|
MD5Algorithm overview MD5The function is to a piece of information(message)Generate information digests(message-digest), the summary is unique to the information,It can be used as a digital signature. Used to verify the validity of the document(Whether there is lost or corrupted data),Encryption of the user's password, the hash value is calculated in the hash function. Enter a bytestring of any length to generate one128The integer of the bit. Due to some irreversible characteristics of the algorithm, it has good security in encryption applications. andMD5The use of algorithms does not require payment of any copyright fees. Neither uniqueness nor irreversibility are absolute, theoretically analyzing it as a many-to-one relationship, but the probability of two different pieces of information producing the same summary is small. Irreversible means that the amount of computation and computation time required to deduce the input from the output is too large, and the method of searching for dictionaries requires too much storage space. WebsystemDesign ideas This system is based on Java Web, and with the help ofstrut2to achieve this. The basic design idea is to passwebpage to calculate a file in the system external memory twiceMD5value, and compare, if it is the same, the file has not been tampered with, if it is different, it means that the file has been tampered with. WebVersion file tamper-proof system detailed design ideas: passedjspRetrieve a file that needs to be calculated in the external memory of the system.jspAfter submitting, passstrut2ofactionJump to with valuesjavalogic layer. at the logical layeractionMedium calldaomethods,daoThe calculation is encapsulatedMD5value.DaomethodjspDocuments that come over, and calculatorsMD5After the calculation is completed, return the original path of the valueactionThis is the first time that a file has been calculatedMD5value, save it inSession, so that it can be compared with the second oneMD5Values. After the first successful execution, jump tosuccesspage. Now start the second time of the fileMD5Calculation, also by the above method. After calculationMD5After the value, the second time is calculatedMD5The value is the same as the first calculated and is saved insessionIf the values are the same, there is no change. If it is different, it means that it has been tampered with. System implementation Step 1,Index.jspsource code in <!-- Index.jspAdd files from system storage here--> <center> <form action="fileCrypt" method="get"> <table> <tr> <td>File name:</td> <td><input type="file" name="Md5FilesEntity.filename" /> </td> <td><input type="submit" value="start" /> </td> </tr> </table> </form> </center> Step 2,strutsThe source code in the configuration file <!-- struts2Configuration files--> <struts> <constant value="true" name="struts.devMode" /> <constant value="zh_CN" name="struts.locale" /> <constant value="utf-8" name="struts.i18n.encoding" /> <package name="default" extends="struts-default"> <action name="mdeAction" class="com.crypt.action.mdeAction" method="codeCrype"> <result name="success">/index.jsp</result> </action> <action name="fileCrypt" class="com.crypt.action.FilesCryptAction"> <result name="success">/success.jsp</result> </action> <action name="fileCrypt2" class="com.crypt.action.FilesCryptAction" method="SetCrypt2"> <result name="success">/FilnallySuccess.jsp</result> <result name="fail">/fail.jsp</result> </action> </struts> The third step is to jump to FilesCryptAction after struts2 package com.crypt.action; import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.struts2.ServletActionContext; import com.crypt.dao.Md5_dao; import com.opensymphony.xwork2.ActionSupport; import com.crypt.entity.Md5FilesEntity; public class FilesCryptAction extends ActionSupport { private Md5FilesEntity Md5FilesEntity = new Md5FilesEntity(); HttpServletRequest request = ServletActionContext.getRequest(); HttpSession session = request.getSession(); public Md5FilesEntity getMd5FilesEntity() { return Md5FilesEntity; } public void setMd5FilesEntity(Md5FilesEntity md5FilesEntity) { Md5FilesEntity = md5FilesEntity; } public String execute() throws IOException { String fileCode = null; try { fileCode = Md5_dao.getFileCode("e:" + Md5FilesEntity.getFilename()); session.setAttribute("fileCode", fileCode); //The first time it was calculatedMD5The value is temporarily saved insessionMedium } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } Md5FilesEntity.setFileAfterHashCode1(fileCode); return "success"; } public String SetCrypt2() { String fileCode2 = null; try { fileCode2 = Md5_dao .getFileCode("e:" + Md5FilesEntity.getFilename()); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } Md5FilesEntity.setFileAfterHashCode2(fileCode2); System.out.println("session1"+session.getAttribute("fileCode")); if (fileCode2 .equals(session.getAttribute("fileCode"))) { return "success"; } else { return "fail"; } } } In the fourth step, the action starts to jump to the Md5_dao with values package com.crypt.dao; import com.crypt.md5.Md5Crypt_1; import com.crypt.md5.Md5Crypt_2; public class Md5_dao { public static String getFileCode(String fileName) throws Exception { System.out.println(fileName); String hashCode = Md5Crypt_1.getHash(fileName, "MD5"); System.out.println(hashCode); return hashCode; } } The fifth step is to make an API in the system to calculate the MD5 value of a file, so call it directly in the DAO, and now it is directly processed in the Md5Crypt_1 method package com.crypt.md5; import java.io.*; import java.security.*; public class Md5Crypt_1 { public static char[] hexChar = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; public static void main(String[] args) throws Exception { String fileName = "e:/111.txt"; String hashType = "MD5"; System.out.println(hashType + " == " + getHash(fileName, hashType)); } public static String getHash(String fileName, String hashType) throws Exception { InputStream fis; fis = new FileInputStream(fileName); byte[] buffer = new byte[1024]; MessageDigest md5 = MessageDigest.getInstance(hashType); int numRead = 0; while ((numRead = fis.read(buffer)) > 0) { md5.update(buffer, 0, numRead); } fis.close(); return toHexString(md5.digest()); } public static String toHexString(byte[] b) { StringBuilder sb = new StringBuilder(b.length * 2); //Construct a string generator and initialize it to the specified string contents for (int i = 0; i < b.length; i++) { sb.append(hexChar[(b& 0xf0) >>> 4]); // appendmethods always add these characters to the end of the generator sb.append(hexChar[b& 0x0f]); } return sb.toString(); } } Step 6: After successfully calculating the value of MD5 of the file, the first MD5 is stored in the session in action, and through the configuration of the struts2 configuration file, jump to the seccess.jsp, display the MD5 value calculated for the first time, and prompt to start the second calculation: Source code in Success.jsp: <body> The first time it was calculatedmd5The value is: <s:iterator value="Md5FilesEntity" id="Md5FilesEntity" status="L"> <s:property value="#Md5FilesEntity.fileAfterHashCode1" /> </s:iterator> <center> <form action="fileCrypt2" method="get"> <table> <tr> <td>File name:</td> <td><input type="file" name="Md5FilesEntity.filename" /> </td> <td><input type="submit" value="start" /> </td> </tr> </table> </form> <form> <textarea style="text-align: left; " rows="10" cols="41" readonly="readonly"> <s:iterator value="Md5FilesEntity" id="Md5FilesEntity" status="L"> <s:property value="#Md5FilesEntity.Md5FileCode" /> </s:iterator> </textarea> </form> </center> </body> Step 7: Start the second submission and calculate itMD5The value is calculated the second time after calculating it again according to the above processMD5The value is compared with the value of the first time, if it is twiceMD5 if it is the same, it means that there is no tampering; If twiceMD5If the value is different, the document has been tampered with. Thus, the whole system is completed. Document tamper-proof system testing Put the system on the racktomact 6.0come up and realizewebRun. Below is a test diagram of the system: Step 1: Add the files that need to be calculated. And crack down"start" button to start calculating.
The second step is calculatedMD5, insuccess.jspshows the first calculated oneMD5value, and display. A second calculation is also prompted to determine whether it has been tampered with.
The third step is to perform a second calculation without tampering with the documentMD5value. If there is no tampering, the page without the jump will be jumped directly and the "file has not been tampered with" will be displayed. If it has been tampered with, it will show that the document has been tampered with.
Step 4: Make changes to the file and repeat the above test First calculation:
After the calculation is successful:
The fifth step is to deliberately tamper with the document and calculate it. In principle, the document is tampered with and calculated twiceMD5No, when comparing, you should be prompted that the file has been tampered with.
At this point, the testing of the entire system is completed.
| 
Posted on 11/20/2014 2:04:34 PM
|
|
|
|
Posted on 11/20/2014 2:13:20 PM