摘要
本文使用Hutool自带的AES封装加密策略,同时结合内部工具类来实现数据脱敏。
实现原理
Hutool的加密脱敏核心原理是利用AES对称加密算法对敏感数据进行加密保护,采用随机生成的128-bit密钥增强安全性,并通过Base64编码方便数据传输存储。解密后,使用StrUtil.hide方法按规则隐藏部分数据实现脱敏展示,如隐藏人名中间部分、身份证号大部分数字等,以平衡数据安全与信息展示需求。
示例代码
1)导入依赖
xml
<!-- hutool工具包 -->
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>5.8.29</version>
</dependency>2)定义规则
arduino
package org.coffeebeans.service.aes;
import cn.hutool.core.util.RandomUtil;
import cn.hutool.crypto.symmetric.AES;
/**
* 对称加密脱敏/解密工具
* 内部自动生成 128 bit 随机密钥,也可外部指定
*/
public final class SensitiveCrypto {
private static final AES AES = new AES(RandomUtil.randomBytes(16)); // 16 byte = 128 bit
private SensitiveCrypto() {}
//加密
public static String mask(String plain) {
return AES.encryptBase64(plain);
}
//解密
public static String unmask(String cipher) {
return AES.decryptStr(cipher);
}
}3)使用工具
ini
package org.coffeebeans.service.aes;
import cn.hutool.core.util.StrUtil;
public class AESUse {
public static void main(String[] args) {
// 原始数据
String name = "张三";
String idCard = "53333618541251";
String telPhone = "13888888888";
String mobilePhone = "5201111";
String address = "四川省成都市高新区1号";
String email = "1234567890@qq.com";
// 1. 脱敏(加密)
String maskedName = SensitiveCrypto.mask(name);
String maskedIdCard = SensitiveCrypto.mask(idCard);
String maskedTelPhone = SensitiveCrypto.mask(telPhone);
String maskedMobilePhone = SensitiveCrypto.mask(mobilePhone);
String maskedAddress = SensitiveCrypto.mask(address);
String maskedEmail = SensitiveCrypto.mask(email);
System.out.println("加密后:");
System.out.println("name = " + maskedName);
System.out.println("idCard = " + maskedIdCard);
System.out.println("telPhone = " + maskedTelPhone);
System.out.println("mobilePhone = " + maskedMobilePhone);
System.out.println("maskedAddress = " + maskedAddress);
System.out.println("email = " + maskedEmail);
/*
加密后:
name = 5+Znlwozz3/mhfGAC3AOFQ==
idCard = oT5EboAJ5rCCZkQCuppDzA==
telPhone = aY5XDQwXQtVpuQZ5I3VRCA==
mobilePhone = z6/QQNPujE0EUGbm0v9hGA==
maskedAddress = X/BRAw6pYY/WrQA0zNz1Vvp9exm7r9Z4AIJFigWmzbU=
email = aHB+fFUiAAoBAcgsPcvUNvcE5m6lLzW4DmLEfONhLC4=
*/
// 2. 解密(仅授权场景)
String unmaskedName = SensitiveCrypto.unmask(maskedName);
String unmaskedIdCard = SensitiveCrypto.unmask(maskedIdCard);
String unmaskedTelPhone = SensitiveCrypto.unmask(maskedTelPhone);
String unmaskedMobilePhone = SensitiveCrypto.unmask(maskedMobilePhone);
String unmaskedAddress = SensitiveCrypto.unmask(maskedAddress);
String unmaskedEmail = SensitiveCrypto.unmask(maskedEmail);
System.out.println("\n解密后:");
System.out.println("name = " + unmaskedName);
System.out.println("idCard = " + unmaskedIdCard);
System.out.println("telPhone = " + unmaskedTelPhone);
System.out.println("mobilePhone = " + unmaskedMobilePhone);
System.out.println("address = " + unmaskedAddress);
System.out.println("email = " + unmaskedEmail);
/*
解密后:
name = 张三
idCard = 53333618541251
telPhone = 13888888888
mobilePhone = 5201111
address = 四川省成都市高新区1号
email = 1234567890@qq.com
*/
// 3. 解密后脱敏
System.out.println("\n解密后脱敏:");
System.out.println("name = " + StrUtil.hide(unmaskedName, 1, 2));
System.out.println("idCard = " + StrUtil.hide(unmaskedIdCard, 1, idCard.length() - 2));
System.out.println("telPhone = " + StrUtil.hide(unmaskedTelPhone, 3, unmaskedTelPhone.length() - 4));
System.out.println("mobilePhone = " + StrUtil.hide(unmaskedMobilePhone, 3, 7));
System.out.println("address = " + StrUtil.hide(unmaskedAddress, 3, 100));
System.out.println("email = " + StrUtil.hide(unmaskedEmail, 1, email.indexOf('@')));
/*
解密后脱敏:
name = 张*
idCard = 5***********51
telPhone = 138****8888
mobilePhone = 520****
address = 四川省********
email = 1*********@qq.com
*/
}
}总结
以上我们了解了如何使用Hutool自带的AES+hide来实现敏感数据加解密脱敏。
关注公众号:咖啡Beans
在这里,我们专注于软件技术的交流与成长,分享开发心得与笔记,涵盖编程、AI、资讯、面试等多个领域。无论是前沿科技的探索,还是实用技巧的总结,我们都致力于为大家呈现有价值的内容。期待与你共同进步,开启技术之旅。