.Net中的加密和解密的学习

　　结论

　　使用对称算法加密本地数据时比较适合。在保持代码通用时我们可以选择多种算法，当数据通过特定的CryptoStream时算法使用转换对象加密该数据。需要将数据通过网络发送时，首先使用接收的公共不对称密钥加密对称密钥。

　　本文只涉及到System.Security.Cryptography名字空间的一部分服务。尽管文章保证只有某个私有密钥可以解密相应公共密钥加密的信息，但是它没有保证是谁发送的公共密钥，发送者也可能是假的。需要使用处理数字证书的类来对付该风险。

------------------------------------------------------------------------
DES对称加密算法
//名称空间
using System;
using System.Security.Cryptography;
using System.IO;
using System.Text;

//方法
//加密方法
public string Encrypt(string pToEncrypt, string sKey)
{
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
//把字符串放到byte数组中
//原来使用的UTF8编码，我改成Unicode编码了，不行
byte[] inputByteArray = Encoding.Default.GetBytes(pToEncrypt);
//byte[] inputByteArray=Encoding.Unicode.GetBytes(pToEncrypt);

//建立加密对象的密钥和偏移量
//原文使用ASCIIEncoding.ASCII方法的GetBytes方法
//使得输入密码必须输入英文文本
des.Key = ASCIIEncoding.ASCII.GetBytes(sKey);
des.IV = ASCIIEncoding.ASCII.GetBytes(sKey);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(),CryptoStreamMode.Write);
//Write the byte array into the crypto stream
//(It will end up in the memory stream)
cs.Write(inputByteArray, 0, inputByteArray.Length);
cs.FlushFinalBlock();
//Get the data back from the memory stream, and into a string
StringBuilder ret = new StringBuilder();
foreach(byte b in ms.ToArray())
{
//Format as hex
ret.AppendFormat("{0:X2}", b);
}
ret.ToString();
return ret.ToString();
}

//解密方法
public string Decrypt(string pToDecrypt, string sKey)
{
DESCryptoServiceProvider des = new DESCryptoServiceProvider();

//Put the input string into the byte array
byte[] inputByteArray = new byte[pToDecrypt.Length / 2];
for(int x = 0; x < pToDecrypt.Length / 2; x++)
{
int i = (Convert.ToInt32(pToDecrypt.Substring(x * 2, 2), 16));
inputByteArray[x] = (byte)i;
}

//建立加密对象的密钥和偏移量，此值重要，不能修改
des.Key = ASCIIEncoding.ASCII.GetBytes(sKey);
des.IV = ASCIIEncoding.ASCII.GetBytes(sKey);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(),CryptoStreamMode.Write);
//Flush the data through the crypto stream into the memory stream
cs.Write(inputByteArray, 0, inputByteArray.Length);
cs.FlushFinalBlock();

//Get the decrypted data back from the memory stream
//建立StringBuild对象，CreateDecrypt使用的是流对象，必须把解密后的文本变成流对象
StringBuilder ret = new StringBuilder();

return System.Text.Encoding.Default.GetString(ms.ToArray());
}



2.2 范例
使用非对称算法加密消息的四个主要步骤
1. 获取发送者的私钥和接收者的公钥。
2. 借助随机密钥(random key)和初始化向量，用对称算法加密消息。
3. 用接收者的公钥为2步骤中的密钥和初始化向量加密。
4. 用发送者的私钥对消息进行数字签名处理。

对应的解密的四个步骤
1. 获取发送者的公钥和接收者的私钥。
2. 验证数字签名。
3. 解密密钥和初始化向量。
4. 使用解密后的密钥和初始化向量解密消息。

代码分析：

1. 获取密钥
...{
X509CertificateStore x509Store = null;
if (location == "CurrentUser")
...{
x509Store = X509CertificateStore.CurrentUserStore(X509CertificateStore.MyStore);
}
else
...{
x509Store = X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);
}
bool open = x509Store.OpenRead();
X509Certificate sender_cert = null;
X509Certificate receiver_cert = null;

if (!open)
...{
throw new Exception("unable to open the certificate store");
}


sender_cert = x509Store.FindCertificateBySubjectName("CN=XinChen, E=none@none.com")[0];
receiver_cert = x509Store.FindCertificateBySubjectName("CN=Sherry, E=none@none.com")[0];

RSAParameters sender_privateKey = sender_cert.Key.ExportParameters(true);
RSAParameters receiver_publicKey = receiver_cert.PublicKey.ExportParameters(false);
}

2. 对称算法加密 (不指定初始密钥和初始向量，则由系统自动生成)
...{
SymmetricAlgorithm symmProvider = SymmetricAlgorithm.Create("TripleDES");

encryptor = symmProvider.CreateEncryptor();

CryptoStream encStream = new CryptoStream(data, encryptor, CryptoStreamMode.Read);
MemoryStream encrypted = new MemoryStream();
byte[] buffer = new byte[1024];
int count = 0;
while ((count = encStream.Read(buffer,0,1024)) > 0)
...{
encrypted.Write(buffer,0,count);
}
}
3. 用接收者的公钥为2步骤中的密钥和初始化向量加密
...{
byte[] key;
byte[] iv;
RSACryptoServiceProvider asymmetricProvider = new RSACryptoServiceProvider();
asymmetricProvider.ImportParameters(receiver_publicKey);

key = asymmetricProvider.Encrypt(symmProvider.Key,false);
iv = asymmetricProvider.Encrypt(symmProvider.IV,false);
}
4. 创建数字签名
使用密钥为消息散列进行加密
...{
byte[] signature;
asymmetricProvider.ImportParameters(sender_privateKey);
signature = asymmetricProvider.SignData(encrypted.ToArray(), new SHA1CryptoServiceProvider());
}

上面四个步骤的最后输出为encrypted、key、iv和signature

解密的代码演示：
1. 获取密钥
...
2. 验证数字签名
...{
asymmetricProvider.ImportParameters(sender_publicKey);
bool verify = asymmetricProvider.VerifyData(encrypted, new SHA1CryptoServiceProvider(), signature)
}
3. 解密密钥和初始化向量
...{
asymmetricProvider.ImportParameters(receiver_privateKey);
byte[] decryptedKey = asymmetricProvider.Decrypt(key, false);
byte[] decryptediv = asymmetricProvider.Decrypt(iv, false);
}
4. 使用解密后的密钥和初始化向量解密消息。
...{
SymmetricAlgorithm symmProvider = SymmetricAlgorithm.Create("TripleDES");
ICryptoTransform decryptor = symmProvider.CreateDecryptor(decryptedKey, decryptediv);
CryptoStream decStream = new CryptoStream(encrypted, decryptor, CryptoStreamMode.Read);
}


3.Hash散列举例
...{
System.Security.Cryptography.HashAlgorithm
System.Security.Cryptography.KeyedHashAlgorithm
System.Security.Cryptography.MD5
System.Security.Cryptography.SHA1
System.Security.Cryptography.SHA256
System.Security.Cryptography.SHA384
System.Security.Cryptography.SHA512
}
public static string Encrypt(string password)
...{
password = password.ToLower();

Byte[] clearBytes = new UnicodeEncoding().GetBytes(password);
Byte[] hashedBytes = ((HashAlgorithm) CryptoConfig.CreateFromName("MD5")).ComputeHash(clearBytes);

return BitConverter.ToString(hashedBytes);
}

上一页  [1] [2] [3] [4] 

【责编:Peng】