重用 ICryptoTransform 对象
Reuse ICryptoTransform objects
我有一个 class 用于加密文本数据。我试图尽可能重用 ICryptoTransform 对象。然而,我第二次尝试使用同一个对象时,得到了部分不正确的解密数据。我认为第一块是错误的,但其余的似乎没问题(用更长的文本测试它)。
我将 class 精简为以下内容:
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
namespace Sample.Crypto
{
public class EncryptedStreamResolver : IDisposable
{
private AesCryptoServiceProvider _cryptoProvider;
private ICryptoTransform _encryptorTransform;
private ICryptoTransform _decryptorTransform;
private ICryptoTransform EncryptorTransform
{
get
{
if (null == _encryptorTransform || !_encryptorTransform.CanReuseTransform)
{
_encryptorTransform?.Dispose();
_encryptorTransform = _cryptoProvider.CreateEncryptor();
}
return _encryptorTransform;
}
}
private ICryptoTransform DecryptorTransform
{
get
{
if (null == _decryptorTransform || !_decryptorTransform.CanReuseTransform)
{
_decryptorTransform?.Dispose();
_decryptorTransform = _cryptoProvider.CreateDecryptor();
}
return _decryptorTransform;
}
}
public EncryptedStreamResolver()
{
GenerateCryptoProvider();
}
public Stream OpenRead(string rawPath)
{
return new CryptoStream(File.OpenRead(rawPath + ".crypto"), DecryptorTransform, CryptoStreamMode.Read);
}
public Stream OpenWrite(string rawPath)
{
return new CryptoStream(File.OpenWrite(rawPath + ".crypto"), EncryptorTransform, CryptoStreamMode.Write);
}
private void GenerateCryptoProvider(string password = "totallysafepassword")
{
_cryptoProvider = new AesCryptoServiceProvider();
_cryptoProvider.BlockSize = _cryptoProvider.LegalBlockSizes.Select(ks => ks.MaxSize).Max();
_cryptoProvider.KeySize = _cryptoProvider.LegalKeySizes.Select(ks => ks.MaxSize).Max();
_cryptoProvider.IV = new byte[_cryptoProvider.BlockSize / 8];
_cryptoProvider.Key = new byte[_cryptoProvider.KeySize / 8];
var pwBytes = Encoding.UTF8.GetBytes(password);
for (var i = 0; i < _cryptoProvider.IV.Length; i++)
_cryptoProvider.IV[i] = pwBytes[i % pwBytes.Length];
for (var i = 0; i < _cryptoProvider.Key.Length; i++)
_cryptoProvider.Key[i] = pwBytes[i % pwBytes.Length];
}
public void Dispose()
{
_encryptorTransform?.Dispose();
_decryptorTransform?.Dispose();
_cryptoProvider?.Dispose();
}
}
}
我写了一个示例使用测试来演示这个问题:
public void Can_reuse_encryptor()
{
const string message = "Secret corporate information here.";
const string testFilePath1 = "Foo1.xml";
const string testFilePath2 = "Foo2.xml";
var sr = new EncryptedStreamResolver();
// Write secret data to file
using (var writer = new StreamWriter(sr.OpenWrite(testFilePath1)))
writer.Write(message);
// Read it back and compare with original message
using (var reader = new StreamReader(sr.OpenRead(testFilePath1)))
if (!message.Equals(reader.ReadToEnd()))
throw new Exception("This should never happend :(");
// Write the same data again to a different file
using (var writer = new StreamWriter(sr.OpenWrite(testFilePath2)))
writer.Write(message);
// Read that back and compare
using (var reader = new StreamReader(sr.OpenRead(testFilePath2)))
if (!message.Equals(reader.ReadToEnd()))
throw new Exception("This should never happend :(");
}
我错过了什么?文档表明这些对象是可重用的,但我不明白如何重用。有人可以帮我吗?
