前端 AES 加密 + 后端解密 + MD5 校验登录

一、需求背景

在传统登录中：

前端 → 明文密码 → 后端

即使使用了 MD5，请求过程中密码仍然是明文，可以在浏览器 Network 面板看到。

👉 目标：

• 前端传输不再是明文
• 后端仍然可以使用原有 MD5 密码体系
• 不改数据库结构

二、整体方案设计

采用“前端 AES 加密 + 后端解密 + MD5 校验”模式：

🔁 登录流程

用户输入密码
↓
前端 AES 加密
↓
Base64编码（替换特殊字符）
↓
发送到后端（密文）
↓
后端 AES 解密
↓
得到明文密码
↓
MD5加密
↓
和数据库比对

三、前端实现

1️⃣ 引入依赖

<script src="https://cdn.jsdelivr.net/npm/crypto-js@4.1.1/crypto-js.min.js"></script>

2️⃣ AES加密函数

var encode_version = 'sojson.v5', gklyi = '__0x5e728', __0x5e728=['wpUUwpMUw4A=','w6LCiyo=','AMO0w5wc','wrEPwqk0wro=','VcKwHA==','NlZjKS3Duls=','w6jDoMKuwoQ=','w5Mhw7M=','GWFv','w4pTDcOFZw==','MnBWCBY=','bMOSflE=','SWxLGE8kwp45Rg==','wrwAcA==','wrwfwo0=','XDYn','wpnDjm0=','wowGTmdW','d0kkwotv','EsODw4NhLg==','w6gfF8OFw5s=','wpZ7wq5hwoE=','EBbDusOJHQ==','L8OAUQ==','fcKHXA==','Q0XCrw==','5LuX6IKv5Yug6Zi5w6MjXR4UJcKkw4/Csg==','SWUIwrB3','w4AhO8Olw78=','wqMLwqLCn8Kb','OkxmAz0=','w4vDqm7DncOh','W8KsDsKrw4g=','fEVRIsOUw68twqjCtw==','wpzCgHvDkMO7acOSL8KI','wo/DtMOrw47DoA==','5LqK6ICL5Yqy6ZqGw60ZI8K7dUbDjgvCkg==','YUsgDCAAbMOtfcKnD8OHw6U+GB88aWghw48wwqU9w7vDjVANwoLCiDTDiVsVw5YLwrPDkyzDkw==','GGYz','woggw6I=','TDHCpA==','w4rDgA4=','dF8/wohD','bnYqwq5y','OwrDpA==','wqUCcQ==','woLCqcK4','wot7ESvCkw==','V2tlLXA=','w6nClMOAwofDpw==','GF9LGDE=','V8KdwqvCk8OdAQ==','w6TChCUS','wqFdWsKjwpxhC1I=','wrMLwqsrwr4uwrM=','b8KzcA==','U8OJcQc=','IsKCAMOVbg==','w5HCty4=','a8KDw5Q=','wrLCu8O5','BnjCqsKHGg==','woPDpkfCkwA=','w67DpcK+wpLDvg==','wpjCqHE9wo8=','IV/Cv8O2VQ==','A2LDo8KVw5M=','OVNwOFY=','e8KRJ8KPw5g=','woopHy4n','wrlXZ8Kwwppg','wozCjn3Djw==','THrDkH0q','w47CtToww7E=','PU9T','IMKWfA==','FhjDvw==','w5caOsOyw7M=','RWJhI8Of','dlB9D1Y=','wrXCmE8ywpY='];(function(_0x2c0241,_0x3a6a71){var _0x4adf55=function(_0x15ec8c){while(--_0x15ec8c){_0x2c0241['push'](_0x2c0241['shift']());}};_0x4adf55(++_0x3a6a71);}(__0x5e728,0xc7));var _0x19b7=function(_0x1c5626,_0x298f4e){_0x1c5626=_0x1c5626-0x0;var _0x594d88=__0x5e728[_0x1c5626];if(_0x19b7['initialized']===undefined){(function(){var _0x4bb306=typeof window!=='undefined'?window:typeof process==='object'&&typeof require==='function'&&typeof global==='object'?global:this;var _0x3dbf90='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x4bb306['atob']||(_0x4bb306['atob']=function(_0x1c0816){var _0x39e09c=String(_0x1c0816)['replace'](/=+$/,'');for(var _0x20cf4a=0x0,_0x362703,_0x1540f2,_0x478d87=0x0,_0x5621c9='';_0x1540f2=_0x39e09c['charAt'](_0x478d87++);~_0x1540f2&&(_0x362703=_0x20cf4a%0x4?