c#指定密钥是已知的弱密钥'TripleDES'并且不能使用

本文关键字:TripleDES 不能 弱密钥 密钥 | 更新日期: 2023-09-27 18:14:06

我有一个用Java编写的身份验证过程,它将字符串加密为MD5并生成字符串,并且只接受该字符串的前8位数字。在这个例子中,生成的字符串是"89a5c474"

之后,我有了下面这段Java代码,我在其中使用了TripleDesEncryption。

public static byte[] encrypt(byte[] keybyte, byte[] src) throws NoSuchAlgorithmException, NoSuchPaddingException, Exception 
{ 
    System.out.println("Key Byte " + byte2hex(keybyte) + "Key Byte Array" + keybyte);
    System.out.println("Key String " + byte2hex(src));
    SecretKey deskey = new SecretKeySpec(keybyte, DESede); 
    Cipher c1 = Cipher.getInstance(Algorithm); 
    c1.init(Cipher.ENCRYPT_MODE, deskey); 
    return c1.doFinal(src);
} 
public static void main(String[] args) 
{
        final byte[] rawKey = "89a5c474".getBytes(); 
        final byte[] keyBytes = new byte[24]; 
        for (int i = 0; i <rawKey.length; i++) 
        { 
            keyBytes[i] = rawKey[i]; 
        }
        for (int i = rawKey.length; i <keyBytes.length; i++) 
        { 
            keyBytes[i] = (byte)0; 
        }

        String szSrc = "20126303$4A6D9BD0DDD094B76C111577A49EB87A$Guest$PC$193.92.123.5$$Reserved$CTC";         
        byte[] encoded = null;
        try 
        {            
            encoded = encrypt(keyBytes, szSrc.getBytes());          
        } 
        catch (Exception e) 
        { 
            e.printStackTrace(); 
        }                       
}

生成加密字节的字符串表示形式,这样我就能够成功地通过平台进行身份验证。然而,由于我必须将我的代码部署到c#的控制台应用程序中,我试图复制上述代码,但无济于事,并返回错误"指定的密钥是'TripleDES'的已知弱密钥,不能使用。"

    public static string AuthenticatePassword(string token, string hashPassword)
    {
                byte[] rawKey = UTF8Encoding.UTF8.GetBytes(hashPassword);
                byte[] keyBytes = new byte[24];

                for (var i = 0; i < rawKey.Length; ++i)
                {
                    keyBytes[i] = rawKey[i];
                }
                for (int i = rawKey.Length; i < keyBytes.Length; i++)
                {
                    keyBytes[i] = 0;
                }
                string keyString = "20126303$" + token + "$Guest$PC$193.92.123.5$$Reserved$CTC";
                return Encrypt(keyBytes, System.Text.Encoding.ASCII.GetBytes(keyString), rawKey, keyString);
    }
public static string Encrypt(byte[] keyBytes, byte[] keyString)
{
            try
            {
            TripleDESCryptoServiceProvider des = new TripleDESCryptoServiceProvider();
            des.Key = keyBytes;
            des.Mode = CipherMode.ECB;
            des.Padding = PaddingMode.PKCS7;                
            ICryptoTransform ic = des.CreateEncryptor();
            byte[] enc = ic.TransformFinalBlock(keyString, 0, keyString.Length);
            }
            catch (Exception e)
            {
                Console.WriteLine("[Encryption Error] {0}", e.Message); 
            }
return string.Join(string.Empty, enc.Select(x => x.ToString("X2")));
}

我已经搜索了几个资源,我偶然发现了这个解决方案,应用程序成功地为我生成了一个密钥,但不幸的是,它与Java生成的代码不相等。

        TripleDESCryptoServiceProvider sm = new TripleDESCryptoServiceProvider();
        MethodInfo mi = sm.GetType().GetMethod("_NewEncryptor", BindingFlags.NonPublic | BindingFlags.Instance);
        object[] Par = { EmptyKey, CipherMode.ECB, keyBytes, sm.FeedbackSize, 0 };
        ICryptoTransform trans = mi.Invoke(sm, Par) as ICryptoTransform;
        byte[] enc = trans.TransformFinalBlock(keyString, 0, keyString.Length);

Java = d68d8423eb01421e8f23c118d3aef6a6998d8a62ceb697377195aa979fe5e97141454716e6d6b41c56d0af296bc4d6ab2979c7d9233898baef5c9f38fa9fd286d8a6c2a2a4b6697d1eb7c

c# = FF9772125DC1E3A4C9B63DFD429FB3CDA43732331025F9B73A092A942121F6869C372AE40B0DB1991DB0FD04CE5924EB213B8F303721C79F8F4CCA384711B7E2ADCC862E0003E18EF3CC0DA2CD4B7488

c#指定密钥是已知的弱密钥'TripleDES'并且不能使用

我已经设法绕过并在c#上使用Java中使用的函数和构造函数重新创建了3DES加密。对于所有遇到此问题的人,您可以使用Bouncy Castle的组件并遵循以下链接获取更多信息:http://www.bouncycastle.org/csharp/和http://www.go4expert.com/articles/bouncy-castle-net-implementation-triple-t24829/

相关文章: