Spring Cloud provides developers with a range of tools to quickly build common models of distributed systems. For example: configuration management, service discovery, off-routing, intelligent routing, micro-agents, control bus, one-time tokens, global locks, decision-making campaigns, distributed sessions, cluster status, etc. The assistance of distributed systems requires a large number of models, and developers using Spring Cloud can quickly establish services and applications that support these patterns. They will be suitable for any distributed environment, whether it is a developer's personal computer or production environment, or a cloud platform.
characteristic
Spring Cloud focuses on providing typical solutions and scalable ways that are good out of the box.
Introduction
RSA asymmetric encryption has very strong security. HTTPS SSL encryption uses this method to encrypt and transmit HTTPS requests. Because the RSA algorithm involves Private Key and Public Key for encryption and decryption, it is called asymmetric encryption. Private Key and Public Key are interoperable, that is, those encrypted with private key can be decrypted with public key, and those encrypted with public key can be decrypted with private key. Traditional one-way authentication only uses the public key for encryption, and only those with the private key can decrypt. For example, a web server will have a pair of private keys and public keys. The browser client saves the server's public key. When the client needs to send data to the server, it uses the server's public key to encrypt it. Then, when the server receives the data, it uses the private key to decrypt it. When the client verifys whether the server is a real server, it will compare the public key provided by the server with the public key saved locally. Only if it is consistent can the authenticity of the server be verified.
In our config server, some of the data that have high encryption requirements can be encrypted and decrypted using RSA algorithm.
Project source code
Gitee code cloud
Generate test keystore
We need to use the keytool tool that comes with jdk to generate a keystore, which saves the private key information, and use the following command line:
keytool -genkeypair -alias config-server-key -keyalg RSA -dname "CN=Config Server,OU=Xuqian,O=My Own Company,L=Beijing,S=Beijing,C=CN" -keypass changeit
-keystore server.jks -storepass changeit
The -genkeypair parameter generates a pair of public keys and private keys.
-alias Specifies the alias of the key, which is used to distinguish different keys in the same keystore.
-keyalg Specifies the algorithm for generating keys, and the default RSA is used here
-dname Specifies common name, that is, CN, to verify the identity of the key. All items are custom parameters, OU is the unit name, O is the organization name, L is the city, S is the province/state, and C is the country
-keypass is the password for key
-keystore is the file name of the keystore
-storepass Password to access keystore
The above tool saves the generated private key in a key store called server.jks. So far, we have only generated private keys. Spring Cloud Config Server will generate a public key using the program each time based on the key information we provide. Refer to the source code below.
org.springframework.security.rsa.crypto.KeyStoreKeyFactory:
