sm2-加密

2025-12-23 09:46:51 +08:00 · 2025-08-24 14:32:39 +08:00
parent de5c3e2f46
commit 8b3a60f22d
2 changed files with 22 additions and 12 deletions
--- a/src/assets/js/utils/encrypt.js
+++ b/src/assets/js/utils/encrypt.js
@@ -3,11 +3,11 @@ import { sm2 } from 'sm-crypto'

 // DER 编码的 SM2 公钥（hex）
 const derPublicKeyHex =
-  '3059301306072a8648ce3d020106082a811ccf5501822d034200042daac81f3b87c9f2feb2ca4cb68f4538bd1b43a587f345338b855dd7f8bb9c4de6696f1c41312ad49a2301aaadc754c5357754244ff2766420dcf550d7d3016d'
+  '3059301306072a8648ce3d020106082a811ccf5501822d0342000403e352a001b6fb4de360ce710745e1fbac40d7f87e1c1d0e1655c4c045c06d3739a55d455e589b82a0030bf9b29a6b0bb466369e92278a105714354430af5512'

 // 私钥（64位 HEX）
 export const privateKeyHex =
-  'a9250b543a7d79ef103d803a4e7552cbf75ef20e92f9e64544f99ca0bd962a44'
+  '7607e5f3c7a64105ad29dad2b23d5e154219b2173da0bbb1be6fd4e902b36667'

 // 缓存提取后的原始公钥
 let cachedPublicKeyHex = null
@@ -83,7 +83,7 @@ export function encrypt(data, url) {
    var publicKeyHex = extractSm2RawPublicKey(derPublicKeyHex)
    publicKeyHex = '04' + publicKeyHex
    publicKeyHex =
-      '042daac81f3b87c9f2feb2ca4cb68f4538bd1b43a587f345338b855dd7f8bb9c4de6696f1c41312ad49a2301aaadc754c5357754244ff2766420dcf550d7d3016d'
+      '0403e352a001b6fb4de360ce710745e1fbac40d7f87e1c1d0e1655c4c045c06d3739a55d455e589b82a0030bf9b29a6b0bb466369e92278a105714354430af5512'

    // 执行标准 SM2 加密（C1C3C2 模式）
    const ciphertext = sm2.doEncrypt(plaintext, publicKeyHex, 1)
--- a/src/assets/js/utils/request.js
+++ b/src/assets/js/utils/request.js
@@ -3,7 +3,6 @@ import { Loading, Message, MessageBox } from 'element-ui'
 import store from '@/store'
 import { getToken, removeToken } from '@/assets/js/utils/auth'
 import router from '@/router'
-import { sm2 } from 'sm-crypto'
 import { logger } from 'runjs/lib/common'

 import {
@@ -49,19 +48,30 @@ service.interceptors.request.use(
    if (deviceId) {
      config.headers['deviceId'] = localStorage.getItem('deviceId')
    }
+    // 3. 判断是否需要加密：跳过非 JSON 请求、OPTIONS 请求、自定义排除项
+    const shouldSkipEncryption = () => {
+      // 跳过 Content-Type 不是 application/json 的请求
+      const contentType =
+        config.headers['Content-Type'] || config.headers['content-type']
+      if (contentType && !contentType.includes('application/json')) {
+        return true
+      }

-    // 加密处理
-    if (shouldEncrypt(config)) {
-      // 添加加密标识l, 方便自测
+      // 跳过自定义标记不加密的请求
+      return !shouldEncrypt(config)
+    }
+
+    // 4. 执行加密逻辑
+    if (!shouldSkipEncryption() && shouldEncrypt(config)) {
+      // 添加加密标识（便于调试）
      config.headers['X-Encrypted'] = 'true'

      if (config.data) {
        // 保存原始数据用于调试
        config.originalData = config.data
-        // config.data = encryptData(config.data)
-        var requestJson = { content: encrypt(config.data, config.url) }
-        config.data = JSON.stringify(requestJson)
-        config.headers['Content-Type'] = 'application/json'
+
+        // 加密数据，包装成 { content: "encryptedString" }
+        config.data = { content: encrypt(config.data, config.url) }
      }
    }

@@ -79,7 +89,7 @@ service.interceptors.request.use(
 service.interceptors.response.use(
  response => {
    let res = response.data
-    // 解密处理
+    // 解密处理 todo 用config.headers['X-Encrypted'] === 'true'判断是否需要解密不一定准确
    if (response.config.headers['X-Encrypted'] === 'true') {
      try {
        res = decryptWithPrivateKey(res, privateKeyHex, 1)