背景与价值前端存储容易泄露。统一加密与清理策略可降低风险并提升合规性与可控性。统一规范加密存储:使用AES-GCM对敏感数据加密后存储。TTL清理:存储条目包含过期时间,定期清理。最小驻留:仅存必要数据并限制长度。核心实现AES-GCM加密与解密function enc(s: string): Uint8Array { return new TextEncoder().encode(s) } function b64(b: ArrayBuffer): string { const u = new Uint8Array(b); let s=''; for (let i=0;i<u.length;i++) s+=String.fromCharCode(u[i]); return btoa(s) } function b64u(s: string): ArrayBuffer { const b = atob(s); const u = new Uint8Array(b.length); for (let i=0;i<b.length;i++) u[i] = b.charCodeAt(i); return u.buffer } async function genKey(): Promise<CryptoKey> { return crypto.subtle.generateKey({ name: 'AES-GCM', length: 256 }, true, ['encrypt','decrypt']) } async function encrypt(key: CryptoKey, plain: string): Promise<{ iv: string; ct: string }> { const iv = crypto.getRandomValues(new Uint8Array(12)); const ct = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, enc(plain)); return { iv: b64(iv.buffer), ct: b64(ct) } } async function decrypt(key: CryptoKey, iv: string, ct: string): Promise<string> { const out = await crypto.subtle.decrypt({ name: 'AES-GCM', iv: new Uint8Array(b64u(iv)) }, key, b64u(ct)); return new TextDecoder().decode(out) } LocalStorage加密条目type Item = { iv: string; ct: string; exp: number } async function putItem(key: string, plain: string, k: CryptoKey, ttlMs = 300000) { const e = await encrypt(k, plain); const item: Item = { iv: e.iv, ct: e.ct, exp: Date.now() + ttlMs }; localStorage.setItem(key, JSON.stringify(item)) } async function getItem(key: string, k: CryptoKey): Promise<string | null> { const v = localStorage.getItem(key); if (!v) return null; const item: Item = JSON.parse(v); if (Date.now() > item.exp) { localStorage.removeItem(key); return null } return decrypt(k, item.iv, item.ct) } 清理任务function cleanup(prefix = '') { for (let i=0;i<localStorage.length;i++) { const k = localStorage.key(i) || ''; if (!k.startsWith(prefix)) continue; try { const item = JSON.parse(localStorage.getItem(k) || '{}') as Item; if (Date.now() > (item.exp || 0)) localStorage.removeItem(k) } catch {} } } 落地建议对敏感数据进行AES-GCM加密后存储并设置短期TTL。定期清理过期条目并限制存储内容长度与类型。密钥仅在内存中存在并来源于受控流程,避免持久化。验证清单加密与解密是否正常,TTL是否生效并清理过期条目。
投稿
微信公众账号
微信扫一扫加关注
评论 返回
顶部
发表评论 取消回复