solid{stroke-dasharray:0;}#mermaid-svg-vOOPKjB8LPvwtdBP .edge-thickness-invisible{stroke-width:0;fill:none;}#mermaid-svg-vOOPKjB8LPvwtdBP .edge-pattern-dashed{stroke-dasharray:3;}#mermaid-svg-vOOPKjB8LPvwtdBP .edge-pattern-dotted{stroke-dasharray:2;}#mermaid-svg-vOOPKjB8LPvwtdBP .marker{fill:#333333;stroke:#333333;}#mermaid-svg-vOOPKjB8LPvwtdBP .marker.cross{stroke:#333333;}#mermaid-svg-vOOPKjB8LPvwtdBP svg{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:16px;}#mermaid-svg-vOOPKjB8LPvwtdBP p{margin:0;}#mermaid-svg-vOOPKjB8LPvwtdBP .actor{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#mermaid-svg-vOOPKjB8LPvwtdBP text.actor&gt;tspan{fill:black;stroke:none;}#mermaid-svg-vOOPKjB8LPvwtdBP .actor-line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);}#mermaid-svg-vOOPKjB8LPvwtdBP .innerArc{stroke-width:1.5;stroke-dasharray:none;}#mermaid-svg-vOOPKjB8LPvwtdBP .messageLine0{stroke-width:1.5;stroke-dasharray:none;stroke:#333;}#mermaid-svg-vOOPKjB8LPvwtdBP .messageLine1{stroke-width:1.5;stroke-dasharray:2,2;stroke:#333;}#mermaid-svg-vOOPKjB8LPvwtdBP #arrowhead path{fill:#333;stroke:#333;}#mermaid-svg-vOOPKjB8LPvwtdBP .sequenceNumber{fill:white;}#mermaid-svg-vOOPKjB8LPvwtdBP #sequencenumber{fill:#333;}#mermaid-svg-vOOPKjB8LPvwtdBP #crosshead path{fill:#333;stroke:#333;}#mermaid-svg-vOOPKjB8LPvwtdBP .messageText{fill:#333;stroke:none;}#mermaid-svg-vOOPKjB8LPvwtdBP .labelBox{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#mermaid-svg-vOOPKjB8LPvwtdBP .labelText,#mermaid-svg-vOOPKjB8LPvwtdBP .labelText&gt;tspan{fill:black;stroke:none;}#mermaid-svg-vOOPKjB8LPvwtdBP .loopText,#mermaid-svg-vOOPKjB8LPvwtdBP .loopText&gt;tspan{fill:black;stroke:none;}#mermaid-svg-vOOPKjB8LPvwtdBP .loopLine{stroke-width:2px;stroke-dasharray:2,2;stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);}#mermaid-svg-vOOPKjB8LPvwtdBP .note{stroke:#aaaa33;fill:#fff5ad;}#mermaid-svg-vOOPKjB8LPvwtdBP .noteText,#mermaid-svg-vOOPKjB8LPvwtdBP .noteText&gt;tspan{fill:black;stroke:none;}#mermaid-svg-vOOPKjB8LPvwtdBP .activation0{fill:#f4f4f4;stroke:#666;}#mermaid-svg-vOOPKjB8LPvwtdBP .activation1{fill:#f4f4f4;stroke:#666;}#mermaid-svg-vOOPKjB8LPvwtdBP .activation2{fill:#f4f4f4;stroke:#666;}#mermaid-svg-vOOPKjB8LPvwtdBP .actorPopupMenu{position:absolute;}#mermaid-svg-vOOPKjB8LPvwtdBP .actorPopupMenuPanel{position:absolute;fill:#ECECFF;box-shadow:0px 8px 16px 0px rgba(0,0,0,0.2);filter:drop-shadow(3px 5px 2px rgb(0 0 0 \/ 0.4));}#mermaid-svg-vOOPKjB8LPvwtdBP .actor-man line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#mermaid-svg-vOOPKjB8LPvwtdBP .actor-man circle,#mermaid-svg-vOOPKjB8LPvwtdBP line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;stroke-width:2px;}#mermaid-svg-vOOPKjB8LPvwtdBP :root{&#8211;mermaid-font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;}<\/p>\n<p>     1. \u51c6\u5907\u6570\u636e<\/p>\n<p>     2. \u9a8c\u8bc1\u6570\u636e<\/p>\n<p>    alt<\/p>\n<p>     [Hash_A &#061;&#061; Hash_B]<\/p>\n<p>    [Hash_A !&#061; Hash_B]<\/p>\n<p>   \u8ba1\u7b97\u539f\u59cb\u6d88\u606f\u7684\u54c8\u5e0c\u503c Hash_A<\/p>\n<p>   \u4f7f\u7528\u79c1\u94a5\u52a0\u5bc6 Hash_A \u751f\u6210\u7b7e\u540d Signature<\/p>\n<p>   \u53d1\u9001 [\u539f\u59cb\u6d88\u606f] &#043; [\u6570\u5b57\u7b7e\u540d]<\/p>\n<p>   \u8ba1\u7b97\u6536\u5230\u6d88\u606f\u7684\u54c8\u5e0c\u503c Hash_B<\/p>\n<p>   \u4f7f\u7528\u516c\u94a5\u89e3\u5bc6\u7b7e\u540d \u5f97\u5230 Hash_A<\/p>\n<p>   \u2705 \u9a8c\u8bc1\u901a\u8fc7<\/p>\n<p>   (\u6570\u636e\u5b8c\u6574\u4e14\u6765\u6e90\u771f\u5b9e)<\/p>\n<p>   \u274c \u9a8c\u8bc1\u5931\u8d25<\/p>\n<p>   (\u6570\u636e\u5df2\u7be1\u6539\u6216\u6765\u6e90\u4f2a\u9020)<\/p>\n<h4>4.2 \u5b9e\u6218&#xff1a;RSASSA-PSS \u7b7e\u540d<\/h4>\n<p>Java 11&#043; \u548c Node.js \u5747\u539f\u751f\u652f\u6301 PSS \u586b\u5145&#xff0c;\u8fd9\u662f\u6bd4 PKCS#1 v1.5 \u66f4\u5b89\u5168\u7684\u7b7e\u540d\u65b9\u6848\u3002<\/p>\n<h5>Java (JDK 11&#043;)<\/h5>\n<p><span class=\"token keyword\">import<\/span> <span class=\"token namespace\">java<span class=\"token punctuation\">.<\/span>security<span class=\"token punctuation\">.<\/span><\/span><span class=\"token operator\">*<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">import<\/span> <span class=\"token namespace\">java<span class=\"token punctuation\">.<\/span>util<span class=\"token punctuation\">.<\/span><\/span><span class=\"token class-name\">Base64<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">public<\/span> <span class=\"token keyword\">class<\/span> <span class=\"token class-name\">RsaPssExample<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n    <span class=\"token keyword\">public<\/span> <span class=\"token keyword\">static<\/span> <span class=\"token keyword\">void<\/span> <span class=\"token function\">main<\/span><span class=\"token punctuation\">(<\/span><span class=\"token class-name\">String<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> args<span class=\"token punctuation\">)<\/span> <span class=\"token keyword\">throws<\/span> <span class=\"token class-name\">Exception<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n        <span class=\"token comment\">\/\/ 1. \u751f\u6210\u5bc6\u94a5\u5bf9<\/span><br \/>\n        <span class=\"token class-name\">KeyPairGenerator<\/span> keyGen <span class=\"token operator\">&#061;<\/span> <span class=\"token class-name\">KeyPairGenerator<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">getInstance<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;RSA&#034;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        keyGen<span class=\"token punctuation\">.<\/span><span class=\"token function\">initialize<\/span><span class=\"token punctuation\">(<\/span><span class=\"token number\">2048<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">KeyPair<\/span> keyPair <span class=\"token operator\">&#061;<\/span> keyGen<span class=\"token punctuation\">.<\/span><span class=\"token function\">generateKeyPair<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">String<\/span> message <span class=\"token operator\">&#061;<\/span> <span class=\"token string\">&#034;Important contract content&#034;<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token comment\">\/\/ 2. \u7b7e\u540d (\u4f7f\u7528\u79c1\u94a5)<\/span><br \/>\n        <span class=\"token comment\">\/\/ RSASSA-PSS \u914d\u7f6e<\/span><br \/>\n        <span class=\"token class-name\">Signature<\/span> signature <span class=\"token operator\">&#061;<\/span> <span class=\"token class-name\">Signature<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">getInstance<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;RSASSA-PSS&#034;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        signature<span class=\"token punctuation\">.<\/span><span class=\"token function\">setParameter<\/span><span class=\"token punctuation\">(<\/span><span class=\"token keyword\">new<\/span> <span class=\"token class-name\">PSSParameterSpec<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;SHA-256&#034;<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token string\">&#034;MGF1&#034;<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token class-name\">MGF1ParameterSpec<\/span><span class=\"token punctuation\">.<\/span>SHA256<span class=\"token punctuation\">,<\/span> <span class=\"token number\">32<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token number\">1<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        signature<span class=\"token punctuation\">.<\/span><span class=\"token function\">initSign<\/span><span class=\"token punctuation\">(<\/span>keyPair<span class=\"token punctuation\">.<\/span><span class=\"token function\">getPrivate<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        signature<span class=\"token punctuation\">.<\/span><span class=\"token function\">update<\/span><span class=\"token punctuation\">(<\/span>message<span class=\"token punctuation\">.<\/span><span class=\"token function\">getBytes<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> signatureBytes <span class=\"token operator\">&#061;<\/span> signature<span class=\"token punctuation\">.<\/span><span class=\"token function\">sign<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">System<\/span><span class=\"token punctuation\">.<\/span>out<span class=\"token punctuation\">.