编辑:
正如@bartonjs 指出的那样,如果我将包含上述代码的项目重新定位到 .NET 4.6(或更高版本),我可以像这样使用 System.AppContext.TryGetSwitch:
var reuseTransform = false;
if (null == _decryptorTransform ||
!(AppContext.TryGetSwitch("Switch.System.Security.Cryptography.AesCryptoServiceProvider.DontCorrectlyResetDecryptor", out reuseTransform) && reuseTransform && _decryptorTransform.CanReuseTransform))
{
_decryptorTransform?.Dispose();
_decryptorTransform = _cryptoProvider.Createdecryptor();
}
然后我可以在主应用程序的 app.config 中设置此开关,如@bartonjs 的回答。
您缺少的是 .NET Framework 中的错误(和错误修复):)。
有一个 Microsoft Connect Issue 关于同样的问题;特别是 AesCryptoServiceProvider.CreateDecryptor() returns 一个说 CanReuseTransform=true 但似乎行为不正确的对象。
该错误已在 .NET 4.6.2 版本中修复,但受到 retargeting change 的保护。这意味着要查看修复,您需要
- 安装 .NET Framework 4.6.2 或更高版本。
- 将主要可执行文件的最低框架版本更改为 4.6.2 或更高版本。
如果您安装了较新的框架,但想让您的可执行文件以较低版本的框架为目标,您需要将开关 Switch.System.Security.Cryptography.AesCryptoServiceProvider.DontCorrectlyResetDecryptor 设置为 false。
来自AppContext class documentation(在"Remarks"下):
Once you define and document the switch, callers can use it by using the registry, by adding an AppContextSwitchOverrides element to their application configuration file, or by calling the AppContext.SetSwitch(String, Boolean) method programmatically.
对于配置文件(your.exe.config):
<configuration>
<runtime>
<AppContextSwitchOverrides
value="Switch.System.Security.Cryptography.AesCryptoServiceProvider.DontCorrectlyResetDecryptor=false" />
</runtime>
</configuration>
我有一个 class 用于加密文本数据。我试图尽可能重用 ICryptoTransform 对象。然而,我第二次尝试使用同一个对象时,得到了部分不正确的解密数据。我认为第一块是错误的,但其余的似乎没问题(用更长的文本测试它)。
我将 class 精简为以下内容:
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
namespace Sample.Crypto
{
public class EncryptedStreamResolver : IDisposable
{
private AesCryptoServiceProvider _cryptoProvider;
private ICryptoTransform _encryptorTransform;
private ICryptoTransform _decryptorTransform;
private ICryptoTransform EncryptorTransform
{
get
{
if (null == _encryptorTransform || !_encryptorTransform.CanReuseTransform)
{
_encryptorTransform?.Dispose();
_encryptorTransform = _cryptoProvider.CreateEncryptor();
}
return _encryptorTransform;
}
}
private ICryptoTransform DecryptorTransform
{
get
{
if (null == _decryptorTransform || !_decryptorTransform.CanReuseTransform)
{
_decryptorTransform?.Dispose();
_decryptorTransform = _cryptoProvider.CreateDecryptor();
}
return _decryptorTransform;
}
}
public EncryptedStreamResolver()
{
GenerateCryptoProvider();
}
public Stream OpenRead(string rawPath)
{
return new CryptoStream(File.OpenRead(rawPath + ".crypto"), DecryptorTransform, CryptoStreamMode.Read);
}
public Stream OpenWrite(string rawPath)
{
return new CryptoStream(File.OpenWrite(rawPath + ".crypto"), EncryptorTransform, CryptoStreamMode.Write);
}
private void GenerateCryptoProvider(string password = "totallysafepassword")
{
_cryptoProvider = new AesCryptoServiceProvider();
_cryptoProvider.BlockSize = _cryptoProvider.LegalBlockSizes.Select(ks => ks.MaxSize).Max();
