C#加密信息
C# Encryption Information
我们使用下面的代码 encrypt/decrypt 文本将一些敏感信息存储到我们的数据库中。
public static string Encrypt(string inputText)
{
const string ENCRYPTION_KEY = "MY_KEY";
byte[] SALT = Encoding.ASCII.GetBytes(ENCRYPTION_KEY.Length.ToString());
System.Security.Cryptography.RijndaelManaged rijndaelCipher = null;
byte[] plainText = null;
System.Security.Cryptography.PasswordDeriveBytes SecretKey = null;
try
{
rijndaelCipher = new System.Security.Cryptography.RijndaelManaged();
plainText = Encoding.Unicode.GetBytes(inputText);
SecretKey = new System.Security.Cryptography.PasswordDeriveBytes(ENCRYPTION_KEY, SALT);
using (System.Security.Cryptography.ICryptoTransform encryptor = rijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16)))
{
using (System.IO.MemoryStream memoryStream = new System.IO.MemoryStream())
{
using (System.Security.Cryptography.CryptoStream cryptoStream = new System.Security.Cryptography.CryptoStream(memoryStream, encryptor, System.Security.Cryptography.CryptoStreamMode.Write))
{
cryptoStream.Write(plainText, 0, plainText.Length);
cryptoStream.FlushFinalBlock();
return Convert.ToBase64String(memoryStream.ToArray());
}
}
}
}
catch
{
throw;
}
finally
{
rijndaelCipher = null;
plainText = null;
plainText = null;
}
}
public static string Decrypt(string inputText)
{
string ENCRYPTION_KEY = "MY_KEY";
byte[] SALT = Encoding.ASCII.GetBytes(ENCRYPTION_KEY.Length.ToString());
System.Security.Cryptography.RijndaelManaged rijndaelCipher = null;
byte[] encryptedData = null;
byte[] plainText = null;
try
{
rijndaelCipher = new System.Security.Cryptography.RijndaelManaged();
encryptedData = Convert.FromBase64String(inputText);
System.Security.Cryptography.PasswordDeriveBytes secretKey = new System.Security.Cryptography.PasswordDeriveBytes(ENCRYPTION_KEY, SALT);
using (System.Security.Cryptography.ICryptoTransform decryptor = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))
{
using (System.IO.MemoryStream memoryStream = new System.IO.MemoryStream(encryptedData))
{
using (System.Security.Cryptography.CryptoStream cryptoStream = new System.Security.Cryptography.CryptoStream(memoryStream, decryptor, System.Security.Cryptography.CryptoStreamMode.Read))
{
plainText = new byte[encryptedData.Length];
int decryptedCount = cryptoStream.Read(plainText, 0, plainText.Length);
return Encoding.Unicode.GetString(plainText, 0, decryptedCount);
}
}
}
}
catch
{
return "";
}
finally
{
rijndaelCipher = null;
encryptedData = null;
plainText = null;
}
}
我不是编写此代码的原始开发人员,我需要编写一些与安全相关的文档,所以想知道上述算法的确切名称。有人能告诉我上述 encrypt/decrypt 文本方法的确切名称是什么吗?如MD5、SHA256、AES等
我在谷歌上搜索了很多,但找不到合适的自信答案。
谢谢。
Rijndael 是赢得 AES 竞赛的算法,但仅限于具有 128 位 BlockSize 的版本。 Microsoft 文档声明 RijndaelManaged class 的默认值为 128,因此此代码使用 AES-256-CBC 和 PKCS7 填充(密钥是 32 字节,没有模式已指定)。
但是这段代码非常不安全:您应该使用诸如 GCM 之类的模式,或者 CBC/CTR 加上校验和,并且密钥永远不应该从简单的硬编码 ascii 字符串中导出,无论多长或多长它很复杂,盐是它的简单副本。最后,IV 应该是随机的并与 cipherText 一起保存,而不是从密钥派生,否则 ECB 模式常见的攻击也可以在这里应用。
PS: RijndaelManaged 被标记为过时,应使用 Aes 或 AesCryptoServiceProvider。