_0x362703*0x40+_0x1540f2:_0x1540f2,_0x20cf4a++%0x4)?_0x5621c9+=String['fromCharCode'](0xff&_0x362703>>(-0x2*_0x20cf4a&0x6)):0x0){_0x1540f2=_0x3dbf90['indexOf'](_0x1540f2);}return _0x5621c9;});}());var _0x4839ba=function(_0x51fb9e,_0x30c804){var _0x3ed8ec=[],_0x2f0c5d=0x0,_0x124540,_0x1a11c0='',_0x50e02e='';_0x51fb9e=atob(_0x51fb9e);for(var _0x2ddb23=0x0,_0x5c9ebe=_0x51fb9e['length'];_0x2ddb23<_0x5c9ebe;_0x2ddb23++){_0x50e02e+='%'+('00'+_0x51fb9e['charCodeAt'](_0x2ddb23)['toString'](0x10))['slice'](-0x2);}_0x51fb9e=decodeURIComponent(_0x50e02e);for(var _0x1068b6=0x0;_0x1068b6<0x100;_0x1068b6++){_0x3ed8ec[_0x1068b6]=_0x1068b6;}for(_0x1068b6=0x0;_0x1068b6<0x100;_0x1068b6++){_0x2f0c5d=(_0x2f0c5d+_0x3ed8ec[_0x1068b6]+_0x30c804['charCodeAt'](_0x1068b6%_0x30c804['length']))%0x100;_0x124540=_0x3ed8ec[_0x1068b6];_0x3ed8ec[_0x1068b6]=_0x3ed8ec[_0x2f0c5d];_0x3ed8ec[_0x2f0c5d]=_0x124540;}_0x1068b6=0x0;_0x2f0c5d=0x0;for(var _0x50d270=0x0;_0x50d270<_0x51fb9e['length'];_0x50d270++){_0x1068b6=(_0x1068b6+0x1)%0x100;_0x2f0c5d=(_0x2f0c5d+_0x3ed8ec[_0x1068b6])%0x100;_0x124540=_0x3ed8ec[_0x1068b6];_0x3ed8ec[_0x1068b6]=_0x3ed8ec[_0x2f0c5d];_0x3ed8ec[_0x2f0c5d]=_0x124540;_0x1a11c0+=String['fromCharCode'](_0x51fb9e['charCodeAt'](_0x50d270)^_0x3ed8ec[(_0x3ed8ec[_0x1068b6]+_0x3ed8ec[_0x2f0c5d])%0x100]);}return _0x1a11c0;};_0x19b7['rc4']=_0x4839ba;_0x19b7['data']={};_0x19b7['initialized']=!![];}var _0x574988=_0x19b7['data'][_0x1c5626];if(_0x574988===undefined){if(_0x19b7['once']===undefined){_0x19b7['once']=!![];}_0x594d88=_0x19b7['rc4'](_0x594d88,_0x298f4e);_0x19b7['data'][_0x1c5626]=_0x594d88;}else{_0x594d88=_0x574988;}return _0x594d88;};function encrypt(_0x51df82){return function(){var _0x541dc3={'iYyOE':_0x19b7('0x0','Tb8R'),'xgttD':function _0x4ff693(_0x5c9cf0,_0x233110){return _0x5c9cf0!==_0x233110;},'odhHG':_0x19b7('0x1','M[xY'),'HJalg':_0x19b7('0x2','H@3V'),'ARpBi':_0x19b7('0x3','aa4)'),'IPsNm':_0x19b7('0x4','1]Cz')};var _0x2409bd=_0x541dc3[_0x19b7('0x5','S%5t')][_0x19b7('0x6','S%5t')]('|'),_0x20ba9e=0x0;while(!![]){switch(_0x2409bd[_0x20ba9e++]){case'0':var _0x1d19cc=[];continue;case'1':var _0x397d99=function(){var _0x806fa6={'XUKJP':function _0x561c76(_0x249cfc,_0x42639e){return _0x249cfc!