EncryptedAndAuthenticatedData Clase
Definición
Importante
Parte de la información hace referencia a la versión preliminar del producto, que puede haberse modificado sustancialmente antes de lanzar la versión definitiva. Microsoft no otorga ninguna garantía, explícita o implícita, con respecto a la información proporcionada aquí.
Contiene datos que se pueden recuperar de datos cifrados y autenticados. Los algoritmos de cifrado autenticados se abren mediante la clase SymmetricKeyAlgorithmProvider .
public ref class EncryptedAndAuthenticatedData sealed/// [Windows.Foundation.Metadata.ContractVersion(Windows.Foundation.UniversalApiContract, 65536)]
/// [Windows.Foundation.Metadata.MarshalingBehavior(Windows.Foundation.Metadata.MarshalingType.Agile)]
class EncryptedAndAuthenticatedData final[Windows.Foundation.Metadata.ContractVersion(typeof(Windows.Foundation.UniversalApiContract), 65536)]
[Windows.Foundation.Metadata.MarshalingBehavior(Windows.Foundation.Metadata.MarshalingType.Agile)]
public sealed class EncryptedAndAuthenticatedDataPublic NotInheritable Class EncryptedAndAuthenticatedData- Herencia
- Atributos
Requisitos de Windows
| Familia de dispositivos |
Windows 10 (se introdujo en la versión 10.0.10240.0)
|
| API contract |
Windows.Foundation.UniversalApiContract (se introdujo en la versión v1.0)
|
Ejemplos
using Windows.Security.Cryptography;
using Windows.Security.Cryptography.Core;
using Windows.Storage.Streams;
namespace SampleEncryptedAndAuthenticatedData
{
sealed partial class EncryptedAuthenticatedDataApp : Application
{
// Initialize a static nonce value.
static byte[] NonceBytes = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
public EncryptedAuthenticatedDataApp()
{
// Initialize the application.
this.InitializeComponent();
// Initialize the encryption method.
String strMsg = "This is a message."; // Message to encrypt and authenticate.
String strAlgName = SymmetricAlgorithmNames.AesGcm;
UInt32 keyLength = 32; // Length of the key, in bytes
BinaryStringEncoding encoding; // Binary encoding
IBuffer buffNonce; // Nonce
CryptographicKey key; // Symmetric key
// Encrypt and authenticate the message.
EncryptedAndAuthenticatedData objEncrypted = this.AuthenticatedEncryption(
strMsg,
strAlgName,
keyLength,
out encoding,
out buffNonce,
out key);
// Decrypt the encrypted data.
this.AuthenticatedDecryption(
strAlgName,
key,
objEncrypted,
encoding,
buffNonce);
}
public EncryptedAndAuthenticatedData AuthenticatedEncryption(
String strMsg,
String strAlgName,
UInt32 keyLength,
out BinaryStringEncoding encoding,
out IBuffer buffNonce,
out CryptographicKey key)
{
// Open a SymmetricKeyAlgorithmProvider object for the specified algorithm.
SymmetricKeyAlgorithmProvider objAlgProv = SymmetricKeyAlgorithmProvider.OpenAlgorithm(strAlgName);
// Create a buffer that contains the data to be encrypted.
encoding = BinaryStringEncoding.Utf8;
IBuffer buffMsg = CryptographicBuffer.ConvertStringToBinary(strMsg, encoding);
// Generate a symmetric key.
IBuffer keyMaterial = CryptographicBuffer.GenerateRandom(keyLength);
key = objAlgProv.CreateSymmetricKey(keyMaterial);
// Generate a new nonce value.
buffNonce = GetNonce();
// Encrypt and authenticate the message.
EncryptedAndAuthenticatedData objEncrypted = CryptographicEngine.EncryptAndAuthenticate(
key,
buffMsg,
buffNonce,
null);
return objEncrypted;
}
public void AuthenticatedDecryption(
String strAlgName,
CryptographicKey key,
EncryptedAndAuthenticatedData objEncrypted,
BinaryStringEncoding encoding,
IBuffer buffNonce)
{
// Declare a buffer to contain the decrypted data.
IBuffer buffDecrypted;
// Open a SymmetricKeyAlgorithmProvider object for the specified algorithm.
SymmetricKeyAlgorithmProvider objAlgProv = SymmetricKeyAlgorithmProvider.OpenAlgorithm(strAlgName);
// The input key must be securely shared between the sender of the encrypted message
// and the recipient. The nonce must also be shared but does not need to be shared
// in a secure manner. If the sender encodes the message string to a buffer, the
// binary encoding method must also be shared with the recipient.
// The recipient uses the DecryptAndAuthenticate() method as follows to decrypt the
// message, authenticate it, and verify that it has not been altered in transit.
buffDecrypted = CryptographicEngine.DecryptAndAuthenticate(
key,
objEncrypted.EncryptedData,
buffNonce,
objEncrypted.AuthenticationTag,
null);
// Convert the decrypted buffer to a string (for display). If the sender created the
// original message buffer from a string, the sender must tell the recipient what
// BinaryStringEncoding value was used. Here, BinaryStringEncoding.Utf8 is used to
// convert the message to a buffer before encryption and to convert the decrypted
// buffer back to the original plaintext.
String strDecrypted = CryptographicBuffer.ConvertBinaryToString(encoding, buffDecrypted);
}
IBuffer GetNonce()
{
// Security best practises require that an ecryption operation not
// be called more than once with the same nonce for the same key.
// A nonce value can be predictable, but must be unique for each
// secure session.
NonceBytes[0]++;
for (int i = 0; i < NonceBytes.Length - 1; i++)
{
if (NonceBytes[i] == 255)
{
NonceBytes[i + 1]++;
}
}
return CryptographicBuffer.CreateFromByteArray(NonceBytes);
}
}
}
Comentarios
El cifrado autenticado cifra y autentica el contenido en una sola operación. Un autenticador, también denominado etiqueta, se usa durante el cifrado y la salida del proceso contiene un par de texto cifrado de etiquetas. Para obtener más información, consulte las propiedades AuthenticationTag y EncryptedData . El proceso de descifrado comprueba el texto cifrado con la etiqueta .
Puede usar un algoritmo de cifrado autenticado después de llamar al método OpenAlgorithm en la clase SymmetricKeyAlgorithmProvider y especificar el nombre del algoritmo que se va a abrir. Se admiten los siguientes nombres de algoritmo para el cifrado y el descifrado autenticados:
- AES_GCM
- AES_CCM
Propiedades
| AuthenticationTag |
Obtiene la etiqueta de autenticación. |
| EncryptedData |
Obtiene los datos cifrados. |