public KeyPair getKeyPair(String alias, char[] password) { try { synchronized (lock) { if (store == null) { synchronized (lock) { // Get the instance object of the keystore based on the keystore file address and password provided by the configuration = KeyStore.getInstance("jks"); store.load(resource.getInputStream(), this.password); } } } // Get private key from the keystore based on the alias and password provided by the configuration RSAPrivateCrtKey key = (RSAPrivateCrtKey) store.getKey(alias, password); // Define Public Key Generation Rules RSAPublicKeySpec spec = new RSAPublicKeySpec(key.getModulus(), key.getPublicExponent()); // Generate Public Key PublicKey publicKey = KeyFactory.getInstance("RSA").generatePublic(spec); return new KeyPair(publicKey, key); } catch (Exception e) { throw new IllegalStateException("Cannot load keys from store: " + resource, e); }}The Java Security API is used here to operate on the key. See Notes. Then the above information is provided through the bootstrap.xml configuration file in configserver:
encrypt: #key: Thisismysecretkey key-store: location: file://${user.home}/development/keys/server.jks password: changeit alias: config-server-key secret: changeitBecause we cannot use both symmetric encryption and asymmetric encryption, we comment out the encrypt.key configuration and specify the parameters for asymmetric encryption:
test
We continue to encrypt a test data using the encrypt API:
curl http://localhost:8888/encrypt -d 23456789
Returns the encrypted characters:
AQAPWOUOh4WVexGgVv+bgtKc5E0d5Aba8VUKnzEXh27HyKSAbW+wyzDwZTbk5QYfXpoCAs413rdeNIdR2ez44nkjT5V+438/VQExySzjZPhP0xYXi9YIaJqA3+Ji+IWK8hrGtJ4dzxIkmItimCOirLdZzZGDm/yklMUVh7lARSNuMxXGKlpdBPKYWdqHm57ob 6Sb0ivm4H4mL1n4d3QUCuE7hh2F4Aw4oln7XueyMkRPTtPy8OpnBEEZhRfmaL/auVZquLU5jjMNJk9JiWOy+DSTscViY/MZ+dypv6F4AfDdVvog89sNmPzcUT+zmB8jXHdjLoKy+63RG326WffY9OPuImW6/kCWZHV6Vws55hHqRy713W6yDBlrQ/gYC3Wils=
Then test the decryption
curl http://localhost:8888/decrypt -d AQAPWOUOh4+bgtKc5E0d5Aba8VUKnzEXh27HyKSAbW+wyzDwZTbk5QYfXpoCAs413rdeNIdR2ez44nkjT5V+438/VQExySzjZPhP0xYXi9YIaJqA3+Ji+IWK8hrGtJ4dzxIkmItimCOirLdZzZGDm/yklMUVh7lARSNuMxXGKlpdBPKYWdqHm57ob6Sb0 ivm4H4mL1n4d3QUCuE7hh2F4Aw4oln7XueyMkRPTtPy8OpnBEEZhRfmaL/auVZquLU5jjMNJk9JiWOy+DSTscViY/MZ+dypv6F4AfDdVvog89sNmPzcUT+zmB8jXHdjLoKy+63RG326WffY9OPuImW6/kCWZHV6Vws55hHqRy713W6yDBlrQ/gYC3Wils=
Will return
23456789
We can also modify web-client.yml to verify:
#test: #password: '{cipher}94c1027141add9844ec47f0be13caebb6b38ed1dcf99811b1a5cd2b874c64407'user: password: '{cipher}AQAPWOUOh4WVexGgVv+bgtKc5E0d5Aba8VUKnzEXh27HyKSAbW+wyzDwZTbk5QYfXpoCAs413rdeNIdR2ez44nkjT5V+438/VQExySzjZPhP0xYXi9YIaJqA3+Ji+IWK8hrGtJ4dzxIkmItimCOirLdZzZGDm/yklMUVh7lARSNuMxXGKlpdBPKYWdqHm 57ob6Sb0ivm4H4mL1n4d3QUCuE7hh2F4Aw4oln7XueyMkRPTtPy8OpnBEEZhRfmaL/auVZquLU5jjMNJk9JiWOy+DSTscViY/MZ+dypv6F4AfDdVvog89sNmPzcUT+zmB8jXHdjLoKy+63RG326WffY9OPuImW6/kCWZHV6Vws55hHqRy713W6yDBlrQ/gYC3Wils='Comment out test.password and add a new user.password to use encrypted configuration value. Then submit the gitee repository and access this configuration file through the url:
http://localhost:8888/web-client/default
The following results are obtained:
{ "name": "web-client", "profiles": [ "default" ], "label": null, "version": "3044a5345fb86d09a043ca7404b9e57c8c13c512", "state": null, "propertySources": [ { "name": "https://gitee.com/zxuqian/spring-cloud-config-remote/web-client.yml", "source": { "message": "This message comes from the remote configuration repository", "management.endpoints.web.exposure.include": "*", "user.password": "23456789" } } ]}Summarize
The above is the introduction of Spring Cloud Config RSA and the method of using RSA to encrypt configuration files that the editor introduced to you. I hope it will be helpful to you. If you have any questions, please leave me a message and the editor will reply to you in time. Thank you very much for your support to Wulin.com website!