<\/span><span class=\"token function\">println<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;Signature: &#034;<\/span> <span class=\"token operator\">&#043;<\/span> <span class=\"token class-name\">Base64<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">getEncoder<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">encodeToString<\/span><span class=\"token punctuation\">(<\/span>signatureBytes<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token comment\">\/\/ 3. \u9a8c\u8bc1 (\u4f7f\u7528\u516c\u94a5)<\/span><br \/>\n        <span class=\"token class-name\">Signature<\/span> verifier <span class=\"token operator\">&#061;<\/span> <span class=\"token class-name\">Signature<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">getInstance<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;RSASSA-PSS&#034;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        verifier<span class=\"token punctuation\">.<\/span><span class=\"token function\">setParameter<\/span><span class=\"token punctuation\">(<\/span><span class=\"token keyword\">new<\/span> <span class=\"token class-name\">PSSParameterSpec<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;SHA-256&#034;<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token string\">&#034;MGF1&#034;<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token class-name\">MGF1ParameterSpec<\/span><span class=\"token punctuation\">.<\/span>SHA256<span class=\"token punctuation\">,<\/span> <span class=\"token number\">32<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token number\">1<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        verifier<span class=\"token punctuation\">.<\/span><span class=\"token function\">initVerify<\/span><span class=\"token punctuation\">(<\/span>keyPair<span class=\"token punctuation\">.<\/span><span class=\"token function\">getPublic<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        verifier<span class=\"token punctuation\">.<\/span><span class=\"token function\">update<\/span><span class=\"token punctuation\">(<\/span>message<span class=\"token punctuation\">.<\/span><span class=\"token function\">getBytes<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">boolean<\/span> isValid <span class=\"token operator\">&#061;<\/span> verifier<span class=\"token punctuation\">.<\/span><span class=\"token function\">verify<\/span><span class=\"token punctuation\">(<\/span>signatureBytes<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">System<\/span><span class=\"token punctuation\">.<\/span>out<span class=\"token punctuation\">.<\/span><span class=\"token function\">println<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;Signature valid? &#034;<\/span> <span class=\"token operator\">&#043;<\/span> isValid<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token punctuation\">}<\/span><br \/>\n<span class=\"token punctuation\">}<\/span><\/p>\n<h5>JavaScript (Node.js)<\/h5>\n<p><span class=\"token keyword\">const<\/span> crypto <span class=\"token operator\">&#061;<\/span> <span class=\"token function\">require<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#039;crypto&#039;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">const<\/span> <span class=\"token punctuation\">{<\/span> publicKey<span class=\"token punctuation\">,<\/span> privateKey <span class=\"token punctuation\">}<\/span> <span class=\"token operator\">&#061;<\/span> crypto<span class=\"token punctuation\">.<\/span><span class=\"token function\">generateKeyPairSync<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#039;rsa&#039;<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n    <span class=\"token literal-property property\">modulusLength<\/span><span class=\"token operator\">:<\/span> <span class=\"token number\">2048<\/span><span class=\"token punctuation\">,<\/span><br \/>\n    <span class=\"token literal-property property\">publicKeyEncoding<\/span><span class=\"token operator\">:<\/span> <span class=\"token punctuation\">{<\/span> <span class=\"token literal-property property\">type<\/span><span class=\"token operator\">:<\/span> <span class=\"token string\">&#039;spki&#039;<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token literal-property property\">format<\/span><span class=\"token operator\">:<\/span> <span class=\"token string\">&#039;pem&#039;<\/span> <span class=\"token punctuation\">}<\/span><span class=\"token punctuation\">,<\/span><br \/>\n    <span class=\"token literal-property property\">privateKeyEncoding<\/span><span class=\"token operator\">:<\/span> <span class=\"token punctuation\">{<\/span> <span class=\"token literal-property property\">type<\/span><span class=\"token operator\">:<\/span> <span class=\"token string\">&#039;pkcs8&#039;<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token literal-property property\">format<\/span><span class=\"token operator\">:<\/span> <span class=\"token string\">&#039;pem&#039;<\/span> <span class=\"token punctuation\">}<\/span><br \/>\n<span class=\"token punctuation\">}<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">const<\/span> message <span class=\"token operator\">&#061;<\/span> <span class=\"token string\">&#034;Important contract content&#034;<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token comment\">\/\/ 1. \u7b7e\u540d<\/span><br \/>\n<span class=\"token keyword\">const<\/span> sign <span class=\"token operator\">&#061;<\/span> crypto<span class=\"token punctuation\">.<\/span><span class=\"token function\">createSign<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#039;sha256&#039;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\nsign<span class=\"token punctuation\">.<\/span><span class=\"token function\">update<\/span><span class=\"token punctuation\">(<\/span>message<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\nsign<span class=\"token punctuation\">.<\/span><span class=\"token function\">end<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">const<\/span> signature <span class=\"token operator\">&#061;<\/span> sign<span class=\"token punctuation\">.<\/span><span class=\"token function\">sign<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">{<\/span><br \/>\n    <span class=\"token literal-property property\">key<\/span><span class=\"token operator\">:<\/span> privateKey<span class=\"token punctuation\">,<\/span><br \/>\n    <span class=\"token literal-property property\">padding<\/span><span class=\"token operator\">:<\/span> crypto<span class=\"token punctuation\">.<\/span>constants<span class=\"token punctuation\">.<\/span><span class=\"token constant\">RSA_PKCS1_PSS_PADDING<\/span><span class=\"token punctuation\">,<\/span><br \/>\n    <span class=\"token literal-property property\">saltLength<\/span><span class=\"token operator\">:<\/span> crypto<span class=\"token punctuation\">.<\/span>constants<span class=\"token punctuation\">.<\/span><span class=\"token constant\">RSA_PSS_SALTLEN_DIGEST<\/span> <span class=\"token comment\">\/\/ \u76d0\u957f\u5ea6\u7b49\u4e8e\u6458\u8981\u957f\u5ea6<\/span><br \/>\n<span class=\"token punctuation\">}<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\nconsole<span class=\"token punctuation\">.<\/span><span class=\"token function\">log<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;Signature (len):&#034;<\/span><span class=\"token punctuation\">,<\/span> signature<span class=\"token punctuation\">.<\/span>length<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token comment\">\/\/ 2. \u9a8c\u8bc1<\/span><br \/>\n<span class=\"token keyword\">const<\/span> verify <span class=\"token operator\">&#061;<\/span> crypto<span class=\"token punctuation\">.<\/span><span class=\"token function\">createVerify<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#039;sha256&#039;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\nverify<span class=\"token punctuation\">.<\/span><span class=\"token function\">update<\/span><span class=\"token punctuation\">(<\/span>message<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\nverify<span class=\"token punctuation\">.<\/span><span class=\"token function\">end<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">const<\/span> isValid <span class=\"token operator\">&#061;<\/span> verify<span class=\"token punctuation\">.<\/span><span class=\"token function\">verify<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">{<\/span><br \/>\n    <span class=\"token literal-property property\">key<\/span><span class=\"token operator\">:<\/span> publicKey<span class=\"token punctuation\">,<\/span><br \/>\n    <span class=\"token literal-property property\">padding<\/span><span class=\"token operator\">:<\/span> crypto<span class=\"token punctuation\">.