Я намагаюся адаптувати приклад Шифрування RinjaelManaged клас (див. Шифрування та розшифрування рядка в C #) замість цього використовувати AesCryptoServiceProvider, щоб він міг працювати на комп’ютерах, встановлених для використання лише алгоритмів, сумісних з FIPS.
Однак, здається, це не так просто, як міняти місцямиз назв класів, оскільки я отримую помилку щодо довжини вектора ініціалізації. Я розумію, що з цього питання вже є декілька питань, але я був невдалий, намагаючись використати відповіді з інших питань у моєму конкретному випадку використання.
Що потрібно змінити, щоб IV довжина відповідала потрібній?
namespace Encryption
{
#region Using Statements
using System;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
#endregion
public class EncryptionHelper
{
#region Private Fields
// This constant determines the number of iterations for the password bytes generation function.
private const int DerivationIterations = 1000;
// This constant is used to determine the keysize of the encryption algorithm in bits.
// We divide this by 8 within the code below to get the equivalent number of bytes.
private const int KeySize = 256;
private const int BlockSize = 128;
#endregion Private Fields
#region Public Methods
/// <summary>Decrypts the specified cipher text.</summary>
/// <param name="cipherText">The cipher text.</param>
/// <param name="passPhrase">The pass phrase.</param>
/// <returns></returns>
public static string Decrypt(string cipherText, string passPhrase)
{
// Get the complete stream of bytes that represent:
// [32 bytes of Salt] + [32 bytes of IV] + [n bytes of CipherText]
byte[] cipherTextBytesWithSaltAndIv = Convert.FromBase64String(cipherText);
// Get the saltbytes by extracting the first 32 bytes from the supplied cipherText bytes.
byte[] saltStringBytes = cipherTextBytesWithSaltAndIv.Take(KeySize / 8).ToArray();
// Get the IV bytes by extracting the next 32 bytes from the supplied cipherText bytes.
byte[] ivStringBytes = cipherTextBytesWithSaltAndIv.Skip(KeySize / 8).Take(KeySize / 8).ToArray();
// Get the actual cipher text bytes by removing the first 64 bytes from the cipherText string.
byte[] cipherTextBytes = cipherTextBytesWithSaltAndIv.Skip(KeySize / 8 * 2).Take(cipherTextBytesWithSaltAndIv.Length - KeySize / 8 * 2).ToArray();
using (var password = new Rfc2898DeriveBytes(passPhrase, saltStringBytes, DerivationIterations))
{
byte[] keyBytes = password.GetBytes(KeySize / 8);
using (var aes = new AesCryptoServiceProvider())
{
aes.BlockSize = BlockSize;
aes.Mode = CipherMode.CBC;
aes.Padding = PaddingMode.PKCS7;
using (ICryptoTransform decryptor = aes.CreateDecryptor(keyBytes, ivStringBytes))
using (var memoryStream = new MemoryStream(cipherTextBytes))
using (var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
{
var plainTextBytes = new byte[cipherTextBytes.Length];
int decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
memoryStream.Close();
cryptoStream.Close();
return Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount);
}
}
}
}
/// <summary>Encrypts the specified plain text.</summary>
/// <param name="plainText">The plain text.</param>
/// <param name="passPhrase">The pass phrase.</param>
/// <returns></returns>
public static string Encrypt(string plainText, string passPhrase)
{
// Salt and IV is randomly generated each time, but is preprended to encrypted cipher text
// so that the same Salt and IV values can be used when decrypting.
byte[] saltStringBytes = Generate256BitsOfRandomEntropy();
byte[] ivStringBytes = Generate256BitsOfRandomEntropy();
byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
using (var password = new Rfc2898DeriveBytes(passPhrase, saltStringBytes, DerivationIterations))
{
byte[] keyBytes = password.GetBytes(KeySize / 8);
using (var symmetricKey = new AesCryptoServiceProvider())
{
symmetricKey.BlockSize = BlockSize;
symmetricKey.Mode = CipherMode.CBC;
symmetricKey.Padding = PaddingMode.PKCS7;
using (ICryptoTransform encryptor = symmetricKey.CreateEncryptor(keyBytes, ivStringBytes))
{
using (var memoryStream = new MemoryStream())
{
using (var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
{
cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
cryptoStream.FlushFinalBlock();
// Create the final bytes as a concatenation of the random salt bytes, the random iv bytes and the cipher bytes.
byte[] cipherTextBytes = saltStringBytes;
cipherTextBytes = cipherTextBytes.Concat(ivStringBytes).ToArray();
cipherTextBytes = cipherTextBytes.Concat(memoryStream.ToArray()).ToArray();
memoryStream.Close();
cryptoStream.Close();
return Convert.ToBase64String(cipherTextBytes);
}
}
}
}
}
}
#endregion Public Methods
#region Private Methods
/// <summary>Generate256s the bits of random entropy.</summary>
/// <returns></returns>
private static byte[] Generate256BitsOfRandomEntropy()
{
var randomBytes = new byte[32]; // 32 Bytes will give us 256 bits.
using (var rngCsp = new RNGCryptoServiceProvider())
{
// Fill the array with cryptographically secure random bytes.
rngCsp.GetBytes(randomBytes);
}
return randomBytes;
}
#endregion Private Methods
}
}
Відповіді:
3 для відповіді № 1Довжина вашого IV повинна бути такою ж, як розмір вашого блоку. Тобто 128 біт. В даний час ваш код передбачає 256-бітний IV. Налаштуйте належним чином весь код, і це повинно вирішити проблему.