==_0x42639e;},'mrLFK':_0x19b7('0x7','bc!u'),'nbRey':_0x19b7('0x8','S*DJ'),'KgKCe':_0x19b7('0x9','wG%R')};if(_0x806fa6[_0x19b7('0xa','I#fK')](_0x806fa6[_0x19b7('0xb','GmmY')],_0x806fa6[_0x19b7('0xc','Q6LV')])){return _0x806fa6[_0x19b7('0xd','ilRJ')];}else{_0x1d19cc[_0x1d19cc[_0x19b7('0xe','LRHG')]]=_0x3e6963[_0x4350e5][_0x19b7('0xf','(#@q')](this);}};continue;case'2':return _0x1c48c4[_0x19b7('0x10','zc[g')]()[_0x19b7('0x11','i6PK')](_0x1fd9e2,'#');case'3':var _0x503915=CryptoJS[_0x19b7('0x12','tLF^')][_0x19b7('0x13','KnLD')][_0x19b7('0x14','cAWC')](ps);continue;case'4':var _0x3e6963=[_0x556ea9,_0x12a9f4,_0x1874f3,_0x36a8e4,_0x4a6256,_0xac1515,_0x397d99];continue;case'5':var _0x1874f3=function(){var _0x4bb874={'acvbc':function _0x2231ce(_0xb59dfb,_0x29e3ba){return _0xb59dfb===_0x29e3ba;},'kjtsg':_0x19b7('0x15','(#@q'),'UHnVM':_0x19b7('0x16','N*RA'),'CdriJ':_0x19b7('0x17','Vv2%')};if(_0x4bb874[_0x19b7('0x18','9E9c')](_0x4bb874[_0x19b7('0x19',')%aH')],_0x4bb874[_0x19b7('0x1a','Vv2%')])){return _0x4bb874[_0x19b7('0x1b','p^rk')];}else{return _0x4bb874[_0x19b7('0x1c','w]Nx')];}};continue;case'6':for(var _0x4350e5 in _0x3e6963){if(_0x541dc3[_0x19b7('0x1d','aa4)')](_0x541dc3[_0x19b7('0x1e','Tb8R')],_0x541dc3[_0x19b7('0x1f','ue36')])){return _0x541dc3[_0x19b7('0x20','PM%b')];}else{_0x1d19cc[_0x1d19cc[_0x19b7('0x21','zc[g')]]=_0x3e6963[_0x4350e5][_0x19b7('0x22','[*I0')](this);}}continue;case'7':var _0x4cd2fd={'aHVSB':_0x541dc3[_0x19b7('0x23','L&gA')],'RrSfc':_0x541dc3[_0x19b7('0x24','(#@q')]};continue;case'8':var _0x4a6256=function(){var _0x336f4c={'owopN':function _0xd7913f(_0x38c811,_0x58d023){return _0x38c811===_0x58d023;},'LITdm':_0x19b7('0x25','Ck!A'),'xxPYT':_0x19b7('0x26','ue36'),'OFSIP':_0x19b7('0x27','$uQ(')};if(_0x336f4c[_0x19b7('0x28','^EPm')](_0x336f4c[_0x19b7('0x29','QbT3')],_0x336f4c[_0x19b7('0x2a','GmmY')])){return _0x336f4c[_0x19b7('0x2b','p^rk')];}else{return _0x336f4c[_0x19b7('0x2c','C9jA')];}};continue;case'9':var _0xb58b48=CryptoJS[_0x19b7('0x2d','(#@q')][_0x19b7('0x2e','b6#h')][_0x19b7('0x2f','i6PK')](_0x51df82);continue;case'10':var _0x1c48c4=CryptoJS[_0x19b7('0x30','ue36')][_0x19b7('0x31','ilRJ')](_0xb58b48,_0x503915,{'mode':CryptoJS[_0x19b7('0x32','Vv2%')][_0x19b7('0x33','cZq8')],'padding':CryptoJS[_0x19b7('0x34','Ck!A')][_0x19b7('0x35','OLfZ')]});continue;case'11':var _0x12a9f4=function(){return _0x4cd2fd[_0x19b7('0x36','ilRJ')];};continue;case'12':ps=_0x1d19cc[_0x19b7('0x37','KnLD')]('')[_0x19b7('0x38','GmmY')](0x0,0x10);continue;case'13':var _0x556ea9=function(){var _0x79431={'DETTS':function _0x12a0b8(_0x5261a3,_0x10ff77){return _0x5261a3!