<\/span>constants<span class=\"token punctuation\">.<\/span><span class=\"token constant\">RSA_PKCS1_PSS_PADDING<\/span><span class=\"token punctuation\">,<\/span><br \/>\n    <span class=\"token literal-property property\">saltLength<\/span><span class=\"token operator\">:<\/span> crypto<span class=\"token punctuation\">.<\/span>constants<span class=\"token punctuation\">.<\/span><span class=\"token constant\">RSA_PSS_SALTLEN_DIGEST<\/span><br \/>\n<span class=\"token punctuation\">}<\/span><span class=\"token punctuation\">,<\/span> signature<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\nconsole<span class=\"token punctuation\">.<\/span><span class=\"token function\">log<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;Signature valid?&#034;<\/span><span class=\"token punctuation\">,<\/span> isValid<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><\/p>\n<h3>5. \u6df7\u5408\u52a0\u5bc6\u5b9e\u6218&#xff1a;HTTPS (TLS 1.2) \u63e1\u624b\u5168\u6d41\u7a0b<\/h3>\n<p>\u8fd9\u662f\u73b0\u4ee3\u4e92\u8054\u7f51\u5b89\u5168\u7684\u57fa\u7840&#xff0c;\u7ed3\u5408\u4e86\u975e\u5bf9\u79f0\u52a0\u5bc6&#xff08;\u4ea4\u6362\u5bc6\u94a5&#xff09;\u548c\u5bf9\u79f0\u52a0\u5bc6&#xff08;\u4f20\u8f93\u6570\u636e&#xff09;\u3002<\/p>\n<p>     Server<\/p>\n<p>     Client<\/p>\n<p>      Server<\/p>\n<p>      Client<\/p>\n<p>  #mermaid-svg-qUjZMiFjFivAdlFe{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#mermaid-svg-qUjZMiFjFivAdlFe .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#mermaid-svg-qUjZMiFjFivAdlFe .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#mermaid-svg-qUjZMiFjFivAdlFe .error-icon{fill:#552222;}#mermaid-svg-qUjZMiFjFivAdlFe .error-text{fill:#552222;stroke:#552222;}#mermaid-svg-qUjZMiFjFivAdlFe .edge-thickness-normal{stroke-width:1px;}#mermaid-svg-qUjZMiFjFivAdlFe .edge-thickness-thick{stroke-width:3.5px;}#mermaid-svg-qUjZMiFjFivAdlFe .edge-pattern-solid{stroke-dasharray:0;}#mermaid-svg-qUjZMiFjFivAdlFe .edge-thickness-invisible{stroke-width:0;fill:none;}#mermaid-svg-qUjZMiFjFivAdlFe .edge-pattern-dashed{stroke-dasharray:3;}#mermaid-svg-qUjZMiFjFivAdlFe .edge-pattern-dotted{stroke-dasharray:2;}#mermaid-svg-qUjZMiFjFivAdlFe .marker{fill:#333333;stroke:#333333;}#mermaid-svg-qUjZMiFjFivAdlFe .marker.cross{stroke:#333333;}#mermaid-svg-qUjZMiFjFivAdlFe svg{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:16px;}#mermaid-svg-qUjZMiFjFivAdlFe p{margin:0;}#mermaid-svg-qUjZMiFjFivAdlFe .actor{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#mermaid-svg-qUjZMiFjFivAdlFe text.actor&gt;tspan{fill:black;stroke:none;}#mermaid-svg-qUjZMiFjFivAdlFe .actor-line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);}#mermaid-svg-qUjZMiFjFivAdlFe .innerArc{stroke-width:1.5;stroke-dasharray:none;}#mermaid-svg-qUjZMiFjFivAdlFe .messageLine0{stroke-width:1.5;stroke-dasharray:none;stroke:#333;}#mermaid-svg-qUjZMiFjFivAdlFe .messageLine1{stroke-width:1.5;stroke-dasharray:2,2;stroke:#333;}#mermaid-svg-qUjZMiFjFivAdlFe #arrowhead path{fill:#333;stroke:#333;}#mermaid-svg-qUjZMiFjFivAdlFe .sequenceNumber{fill:white;}#mermaid-svg-qUjZMiFjFivAdlFe #sequencenumber{fill:#333;}#mermaid-svg-qUjZMiFjFivAdlFe #crosshead path{fill:#333;stroke:#333;}#mermaid-svg-qUjZMiFjFivAdlFe .messageText{fill:#333;stroke:none;}#mermaid-svg-qUjZMiFjFivAdlFe .labelBox{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#mermaid-svg-qUjZMiFjFivAdlFe .labelText,#mermaid-svg-qUjZMiFjFivAdlFe .labelText&gt;tspan{fill:black;stroke:none;}#mermaid-svg-qUjZMiFjFivAdlFe .loopText,#mermaid-svg-qUjZMiFjFivAdlFe .loopText&gt;tspan{fill:black;stroke:none;}#mermaid-svg-qUjZMiFjFivAdlFe .loopLine{stroke-width:2px;stroke-dasharray:2,2;stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);}#mermaid-svg-qUjZMiFjFivAdlFe .note{stroke:#aaaa33;fill:#fff5ad;}#mermaid-svg-qUjZMiFjFivAdlFe .noteText,#mermaid-svg-qUjZMiFjFivAdlFe .noteText&gt;tspan{fill:black;stroke:none;}#mermaid-svg-qUjZMiFjFivAdlFe .activation0{fill:#f4f4f4;stroke:#666;}#mermaid-svg-qUjZMiFjFivAdlFe .activation1{fill:#f4f4f4;stroke:#666;}#mermaid-svg-qUjZMiFjFivAdlFe .activation2{fill:#f4f4f4;stroke:#666;}#mermaid-svg-qUjZMiFjFivAdlFe .actorPopupMenu{position:absolute;}#mermaid-svg-qUjZMiFjFivAdlFe .actorPopupMenuPanel{position:absolute;fill:#ECECFF;box-shadow:0px 8px 16px 0px rgba(0,0,0,0.2);filter:drop-shadow(3px 5px 2px rgb(0 0 0 \/ 0.4));}#mermaid-svg-qUjZMiFjFivAdlFe .actor-man line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;}#mermaid-svg-qUjZMiFjFivAdlFe .actor-man circle,#mermaid-svg-qUjZMiFjFivAdlFe line{stroke:hsl(259.6261682243, 59.7765363128%, 87.9019607843%);fill:#ECECFF;stroke-width:2px;}#mermaid-svg-qUjZMiFjFivAdlFe :root{&#8211;mermaid-font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;}<\/p>\n<p>     5. \u9a8c\u8bc1\u8bc1\u4e66 &amp; \u751f\u6210\u9884\u4e3b\u5bc6\u94a5<\/p>\n<p>     7. [\u4f7f\u7528\u79c1\u94a5\u89e3\u5bc6] \u5f97\u5230\u9884\u4e3b\u5bc6\u94a5<\/p>\n<p>     8. \u53cc\u65b9\u5171\u540c\u8ba1\u7b97<\/p>\n<p>     \u4f1a\u8bdd\u5bc6\u94a5 &#061; PRF(\u968f\u673a\u6570C &#043; \u968f\u673a\u6570S &#043; \u9884\u4e3b\u5bc6\u94a5)<\/p>\n<p>     &#061;&#061;&#061;&#061;&#061;&#061;&#061;&#061; \u5efa\u7acb\u5b89\u5168\u901a\u9053 &#061;&#061;&#061;&#061;&#061;&#061;&#061;&#061;<\/p>\n<p>   1. ClientHello<\/p>\n<p>   (\u652f\u6301\u7684\u52a0\u5bc6\u5957\u4ef6, \u968f\u673a\u6570C)<\/p>\n<p>   2. ServerHello<\/p>\n<p>   (\u9009\u5b9a\u52a0\u5bc6\u5957\u4ef6, \u968f\u673a\u6570S)<\/p>\n<p>   3. Certificate<\/p>\n<p>   (\u5305\u542b\u670d\u52a1\u5668\u516c\u94a5)<\/p>\n<p>   4. ServerHelloDone<\/p>\n<p>   6. [\u4f7f\u7528\u516c\u94a5\u52a0\u5bc6] \u9884\u4e3b\u5bc6\u94a5<\/p>\n<p>   9. ChangeCipherSpec<\/p>\n<p>   \u901a\u77e5\u540e\u7eed\u52a0\u5bc6<\/p>\n<p>   10. Finished<\/p>\n<p>   (\u4f7f\u7528\u4f1a\u8bdd\u5bc6\u94a5\u52a0\u5bc6\u7684\u6821\u9a8c\u6d88\u606f)<\/p>\n<p>   11. ChangeCipherSpec<\/p>\n<p>   12. Finished<\/p>\n<p>   [\u4f7f\u7528 AES\/\u4f1a\u8bdd\u5bc6\u94a5] \u52a0\u5bc6\u7684\u5e94\u7528\u6570\u636e<\/p>\n<p>   [\u4f7f\u7528 AES\/\u4f1a\u8bdd\u5bc6\u94a5] \u52a0\u5bc6\u7684\u5e94\u7528\u6570\u636e<\/p>\n<p>\u6ce8&#xff1a;TLS 1.3 \u5bf9\u6b64\u8fdb\u884c\u4e86\u4f18\u5316&#xff0c;\u79fb\u9664\u4e86 RSA \u5bc6\u94a5\u4ea4\u6362&#xff0c;\u5f3a\u5236\u4f7f\u7528 ECDHE&#xff0c;\u4ec5\u9700 1-RTT&#xff08;\u5f80\u8fd4\u5ef6\u8fdf&#xff09;\u3002<\/p>\n<h4>5.1 \u5b9e\u6218&#xff1a;\u4f7f\u7528 OpenSSL \u5206\u6790 HTTPS \u63e1\u624b<\/h4>\n<p>\u4f5c\u4e3a\u5f00\u53d1\u8005&#xff0c;\u4f60\u53ef\u4ee5\u4f7f\u7528\u547d\u4ee4\u884c\u5de5\u5177\u9a8c\u8bc1\u4e0a\u8ff0\u6d41\u7a0b&#xff08;\u65e0\u8bba\u4f60\u7528 Java \u8fd8\u662f JS&#xff0c;\u5e95\u5c42\u7684 TLS \u903b\u8f91\u90fd\u662f\u4e00\u6837\u7684&#xff09;&#xff1a;<\/p>\n<p><span class=\"token comment\"># \u67e5\u770b\u7f51\u7ad9\u8bc1\u4e66\u4fe1\u606f<\/span><br \/>\nopenssl s_client -connect google.com:443 -showcerts<br \/>\n<span class=\"token comment\"># \u67e5\u770b\u534f\u5546\u51fa\u7684\u52a0\u5bc6\u5957\u4ef6\u548c\u4f1a\u8bdd\u5bc6\u94a5\u53c2\u6570&#xff08;\u9700\u5f00\u542f SSLKEYLOGFILE&#xff09;<\/span><br \/>\n<span class=\"token comment\"># \u73af\u5883\u53d8\u91cf: export SSLKEYLOGFILE&#061;~\/keys.log<\/span><br \/>\n<span class=\"token comment\"># \u7136\u540e\u4f7f\u7528 Wireshark \u6253\u5f00 keys.log \u5373\u53ef\u89e3\u5bc6 HTTPS \u6d41\u91cf\u67e5\u770b\u660e\u6587<\/span><\/p>\n<h3>6. \u5bc6\u7801\u5b58\u50a8\u4e0e\u54c8\u5e0c&#xff1a;PBKDF2 \u5b9e\u6218<\/h3>\n<p>\u5343\u4e07\u4e0d\u8981\u7528 MD5 \u5b58\u5bc6\u7801&#xff01;\u8bf7\u4f7f\u7528 KDF (Key Derivation Function)\u3002<\/p>\n<h5>Java (JDK 8&#043;)<\/h5>\n<p>\u4f7f\u7528 SecretKeyFactory \u548c PBKDF2WithHmacSHA256\u3002<\/p>\n<p><span class=\"token keyword\">import<\/span> <span class=\"token namespace\">javax<span class=\"token punctuation\">.<\/span>crypto<span class=\"token punctuation\">.<\/span><\/span><span class=\"token class-name\">SecretKeyFactory<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">import<\/span> <span class=\"token namespace\">javax<span class=\"token punctuation\">.<\/span>crypto<span class=\"token punctuation\">.<\/span>spec<span class=\"token punctuation\">.<\/span><\/span><span class=\"token class-name\">PBEKeySpec<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">import<\/span> <span class=\"token namespace\">java<span class=\"token punctuation\">.<\/span>security<span class=\"token punctuation\">.