【IT168 微软云计算博客征文活动专稿】存储加密信息时应先加密后存储,存储到云中的数据也不例外,.NET 3.5提供了许多标准的加密算法,包括对称和非对称加密,对称加密比非对称加密更省资源,.NET 3.5托管的加密类都位于 System.Security.Cryptography 命名空间。
我们以 AesManaged 类加密算法为例, AesManaged 提供了AES对称加密算法实现。清单1显示了加密代码,返回 Base64 编码的密文。
清单1 使用 AesManaged 类加密明文UTF-8字符串
public static string Encrypt(string input)
{
try
{
// 明文字符串输入
string data = input;
// 转换成一个UTF-8字节数组
byte[] utfData = UTF8Encoding.UTF8.GetBytes(data);
byte[] saltBytes = UTF8Encoding.UTF8.GetBytes("S0d1umChl0r1de");
// 使用PBKDF2标准产生基于密码的密钥
Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes("K3yPassw0rd!", saltBytes);
// AES对称加密算法
AesManaged aes = new AesManaged();
// 设置AES参数
aes.BlockSize = aes.LegalBlockSizes[0].MaxSize;
aes.KeySize = aes.LegalKeySizes[0].MaxSize;
aes.Key = rfc.GetBytes(aes.KeySize / 8);
aes.IV = rfc.GetBytes(aes.BlockSize / 8);
// 加密
ICryptoTransform encryptTransf = aes.CreateEncryptor();
// 输出流,也可以是一个FileStream(文件流)
MemoryStream encryptStream = new MemoryStream();
CryptoStream encryptor =
new CryptoStream(encryptStream, encryptTransf, CryptoStreamMode.Write);
// 写,清洗,清除和关闭加密机
encryptor.Write(utfData, 0, utfData.Length);
encryptor.Flush();
encryptor.Clear();
encryptor.Close();
// 创建一个字节数组,将其转换成Base64编码字符串
byte[] encryptBytes = encryptStream.ToArray();
string encryptedString = Convert.ToBase64String(encryptBytes);
return encryptedString;
}
catch (Exception exEncr)
{
string msg = "AES Encryption error: " + exEncr.Message;
if (RoleManager.IsRoleManagerRunning)
RoleManager.WriteToLog("Critical", msg);
return input;
}
}
{
try
{
// 明文字符串输入
string data = input;
// 转换成一个UTF-8字节数组
byte[] utfData = UTF8Encoding.UTF8.GetBytes(data);
byte[] saltBytes = UTF8Encoding.UTF8.GetBytes("S0d1umChl0r1de");
// 使用PBKDF2标准产生基于密码的密钥
Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes("K3yPassw0rd!", saltBytes);
// AES对称加密算法
AesManaged aes = new AesManaged();
// 设置AES参数
aes.BlockSize = aes.LegalBlockSizes[0].MaxSize;
aes.KeySize = aes.LegalKeySizes[0].MaxSize;
aes.Key = rfc.GetBytes(aes.KeySize / 8);
aes.IV = rfc.GetBytes(aes.BlockSize / 8);
// 加密
ICryptoTransform encryptTransf = aes.CreateEncryptor();
// 输出流,也可以是一个FileStream(文件流)
MemoryStream encryptStream = new MemoryStream();
CryptoStream encryptor =
new CryptoStream(encryptStream, encryptTransf, CryptoStreamMode.Write);
// 写,清洗,清除和关闭加密机
encryptor.Write(utfData, 0, utfData.Length);
encryptor.Flush();
encryptor.Clear();
encryptor.Close();
// 创建一个字节数组,将其转换成Base64编码字符串
byte[] encryptBytes = encryptStream.ToArray();
string encryptedString = Convert.ToBase64String(encryptBytes);
return encryptedString;
}
catch (Exception exEncr)
{
string msg = "AES Encryption error: " + exEncr.Message;
if (RoleManager.IsRoleManagerRunning)
RoleManager.WriteToLog("Critical", msg);
return input;
}
}