我们使用下面的代码 encrypt/decrypt 文本将一些敏感信息存储到我们的数据库中。
public static string Encrypt(string inputText)
{
const string ENCRYPTION_KEY = "MY_KEY";
byte[] SALT = Encoding.ASCII.GetBytes(ENCRYPTION_KEY.Length.ToString());
System.Security.Cryptography.RijndaelManaged rijndaelCipher = null;
byte[] plainText = null;
System.Security.Cryptography.PasswordDeriveBytes SecretKey = null;
try
{
rijndaelCipher = new System.Security.Cryptography.RijndaelManaged();
plainText = Encoding.Unicode.GetBytes(inputText);
SecretKey = new System.Security.Cryptography.PasswordDeriveBytes(ENCRYPTION_KEY, SALT);
using (System.Security.Cryptography.ICryptoTransform encryptor = rijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16)))
{
using (System.IO.MemoryStream memoryStream = new System.IO.MemoryStream())
{
using (System.Security.Cryptography.CryptoStream cryptoStream = new System.Security.Cryptography.CryptoStream(memoryStream, encryptor, System.Security.Cryptography.CryptoStreamMode.Write))
{
cryptoStream.Write(plainText, 0, plainText.Length);
cryptoStream.FlushFinalBlock();
return Convert.ToBase64String(memoryStream.ToArray());
}
}
}
}
catch
{
throw;
}
finally
{
rijndaelCipher = null;
plainText = null;
plainText = null;
}
}
public static string Decrypt(string inputText)
{
string ENCRYPTION_KEY = "MY_KEY";
byte[] SALT = Encoding.ASCII.GetBytes(ENCRYPTION_KEY.Length.ToString());
System.Security.Cryptography.RijndaelManaged rijndaelCipher = null;
byte[] encryptedData = null;
byte[] plainText = null;
try
{
rijndaelCipher = new System.Security.Cryptography.RijndaelManaged();
encryptedData = Convert.FromBase64String(inputText);
System.Security.Cryptography.PasswordDeriveBytes secretKey = new System.Security.Cryptography.PasswordDeriveBytes(ENCRYPTION_KEY, SALT);
using (System.Security.Cryptography.ICryptoTransform decryptor = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))
{
using (System.IO.MemoryStream memoryStream = new System.IO.MemoryStream(encryptedData))
{
using (System.Security.Cryptography.CryptoStream cryptoStream = new System.Security.Cryptography.CryptoStream(memoryStream, decryptor, System.Security.Cryptography.CryptoStreamMode.Read))
{
plainText = new byte[encryptedData.Length];
int decryptedCount = cryptoStream.Read(plainText, 0, plainText.Length);
return Encoding.Unicode.GetString(plainText, 0, decryptedCount);
}
}
}
}
catch
{
return "";
}
finally
{
rijndaelCipher = null;
encryptedData = null;
plainText = null;
}
}
我不是编写此代码的原始开发人员,我需要编写一些与安全相关的文档,所以想知道上述算法的确切名称。有人能告诉我上述 encrypt/decrypt 文本方法的确切名称是什么吗?如MD5、SHA256、AES等
我在谷歌上搜索了很多,但找不到合适的自信答案。
谢谢。
Rijndael 是赢得 AES 竞赛的算法,但仅限于具有 128 位 BlockSize 的版本。 Microsoft 文档声明 RijndaelManaged class 的默认值为 128,因此此代码使用 AES-256-CBC 和 PKCS7 填充(密钥是 32 字节,没有模式已指定)。
但是这段代码非常不安全:您应该使用诸如 GCM 之类的模式,或者 CBC/CTR 加上校验和,并且密钥永远不应该从简单的硬编码 ascii 字符串中导出,无论多长或多长它很复杂,盐是它的简单副本。最后,IV 应该是随机的并与 cipherText 一起保存,而不是从密钥派生,否则 ECB 模式常见的攻击也可以在这里应用。
PS: RijndaelManaged 被标记为过时,应使用 Aes 或 AesCryptoServiceProvider。