<\/span><\/span><span class=\"token class-name\">SecureRandom<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">import<\/span> <span class=\"token namespace\">java<span class=\"token punctuation\">.<\/span>util<span class=\"token punctuation\">.<\/span><\/span><span class=\"token class-name\">Base64<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">public<\/span> <span class=\"token keyword\">class<\/span> <span class=\"token class-name\">PasswordHashing<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n    <span class=\"token keyword\">private<\/span> <span class=\"token keyword\">static<\/span> <span class=\"token keyword\">final<\/span> <span class=\"token keyword\">int<\/span> ITERATIONS <span class=\"token operator\">&#061;<\/span> <span class=\"token number\">100000<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token keyword\">private<\/span> <span class=\"token keyword\">static<\/span> <span class=\"token keyword\">final<\/span> <span class=\"token keyword\">int<\/span> KEY_LENGTH <span class=\"token operator\">&#061;<\/span> <span class=\"token number\">256<\/span><span class=\"token punctuation\">;<\/span> <span class=\"token comment\">\/\/ bits<\/span><br \/>\n    <span class=\"token keyword\">private<\/span> <span class=\"token keyword\">static<\/span> <span class=\"token keyword\">final<\/span> <span class=\"token keyword\">int<\/span> SALT_LENGTH <span class=\"token operator\">&#061;<\/span> <span class=\"token number\">16<\/span><span class=\"token punctuation\">;<\/span> <span class=\"token comment\">\/\/ bytes<\/span><br \/>\n    <span class=\"token keyword\">private<\/span> <span class=\"token keyword\">static<\/span> <span class=\"token keyword\">final<\/span> <span class=\"token class-name\">String<\/span> ALGO <span class=\"token operator\">&#061;<\/span> <span class=\"token string\">&#034;PBKDF2WithHmacSHA256&#034;<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token keyword\">public<\/span> <span class=\"token keyword\">static<\/span> <span class=\"token class-name\">String<\/span> <span class=\"token function\">hashPassword<\/span><span class=\"token punctuation\">(<\/span><span class=\"token class-name\">String<\/span> password<span class=\"token punctuation\">)<\/span> <span class=\"token keyword\">throws<\/span> <span class=\"token class-name\">Exception<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n        <span class=\"token comment\">\/\/ 1. \u751f\u6210\u968f\u673a\u76d0<\/span><br \/>\n        <span class=\"token class-name\">SecureRandom<\/span> random <span class=\"token operator\">&#061;<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token class-name\">SecureRandom<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> salt <span class=\"token operator\">&#061;<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span>SALT_LENGTH<span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        random<span class=\"token punctuation\">.<\/span><span class=\"token function\">nextBytes<\/span><span class=\"token punctuation\">(<\/span>salt<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token comment\">\/\/ 2. \u8ba1\u7b97\u54c8\u5e0c<\/span><br \/>\n        <span class=\"token class-name\">PBEKeySpec<\/span> spec <span class=\"token operator\">&#061;<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token class-name\">PBEKeySpec<\/span><span class=\"token punctuation\">(<\/span>password<span class=\"token punctuation\">.<\/span><span class=\"token function\">toCharArray<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">,<\/span> salt<span class=\"token punctuation\">,<\/span> ITERATIONS<span class=\"token punctuation\">,<\/span> KEY_LENGTH<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">SecretKeyFactory<\/span> factory <span class=\"token operator\">&#061;<\/span> <span class=\"token class-name\">SecretKeyFactory<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">getInstance<\/span><span class=\"token punctuation\">(<\/span>ALGO<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> hash <span class=\"token operator\">&#061;<\/span> factory<span class=\"token punctuation\">.<\/span><span class=\"token function\">generateSecret<\/span><span class=\"token punctuation\">(<\/span>spec<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">getEncoded<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token comment\">\/\/ 3. \u5b58\u50a8: salt &#043; hash (\u8f6c Hex)<\/span><br \/>\n        <span class=\"token keyword\">return<\/span> <span class=\"token function\">bytesToHex<\/span><span class=\"token punctuation\">(<\/span>salt<span class=\"token punctuation\">)<\/span> <span class=\"token operator\">&#043;<\/span> <span class=\"token string\">&#034;:&#034;<\/span> <span class=\"token operator\">&#043;<\/span> <span class=\"token function\">bytesToHex<\/span><span class=\"token punctuation\">(<\/span>hash<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token punctuation\">}<\/span><br \/>\n    <span class=\"token keyword\">public<\/span> <span class=\"token keyword\">static<\/span> <span class=\"token keyword\">boolean<\/span> <span class=\"token function\">verifyPassword<\/span><span class=\"token punctuation\">(<\/span><span class=\"token class-name\">String<\/span> storedHash<span class=\"token punctuation\">,<\/span> <span class=\"token class-name\">String<\/span> inputPassword<span class=\"token punctuation\">)<\/span> <span class=\"token keyword\">throws<\/span> <span class=\"token class-name\">Exception<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n        <span class=\"token class-name\">String<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> parts <span class=\"token operator\">&#061;<\/span> storedHash<span class=\"token punctuation\">.<\/span><span class=\"token function\">split<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;:&#034;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> salt <span class=\"token operator\">&#061;<\/span> <span class=\"token function\">hexToBytes<\/span><span class=\"token punctuation\">(<\/span>parts<span class=\"token punctuation\">[<\/span><span class=\"token number\">0<\/span><span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> storedHashBytes <span class=\"token operator\">&#061;<\/span> <span class=\"token function\">hexToBytes<\/span><span class=\"token punctuation\">(<\/span>parts<span class=\"token punctuation\">[<\/span><span class=\"token number\">1<\/span><span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token comment\">\/\/ 4. \u4f7f\u7528\u540c\u6837\u7684\u76d0\u8ba1\u7b97\u8f93\u5165\u5bc6\u7801\u7684\u54c8\u5e0c<\/span><br \/>\n        <span class=\"token class-name\">PBEKeySpec<\/span> spec <span class=\"token operator\">&#061;<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token class-name\">PBEKeySpec<\/span><span class=\"token punctuation\">(<\/span>inputPassword<span class=\"token punctuation\">.<\/span><span class=\"token function\">toCharArray<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">,<\/span> salt<span class=\"token punctuation\">,<\/span> ITERATIONS<span class=\"token punctuation\">,<\/span> KEY_LENGTH<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token class-name\">SecretKeyFactory<\/span> factory <span class=\"token operator\">&#061;<\/span> <span class=\"token class-name\">SecretKeyFactory<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">getInstance<\/span><span class=\"token punctuation\">(<\/span>ALGO<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> inputHashBytes <span class=\"token operator\">&#061;<\/span> factory<span class=\"token punctuation\">.<\/span><span class=\"token function\">generateSecret<\/span><span class=\"token punctuation\">(<\/span>spec<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">getEncoded<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token comment\">\/\/ 5. \u5bf9\u6bd4<\/span><br \/>\n        <span class=\"token keyword\">return<\/span> <span class=\"token function\">slowEquals<\/span><span class=\"token punctuation\">(<\/span>storedHashBytes<span class=\"token punctuation\">,<\/span> inputHashBytes<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token punctuation\">}<\/span><br \/>\n    <span class=\"token comment\">\/\/ \u8f85\u52a9&#xff1a;\u9632\u65f6\u5e8f\u653b\u51fb\u6bd4\u8f83<\/span><br \/>\n    <span class=\"token keyword\">private<\/span> <span class=\"token keyword\">static<\/span> <span class=\"token keyword\">boolean<\/span> <span class=\"token function\">slowEquals<\/span><span class=\"token punctuation\">(<\/span><span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> a<span class=\"token punctuation\">,<\/span> <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> b<span class=\"token punctuation\">)<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n        <span class=\"token keyword\">int<\/span> diff <span class=\"token operator\">&#061;<\/span> a<span class=\"token punctuation\">.