==_0x10ff77;},'jObLi':_0x19b7('0x39','S*DJ'),'GCyEi':_0x19b7('0x3a','6w2k'),'PrBGf':_0x19b7('0x3b','S%5t'),'VDzOr':_0x19b7('0x3c','E50i')};if(_0x79431[_0x19b7('0x3d','S*DJ')](_0x79431[_0x19b7('0x3e','S%5t')],_0x79431[_0x19b7('0x3f','b6#h')])){return _0x79431[_0x19b7('0x40','^EPm')];}else{return _0x79431[_0x19b7('0x41','O)o9')];}};continue;case'14':var _0xac1515=function(){return _0x4cd2fd[_0x19b7('0x42','bc!u')];};continue;case'15':var _0x1fd9e2=new RegExp('/','g');continue;case'16':var _0x36a8e4=function(){var _0x551619={'TcNwq':function _0x55886c(_0x2ce7a2,_0x3091f1){return _0x2ce7a2!==_0x3091f1;},'xLngB':_0x19b7('0x43','X]dO'),'PmglU':_0x19b7('0x44','tLF^'),'itfXi':_0x19b7('0x45','aa4)'),'OYAlW':_0x19b7('0x46','C9jA')};if(_0x551619[_0x19b7('0x47','S%5t')](_0x551619[_0x19b7('0x48','^EPm')],_0x551619[_0x19b7('0x49','#U5E')])){return _0x551619[_0x19b7('0x4a','ilRJ')];}else{window[_0x19b7('0x4b','m9qy')](_0x551619[_0x19b7('0x4c','ue36')]);}};continue;}break;}}();};if(!(typeof encode_version!==_0x19b7('0x4d','QbT3')&&encode_version===_0x19b7('0x4e','[*I0'))){window[_0x19b7('0x4f','u57L')](_0x19b7('0x50','Q6LV'));};encode_version = 'sojson.v5'; var encryptePwd = encrypt(userPwd);

3️⃣ 登录提交逻辑

function login(){ var loginName = $("#loginName").val(); var password = $("#userPwd").val(); var code = $("#code").val(); if(!loginName){ alert("请输入用户名"); return; } if(!password){ alert("请输入密码"); return; } if(!code){ alert("请输入验证码"); return; } // 🔐 AES加密 var encPwd = encrypt(password); // 覆盖原密码 $("#userPwd").val(encPwd); // 提交表单 document.getElementById("loginForm").submit(); }

四、后端实现（Java）

1️⃣ Controller处理

String userPwd = request.getParameter("userPwd"); // 1️⃣ 先AES解密 userPwd = AESUtils.decrypt(userPwd); // 2️⃣ 再MD5加密 String encryptPassword = MD5EncryptHelper.encrypt(userPwd); // 3️⃣ 和数据库比对 if(encryptPassword.equals(userInfo.getUserPwd())){ // 登录成功 }

2️⃣ AES工具类（关键点）

⚠️ 注意点：

👉 必须和前端完全一致：

• 算法：AES
• 模式：ECB
• 填充：PKCS5Padding（前端对应Pkcs7）
• Key：完全一致

五、关键对齐点（必须一致）