0 для відповіді № 2
Добре, я врешті-решт дістався до його дна, чітко відокремивши IV довжину від довжини солі:
public class EncryptionHelper
{
#region Private Fields
// This constant determines the number of iterations for the password bytes generation function.
private const int DerivationIterations = 1000;
// This constant is used to determine the keysize of the encryption algorithm in bits.
// We divide this by 8 within the code below to get the equivalent number of bytes.
private const int saltBytes = 32; // bytes
private const int ivBytes = 16; // bytes
#endregion Private Fields
#region Public Methods
/// <summary>Decrypts the specified cipher text.</summary>
/// <param name="cipherText">The cipher text.</param>
/// <param name="passPhrase">The pass phrase.</param>
/// <returns></returns>
public static string Decrypt(string cipherText, string passPhrase)
{
// Get the complete stream of bytes that represent:
// [32 bytes of Salt] + [16 bytes of IV] + [n bytes of CipherText]
byte[] cipherTextBytesWithSaltAndIv = Convert.FromBase64String(cipherText);
// Get the saltbytes by extracting the first 32 bytes from the supplied cipherText bytes.
byte[] saltStringBytes = cipherTextBytesWithSaltAndIv.Take(saltBytes).ToArray();
// Get the IV bytes by extracting the next 32 bytes from the supplied cipherText bytes.
byte[] ivStringBytes = cipherTextBytesWithSaltAndIv.Skip(saltBytes).Take(ivBytes).ToArray();
// Get the actual cipher text bytes by removing the first 48 bytes from the cipherText string.
byte[] cipherTextBytes = cipherTextBytesWithSaltAndIv.Skip(saltBytes + ivBytes).Take(cipherTextBytesWithSaltAndIv.Length - (saltBytes + ivBytes)).ToArray();
using (var password = new Rfc2898DeriveBytes(passPhrase, saltStringBytes, DerivationIterations))
{
byte[] keyBytes = password.GetBytes(saltBytes);
using (var symmetricKey = new AesCryptoServiceProvider())
{
symmetricKey.BlockSize = 128;
symmetricKey.Mode = CipherMode.CBC;
symmetricKey.Padding = PaddingMode.PKCS7;
using (ICryptoTransform decryptor = symmetricKey.CreateDecryptor(keyBytes, ivStringBytes))
using (var memoryStream = new MemoryStream(cipherTextBytes))
using (var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
{
var plainTextBytes = new byte[cipherTextBytes.Length];
int decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
memoryStream.Close();
cryptoStream.Close();
return Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount);
}
}
}
}
/// <summary>Encrypts the specified plain text.</summary>
/// <param name="plainText">The plain text.</param>
/// <param name="passPhrase">The pass phrase.</param>
/// <returns></returns>
public static string Encrypt(string plainText, string passPhrase)
{
// Salt and IV is randomly generated each time, but is preprended to encrypted cipher text
// so that the same Salt and IV values can be used when decrypting.
byte[] saltStringBytes = GenerateBitsOfRandomEntropy(32);
byte[] ivStringBytes = GenerateBitsOfRandomEntropy(16);
byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
using (var password = new Rfc2898DeriveBytes(passPhrase, saltStringBytes, DerivationIterations))
{
byte[] keyBytes = password.GetBytes(saltBytes);
using (var symmetricKey = new AesCryptoServiceProvider())
{
symmetricKey.BlockSize = 128;
symmetricKey.Mode = CipherMode.CBC;
symmetricKey.Padding = PaddingMode.PKCS7;
using (ICryptoTransform encryptor = symmetricKey.CreateEncryptor(keyBytes, ivStringBytes))
{
using (var memoryStream = new MemoryStream())
{
using (var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
{
cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
cryptoStream.FlushFinalBlock();
// Create the final bytes as a concatenation of the random salt bytes, the random iv bytes and the cipher bytes.
byte[] cipherTextBytes = saltStringBytes;
cipherTextBytes = cipherTextBytes.Concat(ivStringBytes).ToArray();
cipherTextBytes = cipherTextBytes.Concat(memoryStream.ToArray()).ToArray();
memoryStream.Close();
cryptoStream.Close();
return Convert.ToBase64String(cipherTextBytes);
}
}
}
}
}
}
#endregion Public Methods
#region Private Methods
/// <summary>Generate bits of random entropy.</summary>
/// <returns></returns>
private static byte[] GenerateBitsOfRandomEntropy(int num)
{
var randomBytes = new byte[num]; // 32 Bytes will give us 256 bits.
using (var rngCsp = new RNGCryptoServiceProvider())
{
// Fill the array with cryptographically secure random bytes.
rngCsp.GetBytes(randomBytes);
}
return randomBytes;
}
#endregion Private Methods