<\/span>length <span class=\"token operator\">^<\/span> b<span class=\"token punctuation\">.<\/span>length<span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">for<\/span><span class=\"token punctuation\">(<\/span><span class=\"token keyword\">int<\/span> i <span class=\"token operator\">&#061;<\/span> <span class=\"token number\">0<\/span><span class=\"token punctuation\">;<\/span> i <span class=\"token operator\">&lt;<\/span> a<span class=\"token punctuation\">.<\/span>length <span class=\"token operator\">&amp;&amp;<\/span> i <span class=\"token operator\">&lt;<\/span> b<span class=\"token punctuation\">.<\/span>length<span class=\"token punctuation\">;<\/span> i<span class=\"token operator\">&#043;&#043;<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n            diff <span class=\"token operator\">|&#061;<\/span> a<span class=\"token punctuation\">[<\/span>i<span class=\"token punctuation\">]<\/span> <span class=\"token operator\">^<\/span> b<span class=\"token punctuation\">[<\/span>i<span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token punctuation\">}<\/span><br \/>\n        <span class=\"token keyword\">return<\/span> diff <span class=\"token operator\">&#061;&#061;<\/span> <span class=\"token number\">0<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token punctuation\">}<\/span><br \/>\n    <span class=\"token keyword\">private<\/span> <span class=\"token keyword\">static<\/span> <span class=\"token class-name\">String<\/span> <span class=\"token function\">bytesToHex<\/span><span class=\"token punctuation\">(<\/span><span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> bytes<span class=\"token punctuation\">)<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n        <span class=\"token class-name\">StringBuilder<\/span> sb <span class=\"token operator\">&#061;<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token class-name\">StringBuilder<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">for<\/span> <span class=\"token punctuation\">(<\/span><span class=\"token keyword\">byte<\/span> b <span class=\"token operator\">:<\/span> bytes<span class=\"token punctuation\">)<\/span> sb<span class=\"token punctuation\">.<\/span><span class=\"token function\">append<\/span><span class=\"token punctuation\">(<\/span><span class=\"token class-name\">String<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">format<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;%02x&#034;<\/span><span class=\"token punctuation\">,<\/span> b<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">return<\/span> sb<span class=\"token punctuation\">.<\/span><span class=\"token function\">toString<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token punctuation\">}<\/span><br \/>\n    <span class=\"token keyword\">private<\/span> <span class=\"token keyword\">static<\/span> <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> <span class=\"token function\">hexToBytes<\/span><span class=\"token punctuation\">(<\/span><span class=\"token class-name\">String<\/span> s<span class=\"token punctuation\">)<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n        <span class=\"token keyword\">int<\/span> len <span class=\"token operator\">&#061;<\/span> s<span class=\"token punctuation\">.<\/span><span class=\"token function\">length<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span><span class=\"token punctuation\">]<\/span> data <span class=\"token operator\">&#061;<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">[<\/span>len <span class=\"token operator\">\/<\/span> <span class=\"token number\">2<\/span><span class=\"token punctuation\">]<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">for<\/span> <span class=\"token punctuation\">(<\/span><span class=\"token keyword\">int<\/span> i <span class=\"token operator\">&#061;<\/span> <span class=\"token number\">0<\/span><span class=\"token punctuation\">;<\/span> i <span class=\"token operator\">&lt;<\/span> len<span class=\"token punctuation\">;<\/span> i <span class=\"token operator\">&#043;&#061;<\/span> <span class=\"token number\">2<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n            data<span class=\"token punctuation\">[<\/span>i <span class=\"token operator\">\/<\/span> <span class=\"token number\">2<\/span><span class=\"token punctuation\">]<\/span> <span class=\"token operator\">&#061;<\/span> <span class=\"token punctuation\">(<\/span><span class=\"token keyword\">byte<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">(<\/span><span class=\"token class-name\">Character<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">digit<\/span><span class=\"token punctuation\">(<\/span>s<span class=\"token punctuation\">.<\/span><span class=\"token function\">charAt<\/span><span class=\"token punctuation\">(<\/span>i<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token number\">16<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token operator\">&lt;&lt;<\/span> <span class=\"token number\">4<\/span><span class=\"token punctuation\">)<\/span><br \/>\n                                 <span class=\"token operator\">&#043;<\/span> <span class=\"token class-name\">Character<\/span><span class=\"token punctuation\">.<\/span><span class=\"token function\">digit<\/span><span class=\"token punctuation\">(<\/span>s<span class=\"token punctuation\">.<\/span><span class=\"token function\">charAt<\/span><span class=\"token punctuation\">(<\/span>i<span class=\"token operator\">&#043;<\/span><span class=\"token number\">1<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token number\">16<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token punctuation\">}<\/span><br \/>\n        <span class=\"token keyword\">return<\/span> data<span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token punctuation\">}<\/span><br \/>\n<span class=\"token punctuation\">}<\/span><\/p>\n<h5>JavaScript (Node.js)<\/h5>\n<p>\u4f7f\u7528 crypto.pbkdf2 (Async\/Promise \u7248\u672c)\u3002<\/p>\n<p><span class=\"token keyword\">const<\/span> crypto <span class=\"token operator\">&#061;<\/span> <span class=\"token function\">require<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#039;crypto&#039;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">const<\/span> <span class=\"token constant\">ITERATIONS<\/span> <span class=\"token operator\">&#061;<\/span> <span class=\"token number\">100000<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">const<\/span> <span class=\"token constant\">KEY_LENGTH<\/span> <span class=\"token operator\">&#061;<\/span> <span class=\"token number\">32<\/span><span class=\"token punctuation\">;<\/span> <span class=\"token comment\">\/\/ 32 bytes &#061; 256 bits<\/span><br \/>\n<span class=\"token keyword\">const<\/span> <span class=\"token constant\">DIGEST<\/span> <span class=\"token operator\">&#061;<\/span> <span class=\"token string\">&#039;sha256&#039;<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token keyword\">const<\/span> <span class=\"token constant\">SALT_LENGTH<\/span> <span class=\"token operator\">&#061;<\/span> <span class=\"token number\">16<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token comment\">\/\/ \u4f7f\u7528 Promise \u5305\u88c5\u5f02\u6b65\u64cd\u4f5c<\/span><br \/>\n<span class=\"token keyword\">function<\/span> <span class=\"token function\">hashPassword<\/span><span class=\"token punctuation\">(<\/span><span class=\"token parameter\">password<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n    <span class=\"token keyword\">return<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token class-name\">Promise<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">(<\/span><span class=\"token parameter\">resolve<span class=\"token punctuation\">,<\/span> reject<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token operator\">&#061;&gt;<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n        <span class=\"token keyword\">const<\/span> salt <span class=\"token operator\">&#061;<\/span> crypto<span class=\"token punctuation\">.<\/span><span class=\"token function\">randomBytes<\/span><span class=\"token punctuation\">(<\/span><span class=\"token constant\">SALT_LENGTH<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><\/p>\n<p>        crypto<span class=\"token punctuation\">.<\/span><span class=\"token function\">pbkdf2<\/span><span class=\"token punctuation\">(<\/span>password<span class=\"token punctuation\">,<\/span> salt<span class=\"token punctuation\">,<\/span> <span class=\"token constant\">ITERATIONS<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token constant\">KEY_LENGTH<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token constant\">DIGEST<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token punctuation\">(<\/span><span class=\"token parameter\">err<span class=\"token punctuation\">,<\/span> derivedKey<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token operator\">&#061;&gt;<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n            <span class=\"token keyword\">if<\/span> <span class=\"token punctuation\">(<\/span>err<span class=\"token punctuation\">)<\/span> <span class=\"token keyword\">return<\/span> <span class=\"token function\">reject<\/span><span class=\"token punctuation\">(<\/span>err<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n            <span class=\"token comment\">\/\/ \u5b58\u50a8: salt &#043; hash (\u8f6c hex)<\/span><br \/>\n            <span class=\"token keyword\">const<\/span> stored <span class=\"token operator\">&#061;<\/span> salt<span class=\"token punctuation\">.<\/span><span class=\"token function\">toString<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#039;hex&#039;<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token operator\">&#043;<\/span> <span class=\"token string\">&#039;:&#039;<\/span> <span class=\"token operator\">&#043;<\/span> derivedKey<span class=\"token punctuation\">.<\/span><span class=\"token function\">toString<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#039;hex&#039;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n            <span class=\"token function\">resolve<\/span><span class=\"token punctuation\">(<\/span>stored<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token punctuation\">}<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token punctuation\">}<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token punctuation\">}<\/span><br \/>\n<span class=\"token keyword\">function<\/span> <span class=\"token function\">verifyPassword<\/span><span class=\"token punctuation\">(<\/span><span class=\"token parameter\">storedHash<span class=\"token punctuation\">,<\/span> password<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n    <span class=\"token keyword\">return<\/span> <span class=\"token keyword\">new<\/span> <span class=\"token class-name\">Promise<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">(<\/span><span class=\"token parameter\">resolve<span class=\"token punctuation\">,<\/span> reject<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token operator\">&#061;&gt;<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n        <span class=\"token keyword\">const<\/span> <span class=\"token punctuation\">[<\/span>saltHex<span class=\"token punctuation\">,<\/span> hashHex<span class=\"token punctuation\">]<\/span> <span class=\"token operator\">&#061;<\/span> storedHash<span class=\"token punctuation\">.<\/span><span class=\"token function\">split<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#039;:&#039;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n        <span class=\"token keyword\">const<\/span> salt <span class=\"token operator\">&#061;<\/span> Buffer<span class=\"token punctuation\">.<\/span><span class=\"token function\">from<\/span><span class=\"token punctuation\">(<\/span>saltHex<span class=\"token punctuation\">,<\/span> <span class=\"token string\">&#039;hex&#039;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><\/p>\n<p>        crypto<span class=\"token punctuation\">.<\/span><span class=\"token function\">pbkdf2<\/span><span class=\"token punctuation\">(<\/span>password<span class=\"token punctuation\">,<\/span> salt<span class=\"token punctuation\">,<\/span> <span class=\"token constant\">ITERATIONS<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token constant\">KEY_LENGTH<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token constant\">DIGEST<\/span><span class=\"token punctuation\">,<\/span> <span class=\"token punctuation\">(<\/span><span class=\"token parameter\">err<span class=\"token punctuation\">,<\/span> derivedKey<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token operator\">&#061;&gt;<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n            <span class=\"token keyword\">if<\/span> <span class=\"token punctuation\">(<\/span>err<span class=\"token punctuation\">)<\/span> <span class=\"token keyword\">return<\/span> <span class=\"token function\">reject<\/span><span class=\"token punctuation\">(<\/span>err<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><\/p>\n<p>            <span class=\"token keyword\">const<\/span> derivedKeyHex <span class=\"token operator\">&#061;<\/span> derivedKey<span class=\"token punctuation\">.<\/span><span class=\"token function\">toString<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#039;hex&#039;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n            <span class=\"token comment\">\/\/ \u4f7f\u7528 crypto.timingSafeEqual \u9632\u6b62\u65f6\u5e8f\u653b\u51fb<\/span><br \/>\n            <span class=\"token keyword\">const<\/span> keyBuffer <span class=\"token operator\">&#061;<\/span> Buffer<span class=\"token punctuation\">.<\/span><span class=\"token function\">from<\/span><span class=\"token punctuation\">(<\/span>hashHex<span class=\"token punctuation\">,<\/span> <span class=\"token string\">&#039;hex&#039;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n            <span class=\"token keyword\">const<\/span> derivedBuffer <span class=\"token operator\">&#061;<\/span> Buffer<span class=\"token punctuation\">.<\/span><span class=\"token function\">from<\/span><span class=\"token punctuation\">(<\/span>derivedKeyHex<span class=\"token punctuation\">,<\/span> <span class=\"token string\">&#039;hex&#039;<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><\/p>\n<p>            <span class=\"token keyword\">if<\/span> <span class=\"token punctuation\">(<\/span>keyBuffer<span class=\"token punctuation\">.<\/span>length <span class=\"token operator\">!&#061;&#061;<\/span> derivedBuffer<span class=\"token punctuation\">.<\/span>length<span class=\"token punctuation\">)<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n                <span class=\"token keyword\">return<\/span> <span class=\"token function\">resolve<\/span><span class=\"token punctuation\">(<\/span><span class=\"token boolean\">false<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n            <span class=\"token punctuation\">}<\/span><\/p>\n<p>            <span class=\"token keyword\">try<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n                <span class=\"token keyword\">const<\/span> match <span class=\"token operator\">&#061;<\/span> crypto<span class=\"token punctuation\">.<\/span><span class=\"token function\">timingSafeEqual<\/span><span class=\"token punctuation\">(<\/span>keyBuffer<span class=\"token punctuation\">,<\/span> derivedBuffer<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n                <span class=\"token function\">resolve<\/span><span class=\"token punctuation\">(<\/span>match<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n            <span class=\"token punctuation\">}<\/span> <span class=\"token keyword\">catch<\/span> <span class=\"token punctuation\">(<\/span>e<span class=\"token punctuation\">)<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n                <span class=\"token function\">resolve<\/span><span class=\"token punctuation\">(<\/span><span class=\"token boolean\">false<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n            <span class=\"token punctuation\">}<\/span><br \/>\n        <span class=\"token punctuation\">}<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token punctuation\">}<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token punctuation\">}<\/span><br \/>\n<span class=\"token comment\">\/\/ \u4f7f\u7528\u793a\u4f8b<\/span><br \/>\n<span class=\"token punctuation\">(<\/span><span class=\"token keyword\">async<\/span> <span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span> <span class=\"token operator\">&#061;&gt;<\/span> <span class=\"token punctuation\">{<\/span><br \/>\n    <span class=\"token keyword\">const<\/span> pass <span class=\"token operator\">&#061;<\/span> <span class=\"token string\">&#034;my_secure_pass&#034;<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token keyword\">const<\/span> hash <span class=\"token operator\">&#061;<\/span> <span class=\"token keyword\">await<\/span> <span class=\"token function\">hashPassword<\/span><span class=\"token punctuation\">(<\/span>pass<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    console<span class=\"token punctuation\">.