_cryptoProvider.KeySize = _cryptoProvider.LegalKeySizes.Select(ks => ks.MaxSize).Max();
_cryptoProvider.IV = new byte[_cryptoProvider.BlockSize / 8];
_cryptoProvider.Key = new byte[_cryptoProvider.KeySize / 8];
var pwBytes = Encoding.UTF8.GetBytes(password);
for (var i = 0; i < _cryptoProvider.IV.Length; i++)
_cryptoProvider.IV[i] = pwBytes[i % pwBytes.Length];
for (var i = 0; i < _cryptoProvider.Key.Length; i++)
_cryptoProvider.Key[i] = pwBytes[i % pwBytes.Length];
}
public void Dispose()
{
_encryptorTransform?.Dispose();
_decryptorTransform?.Dispose();
_cryptoProvider?.Dispose();
}
}
}
我写了一个示例使用测试来演示这个问题:
public void Can_reuse_encryptor()
{
const string message = "Secret corporate information here.";
const string testFilePath1 = "Foo1.xml";
const string testFilePath2 = "Foo2.xml";
var sr = new EncryptedStreamResolver();
// Write secret data to file
using (var writer = new StreamWriter(sr.OpenWrite(testFilePath1)))
writer.Write(message);
// Read it back and compare with original message
using (var reader = new StreamReader(sr.OpenRead(testFilePath1)))
if (!message.Equals(reader.ReadToEnd()))
throw new Exception("This should never happend :(");
// Write the same data again to a different file
using (var writer = new StreamWriter(sr.OpenWrite(testFilePath2)))
writer.Write(message);
// Read that back and compare
using (var reader = new StreamReader(sr.OpenRead(testFilePath2)))
if (!message.Equals(reader.ReadToEnd()))
throw new Exception("This should never happend :(");
}
我错过了什么?文档表明这些对象是可重用的,但我不明白如何重用。有人可以帮我吗?
编辑:
正如@bartonjs 指出的那样,如果我将包含上述代码的项目重新定位到 .NET 4.6(或更高版本),我可以像这样使用 System.AppContext.TryGetSwitch:
var reuseTransform = false;
if (null == _decryptorTransform ||
!(AppContext.TryGetSwitch("Switch.System.Security.Cryptography.AesCryptoServiceProvider.DontCorrectlyResetDecryptor", out reuseTransform) && reuseTransform && _decryptorTransform.CanReuseTransform))
{
_decryptorTransform?.Dispose();
_decryptorTransform = _cryptoProvider.Createdecryptor();
}
然后我可以在主应用程序的 app.config 中设置此开关,如@bartonjs 的回答。
您缺少的是 .NET Framework 中的错误(和错误修复):)。
有一个 Microsoft Connect Issue 关于同样的问题;特别是 AesCryptoServiceProvider.CreateDecryptor() returns 一个说 CanReuseTransform=true 但似乎行为不正确的对象。
该错误已在 .NET 4.6.2 版本中修复,但受到 retargeting change 的保护。这意味着要查看修复,您需要
- 安装 .NET Framework 4.6.2 或更高版本。
- 将主要可执行文件的最低框架版本更改为 4.6.2 或更高版本。
如果您安装了较新的框架,但想让您的可执行文件以较低版本的框架为目标,您需要将开关 Switch.System.Security.Cryptography.AesCryptoServiceProvider.DontCorrectlyResetDecryptor 设置为 false。
来自AppContext class documentation(在"Remarks"下):
Once you define and document the switch, callers can use it by using the registry, by adding an AppContextSwitchOverrides element to their application configuration file, or by calling the AppContext.SetSwitch(String, Boolean) method programmatically.
对于配置文件(your.exe.config):
<configuration>
<runtime>
<AppContextSwitchOverrides
value="Switch.System.Security.Cryptography.AesCryptoServiceProvider.DontCorrectlyResetDecryptor=false" />
</runtime>
</configuration>