用C#加密数据
本文关键字:数据 加密 | 更新日期: 2023-09-27 18:25:00
我有一个应用程序需要加密数据,然后将数据存储在文件中。这些数据应按照AES等行业标准进行加密。数据可以是文本数据,也可以是二进制数据。
用户应该提供一个字母数字密码(用作密钥)来解密数据,而不是将密钥存储在某个地方。
在C#.NET 3.5中,最好的方法是什么?理想情况下,我正在寻找一个黑匣子类,我可以这样使用:
byte[] writeThisToFile = EncryptionClass.Encrypt(string data, string password);
byte[] writeThisToFile = EncryptionClass.Encrypt(byte[] data, string password);
byte[] plainBinaryData = EncryptionClass.DecryptBinary(byte[] encryptedFileContents, string password);
string plainText = EncryptionClass.DecryptText(byte[] encryptedFileContents, string password);
using System.IO;
using System.Security;
using System.Security.Cryptography;
using System.Runtime.InteropServices;
// <summary>
// Encrypts a string
// </summary>
// <param name="CipherText">Text to be Encrypted</param>
// <param name="Password">Password to Encrypt with</param>
// <param name="Salt">Salt to Encrypt with</param>
// <param name="HashAlgorithm">Can be either SHA1 or MD5</param>
// <param name="PasswordIterations">Number of iterations to do</param>
// <param name="InitialVector">Needs to be 16 ASCII characters long</param>
// <param name="KeySize">Can be 128, 192, or 256</param>
// <returns>A decrypted string</returns>
public static string AESEncrypt(string PlainText, string Password, string Salt, string HashAlgorithm, int PasswordIterations, string InitialVector, int KeySize)
{
if (string.IsNullOrEmpty(PlainText))
{
return "The Text to be Decryped by AES must not be null...";
}
else if (string.IsNullOrEmpty(Password))
{
return "The Password for AES Decryption must not be null...";
}
byte[] InitialVectorBytes = Encoding.ASCII.GetBytes(InitialVector);
byte[] SaltValueBytes = Encoding.ASCII.GetBytes(Salt);
byte[] PlainTextBytes = Encoding.UTF8.GetBytes(PlainText);
PasswordDeriveBytes DerivedPassword = new PasswordDeriveBytes(Password, SaltValueBytes, HashAlgorithm, PasswordIterations);
byte[] KeyBytes = DerivedPassword.GetBytes(KeySize / 8);
RijndaelManaged SymmetricKey = new RijndaelManaged();
SymmetricKey.Mode = CipherMode.CBC;
byte[] CipherTextBytes = null;
using (ICryptoTransform Encryptor = SymmetricKey.CreateEncryptor(KeyBytes, InitialVectorBytes))
{
using (MemoryStream MemStream = new MemoryStream())
{
using (CryptoStream CryptoStream = new CryptoStream(MemStream, Encryptor, CryptoStreamMode.Write))
{
CryptoStream.Write(PlainTextBytes, 0, PlainTextBytes.Length);
CryptoStream.FlushFinalBlock();
CipherTextBytes = MemStream.ToArray();
MemStream.Close();
CryptoStream.Close();
}
}
}
SymmetricKey.Clear();
return Convert.ToBase64String(CipherTextBytes);
}
// <summary>
// Decrypts a string
// </summary>
// <param name="CipherText">Text to be decrypted</param>
// <param name="Password">Password to decrypt with</param>
// <param name="Salt">Salt to decrypt with</param>
// <param name="HashAlgorithm">Can be either SHA1 or MD5</param>
// <param name="PasswordIterations">Number of iterations to do</param>
// <param name="InitialVector">Needs to be 16 ASCII characters long</param>
// <param name="KeySize">Can be 128, 192, or 256</param>
// <returns>A decrypted string</returns>
public static string AESDecrypt(string CipherText, string Password, string Salt, string HashAlgorithm, int PasswordIterations, string InitialVector, int KeySize)
{
if (string.IsNullOrEmpty(CipherText))
{
return "The Text to be Decryped by AES must not be null...";
}
else if (string.IsNullOrEmpty(Password))
{
return "The Password for AES Decryption must not be null...";
}
byte[] InitialVectorBytes = Encoding.ASCII.GetBytes(InitialVector);
byte[] SaltValueBytes = Encoding.ASCII.GetBytes(Salt);
byte[] CipherTextBytes = Convert.FromBase64String(CipherText);
PasswordDeriveBytes DerivedPassword = new PasswordDeriveBytes(Password, SaltValueBytes, HashAlgorithm, PasswordIterations);
byte[] KeyBytes = DerivedPassword.GetBytes(KeySize / 8);
RijndaelManaged SymmetricKey = new RijndaelManaged();
SymmetricKey.Mode = CipherMode.CBC;
byte[] PlainTextBytes = new byte[CipherTextBytes.Length];
int ByteCount = 0;
try
{
using (ICryptoTransform Decryptor = SymmetricKey.CreateDecryptor(KeyBytes, InitialVectorBytes))
{
using (MemoryStream MemStream = new MemoryStream(CipherTextBytes))
{
using (CryptoStream CryptoStream = new CryptoStream(MemStream, Decryptor, CryptoStreamMode.Read))
{
ByteCount = CryptoStream.Read(PlainTextBytes, 0, PlainTextBytes.Length);
MemStream.Close();
CryptoStream.Close();
}
}
}
}
catch (Exception e)
{
return "Please Enter the Correct Password and Salt..." + "The Following Error Occured: " + "/n" + e;
}
SymmetricKey.Clear();
return Encoding.UTF8.GetString(PlainTextBytes, 0, ByteCount);
}
我记不清从哪里获得了这个代码,但我修改了它,以字符串的形式返回加密的Result。这些方法可以很容易地封装到FileEncryptor类中。尽管我确信有更好的解决方案。。。
您需要一个"基于密码的密钥派生函数"或PBKDF2。
对于AES128,MD5可以为您提供合适大小的输出,因此它可以作为密钥生成函数(但请继续阅读):
key = md5("MyPassw0rd!");
但它很弱。PBKDF添加了许多salt迭代,类似于以下内容:
salt = "SomeValueDifferentForEachKeyGenerated";
key = md5(salt+md5(salt+md5(salt+md5(salt+"MyPassw0rd!"))));
哪一个更好,但仍然很弱。MD5不是最强的散列算法,也没有足够的迭代。
StackOverflow上有很多PBKDF函数,请选择最适合您的函数。
您应该使用
byte[] writeThisToFile = EncryptionClass.Encrypt(byte[] data, string password);
byte[] plainBinaryData = EncryptionClass.DecryptBinary(byte[] encryptedFileContents, string password);
有关详细信息,请阅读以下文章http://explicitcoder.in/encryption-and-decryption-methods-text-file-and-binary-files-c-net/