<\/span><span class=\"token function\">log<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;Stored in DB:&#034;<\/span><span class=\"token punctuation\">,<\/span> hash<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    <span class=\"token keyword\">const<\/span> isValid <span class=\"token operator\">&#061;<\/span> <span class=\"token keyword\">await<\/span> <span class=\"token function\">verifyPassword<\/span><span class=\"token punctuation\">(<\/span>hash<span class=\"token punctuation\">,<\/span> pass<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n    console<span class=\"token punctuation\">.<\/span><span class=\"token function\">log<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">&#034;Check result:&#034;<\/span><span class=\"token punctuation\">,<\/span> isValid<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><br \/>\n<span class=\"token punctuation\">}<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">;<\/span><\/p>\n<h3>7. \u6280\u672f\u6df1\u5ea6\u8865\u5145&#xff1a;\u5e38\u89c1\u653b\u51fb\u4e0e\u9632\u5fa1<\/h3>\n<p>\u4e3a\u4e86\u8fbe\u5230\u201c\u7cbe\u901a\u201d&#xff0c;\u5fc5\u987b\u4e86\u89e3\u654c\u4eba\u5982\u4f55\u653b\u51fb\u3002<\/p>\n<table>\n<tr>\u653b\u51fb\u7c7b\u578b\u76ee\u6807\u7b97\u6cd5\u539f\u7406\u7b80\u8ff0\u9632\u5fa1\u65b9\u6848<\/tr>\n<tbody>\n<tr>\n<td align=\"left\">\u91cd\u653e\u653b\u51fb<\/td>\n<td align=\"left\">\u901a\u4fe1\u534f\u8bae<\/td>\n<td align=\"left\">\u653b\u51fb\u8005\u622a\u83b7\u6709\u6548\u7684\u6570\u636e\u5305&#xff08;\u5982\u8f6c\u8d26\u8bf7\u6c42&#xff09;&#xff0c;\u518d\u6b21\u53d1\u9001\u3002<\/td>\n<td align=\"left\">\u4f7f\u7528 Nonce (\u968f\u673a\u6570) \u6216 Timestamp (\u65f6\u95f4\u6233)\u3002GCM \u6a21\u5f0f\u7684 Nonce \u5fc5\u987b\u552f\u4e00\u3002<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">\u4e2d\u95f4\u4eba\u653b\u51fb (MITM)<\/td>\n<td align=\"left\">RSA\/TLS<\/td>\n<td align=\"left\">\u653b\u51fb\u8005\u5192\u5145\u670d\u52a1\u5668&#xff0c;\u53d1\u9001\u81ea\u5df1\u7684\u516c\u94a5\u7ed9\u5ba2\u6237\u7aef\u3002<\/td>\n<td align=\"left\">\u9a8c\u8bc1 \u6570\u5b57\u8bc1\u4e66\u94fe&#xff0c;\u5fc5\u987b\u7531\u53d7\u4fe1\u4efb\u7684 CA \u7b7e\u53d1\u3002<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">\u586b\u5145\u9884\u8a00\u653b\u51fb<\/td>\n<td align=\"left\">RSA-CBC<\/td>\n<td align=\"left\">\u653b\u51fb\u8005\u6839\u636e\u89e3\u5bc6\u65f6\u7684\u62a5\u9519\u4fe1\u606f&#xff08;Padding Error&#xff09;\u9010\u6b65\u63a8\u65ad\u660e\u6587\u3002<\/td>\n<td align=\"left\">\u89e3\u5bc6\u65f6\u4e0d\u7acb\u5373\u62a5\u9519&#xff0c;\u4f7f\u7528\u6052\u5b9a\u65f6\u95f4\u7b97\u6cd5&#xff1b;\u6539\u7528 RSA-OAEP\u3002<\/td>\n<\/tr>\n<tr>\n<td align=\"left\">\u4fa7\u4fe1\u9053\u653b\u51fb<\/td>\n<td align=\"left\">\u786c\u4ef6\/AES<\/td>\n<td align=\"left\">\u901a\u8fc7\u5206\u6790 CPU \u6267\u884c\u65f6\u95f4\u3001\u529f\u8017\u6216\u7535\u78c1\u8f90\u5c04\u6765\u63a8\u65ad\u5bc6\u94a5\u3002<\/td>\n<td align=\"left\">\u7269\u7406\u9694\u79bb&#xff1b;\u4f7f\u7528\u6052\u5b9a\u65f6\u95f4\u5b9e\u73b0\u7684\u4ee3\u7801\u5e93\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>8. \u603b\u7ed3&#xff1a;\u73b0\u4ee3\u5b89\u5168\u67b6\u6784\u8bbe\u8ba1\u56fe<\/h3>\n<p>\u5982\u679c\u4f60\u6b63\u5728\u8bbe\u8ba1\u4e00\u4e2a\u5b89\u5168\u7cfb\u7edf&#xff0c;\u8bf7\u9075\u5faa\u4ee5\u4e0b\u5782\u76f4\u67b6\u6784\u5c42\u7ea7&#xff0c;\u6bcf\u4e00\u5c42\u90fd\u4f9d\u8d56\u4e0b\u4e00\u5c42\u7684\u5b89\u5168\u652f\u6491&#xff1a;<\/p>\n<p>  #mermaid-svg-BA5q5INYmRGi76xl{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#mermaid-svg-BA5q5INYmRGi76xl .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#mermaid-svg-BA5q5INYmRGi76xl .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#mermaid-svg-BA5q5INYmRGi76xl .error-icon{fill:#552222;}#mermaid-svg-BA5q5INYmRGi76xl .error-text{fill:#552222;stroke:#552222;}#mermaid-svg-BA5q5INYmRGi76xl .edge-thickness-normal{stroke-width:1px;}#mermaid-svg-BA5q5INYmRGi76xl .edge-thickness-thick{stroke-width:3.5px;}#mermaid-svg-BA5q5INYmRGi76xl .edge-pattern-solid{stroke-dasharray:0;}#mermaid-svg-BA5q5INYmRGi76xl .edge-thickness-invisible{stroke-width:0;fill:none;}#mermaid-svg-BA5q5INYmRGi76xl .edge-pattern-dashed{stroke-dasharray:3;}#mermaid-svg-BA5q5INYmRGi76xl .edge-pattern-dotted{stroke-dasharray:2;}#mermaid-svg-BA5q5INYmRGi76xl .marker{fill:#333333;stroke:#333333;}#mermaid-svg-BA5q5INYmRGi76xl .marker.cross{stroke:#333333;}#mermaid-svg-BA5q5INYmRGi76xl svg{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:16px;}#mermaid-svg-BA5q5INYmRGi76xl p{margin:0;}#mermaid-svg-BA5q5INYmRGi76xl .label{font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;color:#333;}#mermaid-svg-BA5q5INYmRGi76xl .cluster-label text{fill:#333;}#mermaid-svg-BA5q5INYmRGi76xl .cluster-label span{color:#333;}#mermaid-svg-BA5q5INYmRGi76xl .cluster-label span p{background-color:transparent;}#mermaid-svg-BA5q5INYmRGi76xl .label text,#mermaid-svg-BA5q5INYmRGi76xl span{fill:#333;color:#333;}#mermaid-svg-BA5q5INYmRGi76xl .node rect,#mermaid-svg-BA5q5INYmRGi76xl .node circle,#mermaid-svg-BA5q5INYmRGi76xl .node ellipse,#mermaid-svg-BA5q5INYmRGi76xl .node polygon,#mermaid-svg-BA5q5INYmRGi76xl .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#mermaid-svg-BA5q5INYmRGi76xl .rough-node .label text,#mermaid-svg-BA5q5INYmRGi76xl .node .label text,#mermaid-svg-BA5q5INYmRGi76xl .image-shape .label,#mermaid-svg-BA5q5INYmRGi76xl .icon-shape .label{text-anchor:middle;}#mermaid-svg-BA5q5INYmRGi76xl .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#mermaid-svg-BA5q5INYmRGi76xl .rough-node .label,#mermaid-svg-BA5q5INYmRGi76xl .node .label,#mermaid-svg-BA5q5INYmRGi76xl .image-shape .label,#mermaid-svg-BA5q5INYmRGi76xl .icon-shape .label{text-align:center;}#mermaid-svg-BA5q5INYmRGi76xl .node.clickable{cursor:pointer;}#mermaid-svg-BA5q5INYmRGi76xl .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#mermaid-svg-BA5q5INYmRGi76xl .arrowheadPath{fill:#333333;}#mermaid-svg-BA5q5INYmRGi76xl .edgePath .path{stroke:#333333;stroke-width:2.0px;}#mermaid-svg-BA5q5INYmRGi76xl .flowchart-link{stroke:#333333;fill:none;}#mermaid-svg-BA5q5INYmRGi76xl .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#mermaid-svg-BA5q5INYmRGi76xl .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#mermaid-svg-BA5q5INYmRGi76xl .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#mermaid-svg-BA5q5INYmRGi76xl .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#mermaid-svg-BA5q5INYmRGi76xl .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#mermaid-svg-BA5q5INYmRGi76xl .cluster text{fill:#333;}#mermaid-svg-BA5q5INYmRGi76xl .cluster span{color:#333;}#mermaid-svg-BA5q5INYmRGi76xl div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#mermaid-svg-BA5q5INYmRGi76xl .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#mermaid-svg-BA5q5INYmRGi76xl rect.text{fill:none;stroke-width:0;}#mermaid-svg-BA5q5INYmRGi76xl .icon-shape,#mermaid-svg-BA5q5INYmRGi76xl .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#mermaid-svg-BA5q5INYmRGi76xl .icon-shape p,#mermaid-svg-BA5q5INYmRGi76xl .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#mermaid-svg-BA5q5INYmRGi76xl .icon-shape rect,#mermaid-svg-BA5q5INYmRGi76xl .image-shape rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#mermaid-svg-BA5q5INYmRGi76xl .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#mermaid-svg-BA5q5INYmRGi76xl .