I am having problems understand something related to AES_DECRYPT. I made a test database in SQL and table tblKorisnici in it. Field I am having problem with is sifra in which is stored data using AES_ENCRYPT via MySQL.
我在理解与AES_DECRYPT相关的问题时遇到了问题。我在SQL中创建了一个测试数据库,并在其中创建了表tblKorisnici。字段我遇到的问题是sifra,其中使用AES_ENCRYPT通过MySQL存储数据。
Problem is: I want Application to check korisnik and sifra, if both match lblInfo should display text was login data entered correct, is there a user with given korisnik and sifra in table.
问题是:我希望Application检查korisnik和sifra,如果两者匹配lblInfo应该显示文本登录数据输入正确,是否有用户给定korisnik和sifra在表中。
private void btnPotvrdiActionPerformed(java.awt.event.ActionEvent evt) {
String sql = "SELECT korisnik, AES_DECRYPT(sifra, 'sometext'), ime, prezime, pozicija FROM tblKorisnici WHERE korisnik = ? AND sifra = ?";
try {
konekcija = DriverManager.getConnection("jdbc:mysql://localhost/lpa", "root", "");
pst = konekcija.prepareStatement(sql);
pst.setString(1, txtKorisnik.getText());
pst.setString(2, pasSifra.getText());
rs = pst.executeQuery();
if (rs.next()) {
lblInfo.setText("Login success");
}
else {
lblInfo.setText("Wrong");
}
}
catch (SQLException | HeadlessException ex){
JOptionPane.showMessageDialog(null, ex);
}
}
But, somehow, I can't make it work. korisnik, sifra, ime, prezime and pozicija are fields in table, only sifra is encrypted using AES_ENCRYPT and "sometext" as encryption key.
但是,不知何故,我无法使其发挥作用。 korisnik,sifra,ime,prezime和pozicija是表中的字段,只有sifra使用AES_ENCRYPT和“sometext”作为加密密钥加密。
I don't get any errors, just not working as intended. Probably something with sifra decryption because when I try sifra field with no encryption with data everything works.
我没有得到任何错误,只是没有按预期工作。可能是sifra解密的东西,因为当我尝试没有数据加密的sifra字段时,一切正常。
1 个解决方案
#1
1
The problem is in your WHERE
clause. You are trying to compare the encrypted value of sifra
to the unencrypted value of pasSifra
. You need to either encrypt pasSifra
(preferred) or decrypt sifra
in the where clause.
问题出在WHERE子句中。您正在尝试将sifra的加密值与pasSifra的未加密值进行比较。您需要在where子句中加密pasSifra(首选)或解密sifra。
Try changing your query to this:
尝试将您的查询更改为:
sql = "SELECT korisnik, AES_DECRYPT(sifra, 'sometext'), ime, prezime, pozicija
FROM tblKorisnici
WHERE korisnik = ? AND sifra = AES_ENCRYPT(?,'sometext')"
I'd also recommend against returning the unencrypted version of sifra
as this appears to be an authentication check. If all you need is to determine if a matching record exists you could pare your query down to this:
我还建议不要返回未加密的sifra版本,因为这似乎是一个身份验证检查。如果你需要的只是确定是否存在匹配的记录,你可以将你的查询削减到这个:
sql = "SELECT 1 FROM tblKorisnici
WHERE korisnik = ? AND sifra = AES_ENCRYPT(?,'sometext')"
#1
1
The problem is in your WHERE
clause. You are trying to compare the encrypted value of sifra
to the unencrypted value of pasSifra
. You need to either encrypt pasSifra
(preferred) or decrypt sifra
in the where clause.
问题出在WHERE子句中。您正在尝试将sifra的加密值与pasSifra的未加密值进行比较。您需要在where子句中加密pasSifra(首选)或解密sifra。
Try changing your query to this:
尝试将您的查询更改为:
sql = "SELECT korisnik, AES_DECRYPT(sifra, 'sometext'), ime, prezime, pozicija
FROM tblKorisnici
WHERE korisnik = ? AND sifra = AES_ENCRYPT(?,'sometext')"
I'd also recommend against returning the unencrypted version of sifra
as this appears to be an authentication check. If all you need is to determine if a matching record exists you could pare your query down to this:
我还建议不要返回未加密的sifra版本,因为这似乎是一个身份验证检查。如果你需要的只是确定是否存在匹配的记录,你可以将你的查询削减到这个:
sql = "SELECT 1 FROM tblKorisnici
WHERE korisnik = ? AND sifra = AES_ENCRYPT(?,'sometext')"