PBKDF2 是RSA实验室公钥加密标准(PKCS)的一部分,由IETF发布在RFC 2898中, PBKDF 是 Password-Based Key Derivation Function (基于密码的密钥生成功能)的缩写,它基于密码和 salt 字节数组创建一个共享的私密密钥用于加密和解密。
使用 AesManaged 加密类解密的代码如下
清单2 使用 AesManaged 解密密文
public static string Decrypt(string base64Input)
{
try
{
//byte[] encryptBytes = UTF8Encoding.UTF8.GetBytes(input);
byte[] encryptBytes = Convert.FromBase64String(base64Input);
byte[] saltBytes = UTF8Encoding.UTF8.GetBytes("S0d1umChl0r1de");
// 使用PBKDF2标准产生基于密码的密钥
Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes("K3yPassw0rd!", saltBytes);
// AES对称加密算法
AesManaged aes = new AesManaged();
// 设置AES参数
aes.BlockSize = aes.LegalBlockSizes[0].MaxSize;
aes.KeySize = aes.LegalKeySizes[0].MaxSize;
aes.Key = rfc.GetBytes(aes.KeySize / 8);
aes.IV = rfc.GetBytes(aes.BlockSize / 8);
// 解密
ICryptoTransform decryptTrans = aes.CreateDecryptor();
// 输出流,也可以是一个FileStream(文件流)
MemoryStream decryptStream = new MemoryStream();
CryptoStream decryptor =
new CryptoStream(decryptStream, decryptTrans, CryptoStreamMode.Write);
// 写,清洗,清除和关闭加密机
decryptor.Write(encryptBytes, 0, encryptBytes.Length);
decryptor.Flush();
decryptor.Clear();
decryptor.Close();
// 根据解密字节创建UTF字符串
byte[] decryptBytes = decryptStream.ToArray();
string decryptedString =
UTF8Encoding.UTF8.GetString(decryptBytes, 0, decryptBytes.Length);
return decryptedString;
}
catch (Exception exDecr)
{
string msg = "AES Decryption error: " + exDecr.Message;
if (RoleManager.IsRoleManagerRunning)
RoleManager.WriteToLog("Critical", msg);
return base64Input;
}
}
{
try
{
//byte[] encryptBytes = UTF8Encoding.UTF8.GetBytes(input);
byte[] encryptBytes = Convert.FromBase64String(base64Input);
byte[] saltBytes = UTF8Encoding.UTF8.GetBytes("S0d1umChl0r1de");
// 使用PBKDF2标准产生基于密码的密钥
Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes("K3yPassw0rd!", saltBytes);
// AES对称加密算法
AesManaged aes = new AesManaged();
// 设置AES参数
aes.BlockSize = aes.LegalBlockSizes[0].MaxSize;
aes.KeySize = aes.LegalKeySizes[0].MaxSize;
aes.Key = rfc.GetBytes(aes.KeySize / 8);
aes.IV = rfc.GetBytes(aes.BlockSize / 8);
// 解密
ICryptoTransform decryptTrans = aes.CreateDecryptor();
// 输出流,也可以是一个FileStream(文件流)
MemoryStream decryptStream = new MemoryStream();
CryptoStream decryptor =
new CryptoStream(decryptStream, decryptTrans, CryptoStreamMode.Write);
// 写,清洗,清除和关闭加密机
decryptor.Write(encryptBytes, 0, encryptBytes.Length);
decryptor.Flush();
decryptor.Clear();
decryptor.Close();
// 根据解密字节创建UTF字符串
byte[] decryptBytes = decryptStream.ToArray();
string decryptedString =
UTF8Encoding.UTF8.GetString(decryptBytes, 0, decryptBytes.Length);
return decryptedString;
}
catch (Exception exDecr)
{
string msg = "AES Decryption error: " + exDecr.Message;
if (RoleManager.IsRoleManagerRunning)
RoleManager.WriteToLog("Critical", msg);
return base64Input;
}
}