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#mermaid-svg-BA5q5INYmRGi76xl :root{&#8211;mermaid-font-family:\\&#8221;trebuchet ms\\&#8221;,verdana,arial,sans-serif;}<\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u5bc6\u94a5\u7ba1\u7406 Key Management<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u5b58\u50a8\u5b89\u5168 Storage Security<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u4f20\u8f93\u5b89\u5168 Transport Layer<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u63a5\u53e3\u5b89\u5168 API Security<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u5e94\u7528\u5c42 Application Layer<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"edgeLabel\"><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u4e1a\u52a1\u903b\u8f91<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u654f\u611f\u6570\u636e\u5904\u7406<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u8f93\u5165\u9a8c\u8bc1<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u53c2\u6570\u6e05\u6d17<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>TLS 1.3 \/ HTTPS<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u6570\u636e\u5e93\u52a0\u5bc6 AES-256<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u5bc6\u7801\u5b58\u50a8 Argon2\/PBKDF2<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>\u975e\u786c\u7f16\u7801\u5bc6\u94a5<\/p>\n<p><\/span><\/p>\n<p>         <span class=\"nodeLabel\"><\/p>\n<p>KMS \/ HSM \/ Vault<\/p>\n<p><\/span><\/p>\n<p>\u7cbe\u901a\u4e4b\u8def&#xff1a;\u7406\u89e3\u4e0a\u8ff0\u6bcf\u4e00\u4e2a\u7bad\u5934\u548c\u6a21\u5757\u80cc\u540e\u7684\u6570\u5b66\u539f\u7406\u4e0e\u5de5\u7a0b\u59a5\u534f&#xff0c;\u5e76\u6709\u80fd\u529b\u5728\u6027\u80fd\u3001\u5b89\u5168\u6027\u548c\u6613\u7528\u6027\u4e4b\u95f4\u627e\u5230\u6700\u4f73\u7684\u5e73\u8861\u70b9\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6587\u7ae0\u76ee\u5f551. \u6838\u5fc3\u6982\u5ff5\u5730\u56fe2. \u5bf9\u79f0\u52a0\u5bc6&#xff1a;AES \u7684\u5185\u90e8\u89e3\u5256\u4e0e\u5b9e\u62182.1 AES \u5355\u8f6e\u53d8\u6362\u6d41\u7a0b\u56fe2.2 \u5206\u7ec4\u6a21\u5f0f\u8be6\u89e3&#xff1a;ECB vs CBC2.3 \u5b9e\u6218&#xff1a;AES-GCM \u52a0\u5bc6\u4e0e\u89e3\u5bc6Java (JDK 11)JavaScript (Node.js)3. \u975e\u5bf9\u79f0\u52a0\u5bc6&#xff1a;RSA \u7684\u6570\u7406\u903b\u8f913.1 RSA \u5bc6\u94a5\u751f\u6210\u6d41\u7a0b\u56fe3.2 \u586b\u5145\u7684\u91cd\u8981\u6027&#xff1a;OAEP3.3 \u5b9e\u6218&#xff1a;RSA-OAEP \u52a0\u5bc6\u4e0e\u89e3\u5bc6Java (J<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[99,187,427],"topic":[],"class_list":["post-60210","post","type-post","status-publish","format-standard","hentry","category-server","tag-java","tag-javascript","tag-427"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>\u52a0\u5bc6\u4e0e\u7f16\u7801\u7b97\u6cd5\u5168\u89e3\uff1a\u4ece\u539f\u7406\u5230\u7cbe\u901a\uff08Java &amp; JS \u5b9e\u6218\u7248) - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.wsisp.com\/helps\/60210.html\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u52a0\u5bc6\u4e0e\u7f16\u7801\u7b97\u6cd5\u5168\u89e3\uff1a\u4ece\u539f\u7406\u5230\u7cbe\u901a\uff08Java &amp; JS \u5b9e\u6218\u7248) - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"og:description\" content=\"\u6587\u7ae0\u76ee\u5f551. \u6838\u5fc3\u6982\u5ff5\u5730\u56fe2. \u5bf9\u79f0\u52a0\u5bc6&#xff1a;AES \u7684\u5185\u90e8\u89e3\u5256\u4e0e\u5b9e\u62182.1 AES \u5355\u8f6e\u53d8\u6362\u6d41\u7a0b\u56fe2.2 \u5206\u7ec4\u6a21\u5f0f\u8be6\u89e3&#xff1a;ECB vs CBC2.3 \u5b9e\u6218&#xff1a;AES-GCM \u52a0\u5bc6\u4e0e\u89e3\u5bc6Java (JDK 11)JavaScript (Node.js)3. \u975e\u5bf9\u79f0\u52a0\u5bc6&#xff1a;RSA \u7684\u6570\u7406\u903b\u8f913.1 RSA \u5bc6\u94a5\u751f\u6210\u6d41\u7a0b\u56fe3.2 \u586b\u5145\u7684\u91cd\u8981\u6027&#xff1a;OAEP3.3 \u5b9e\u6218&#xff1a;RSA-OAEP \u52a0\u5bc6\u4e0e\u89e3\u5bc6Java (J\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.wsisp.com\/helps\/60210.html\" \/>\n<meta property=\"og:site_name\" content=\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-15T00:32:59+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"21 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/60210.html\",\"url\":\"https:\/\/www.wsisp.com\/helps\/60210.html\",\"name\":\"\u52a0\u5bc6\u4e0e\u7f16\u7801\u7b97\u6cd5\u5168\u89e3\uff1a\u4ece\u539f\u7406\u5230\u7cbe\u901a\uff08Java &amp; JS \u5b9e\u6218\u7248) - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"isPartOf\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\"},\"datePublished\":\"2026-01-15T00:32:59+00:00\",\"dateModified\":\"2026-01-15T00:32:59+00:00\",\"author\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/60210.html#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.wsisp.com\/helps\/60210.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/60210.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.wsisp.com\/helps\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u52a0\u5bc6\u4e0e\u7f16\u7801\u7b97\u6cd5\u5168\u89e3\uff1a\u4ece\u539f\u7406\u5230\u7cbe\u901a\uff08Java &amp; JS \u5b9e\u6218\u7248)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\",\"url\":\"https:\/\/www.wsisp.com\/helps\/\",\"name\":\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"description\":\"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"contentUrl\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"caption\":\"admin\"},\"sameAs\":[\"http:\/\/wp.wsisp.com\"],\"url\":\"https:\/\/www.wsisp.com\/helps\/author\/admin\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u52a0\u5bc6\u4e0e\u7f16\u7801\u7b97\u6cd5\u5168\u89e3\uff1a\u4ece\u539f\u7406\u5230\u7cbe\u901a\uff08Java &amp; JS \u5b9e\u6218\u7248) - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.wsisp.com\/helps\/60210.html","og_locale":"zh_CN","og_type":"article","og_title":"\u52a0\u5bc6\u4e0e\u7f16\u7801\u7b97\u6cd5\u5168\u89e3\uff1a\u4ece\u539f\u7406\u5230\u7cbe\u901a\uff08Java &amp; JS \u5b9e\u6218\u7248) - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","og_description":"\u6587\u7ae0\u76ee\u5f551. \u6838\u5fc3\u6982\u5ff5\u5730\u56fe2. \u5bf9\u79f0\u52a0\u5bc6&#xff1a;AES \u7684\u5185\u90e8\u89e3\u5256\u4e0e\u5b9e\u62182.1 AES \u5355\u8f6e\u53d8\u6362\u6d41\u7a0b\u56fe2.2 \u5206\u7ec4\u6a21\u5f0f\u8be6\u89e3&#xff1a;ECB vs CBC2.3 \u5b9e\u6218&#xff1a;AES-GCM \u52a0\u5bc6\u4e0e\u89e3\u5bc6Java (JDK 11)JavaScript (Node.js)3. \u975e\u5bf9\u79f0\u52a0\u5bc6&#xff1a;RSA \u7684\u6570\u7406\u903b\u8f913.1 RSA \u5bc6\u94a5\u751f\u6210\u6d41\u7a0b\u56fe3.2 \u586b\u5145\u7684\u91cd\u8981\u6027&#xff1a;OAEP3.3 \u5b9e\u6218&#xff1a;RSA-OAEP \u52a0\u5bc6\u4e0e\u89e3\u5bc6Java (J","og_url":"https:\/\/www.wsisp.com\/helps\/60210.html","og_site_name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","article_published_time":"2026-01-15T00:32:59+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"admin","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"21 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.wsisp.com\/helps\/60210.html","url":"https:\/\/www.wsisp.com\/helps\/60210.html","name":"\u52a0\u5bc6\u4e0e\u7f16\u7801\u7b97\u6cd5\u5168\u89e3\uff1a\u4ece\u539f\u7406\u5230\u7cbe\u901a\uff08Java &amp; JS \u5b9e\u6218\u7248) - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","isPartOf":{"@id":"https:\/\/www.wsisp.com\/helps\/#website"},"datePublished":"2026-01-15T00:32:59+00:00","dateModified":"2026-01-15T00:32:59+00:00","author":{"@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41"},"breadcrumb":{"@id":"https:\/\/www.wsisp.com\/helps\/60210.html#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.wsisp.com\/helps\/60210.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.wsisp.com\/helps\/60210.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.wsisp.com\/helps"},{"@type":"ListItem","position":2,"name":"\u52a0\u5bc6\u4e0e\u7f16\u7801\u7b97\u6cd5\u5168\u89e3\uff1a\u4ece\u539f\u7406\u5230\u7cbe\u901a\uff08Java &amp; JS \u5b9e\u6218\u7248)"}]},{"@type":"WebSite","@id":"https:\/\/www.wsisp.com\/helps\/#website","url":"https:\/\/www.wsisp.com\/helps\/","name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","description":"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41","name":"admin","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/","url":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","contentUrl":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","caption":"admin"},"sameAs":["http:\/\/wp.wsisp.com"],"url":"https:\/\/www.wsisp.com\/helps\/author\/admin"}]}},"_links":{"self":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/60210","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/comments?post=60210"}],"version-history":[{"count":0,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/60210\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/media?parent=60210"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/categories?post=60210"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/tags?post=60210"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/topic?post=60210"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}