diff --git a/package-lock.json b/package-lock.json
index 5b84af3..1773b85 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,6 +14,8 @@
         "bonjour-service": "^1.3.0",
         "electron-squirrel-startup": "^1.0.1",
         "element-plus": "^2.13.6",
+        "js-base64": "3.7.5",
+        "jsencrypt": "^3.5.4",
         "lucide-vue-next": "^1.0.0",
         "pinia": "^3.0.4",
         "vue": "^3.5.32",
@@ -6919,6 +6921,12 @@
         "jiti": "lib/jiti-cli.mjs"
       }
     },
+    "node_modules/js-base64": {
+      "version": "3.7.5",
+      "resolved": "https://registry.npmjs.org/js-base64/-/js-base64-3.7.5.tgz",
+      "integrity": "sha512-3MEt5DTINKqfScXKfJFrRbxkrnk2AxPWGBL/ycjz4dK8iqiSJ06UxD8jh8xuh6p10TX4t2+7FsBYVxxQbMg+qA==",
+      "license": "BSD-3-Clause"
+    },
     "node_modules/js-tokens": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
@@ -6939,6 +6947,12 @@
         "js-yaml": "bin/js-yaml.js"
       }
     },
+    "node_modules/jsencrypt": {
+      "version": "3.5.4",
+      "resolved": "https://registry.npmjs.org/jsencrypt/-/jsencrypt-3.5.4.tgz",
+      "integrity": "sha512-kNjfYEMNASxrDGsmcSQh/rUTmcoRfSUkxnAz+MMywM8jtGu+fFEZ3nJjHM58zscVnwR0fYmG9sGkTDjqUdpiwA==",
+      "license": "MIT"
+    },
     "node_modules/json-buffer": {
       "version": "3.0.1",
       "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz",
diff --git a/src/renderer/http/api.js b/src/renderer/http/api.js
index 7c75b73..bbd340e 100644
--- a/src/renderer/http/api.js
+++ b/src/renderer/http/api.js
@@ -1,11 +1,13 @@
 import { getAction, postAction, deleteAction } from './manage.js';
 import url, { getBaseUrl } from './url.js';
+import { encryptPassword } from '@/utils/crypto.js';
 
 // 健康检查
 export const getHealthAction = () => getAction(url.health);
 
 // 用户登录
-export const loginAction = (data, sparkBaseUrl) => postAction(url.user.login, data, {}, sparkBaseUrl);
+export const loginAction = (data, sparkBaseUrl) =>
+  postAction(url.user.login, { email: data.email, password: encryptPassword(data.password) }, {}, sparkBaseUrl);
 
 // 会话
 export const createSessionAction = (data) => postAction(url.session.create, data);
diff --git a/src/renderer/utils/crypto.js b/src/renderer/utils/crypto.js
new file mode 100644
index 0000000..3cacd86
--- /dev/null
+++ b/src/renderer/utils/crypto.js
@@ -0,0 +1,25 @@
+import { Base64 } from 'js-base64';
+import JSEncrypt from 'jsencrypt';
+
+// RSA 公钥，替换为实际公钥内容
+const RSA_PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArq9XTUSeYr2+N1h3Afl/
+z8Dse/2yD0ZGrKwx+EEEcdsBLca9Ynmx3nIB5obmLlSfmskLpBo0UACBmB5rEjBp
+2Q2f3AG3Hjd4B+gNCG6BDaawuDlgANIhGnaTLrIqWrrcm4EMzJOnAOI1fgzJRsOO
+UEfaS318Eq9OVO3apEyCCt0lOQK6PuksduOjVxtltDav+guVAA068NrPYmRNabVK
+RNLJpL8w4D44sfth5RvZ3q9t+6RTArpEtc5sh5ChzvqPOzKGMXW83C95TxmXqpbK
+6olN4RevSfVjEAgCydH6HN6OhtOQEcnrU97r9H0iZOWwbw3pVrZiUkuRD1R56Wzs
+2wIDAQAB
+-----END PUBLIC KEY-----`;
+
+/**
+ * 对密码进行加密：Base64 编码 → RSA 加密
+ * @param {string} password 原始密码
+ * @returns {string|false} 加密后的密文，失败返回 false
+ */
+export function encryptPassword(password) {
+  const base64Pwd = Base64.encode(password);
+  const encrypt = new JSEncrypt();
+  encrypt.setPublicKey(RSA_PUBLIC_KEY);
+  return encrypt.encrypt(base64Pwd);
+}