New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some cryptographic suggestions #6202
Comments
private static String KEY = EncryptedString.key;
private static String IV = EncryptedString.iv; |
public static final String ALGORITHM = "PBEWithMD5AndDES"; |
public class SecurityTools {
public static final String ALGORITHM = "AES/ECB/PKCS5Padding";
public static SecurityResp valid(SecurityReq req) {
SecurityResp resp=new SecurityResp();
String pubKey=req.getPubKey();
String aesKey=req.getAesKey();
String data=req.getData();
String signData=req.getSignData();
RSA rsa=new RSA(null, Base64Decoder.decode(pubKey));
Sign sign= new Sign(SignAlgorithm.SHA1withRSA,null,pubKey); The code uses SHA1withRSA for the signature verification, which is an outdated algorithm with known weaknesses and no longer recommended for use. |
zj |
What you said is very instructive, but unfortunately, the Jeecg open source team is not good at security engineering, so we can only provide basic security protection. Also, because Jeecg is an open source project, and when it comes to using security algorithms, we have achieved a small amount of changes to complete security algorithm changes, so we more advocate that you can modify the algorithm and choose a security algorithm that fits your field. |
No description provided.
The text was updated successfully, but these errors were encountered: