对数据加密
对称加密和非对称加密是使用不同的进程执行的。 对称加密是对流执行的,因此适用于加密大量数据。 非对称加密是对少数字节执行的,因此仅适用于加密少量数据。
对称加密
托管对称加密类与名为 CryptoStream 的特殊流类一起使用,后者用于加密读入流中的数据。 使用托管流类、实现 接口(从实现加密算法的类创建)的类以及用于描述对 CryptoStream ICryptoTransform 授予的访问权限的类型的 CryptoStreamMode 枚举,来初始化 CryptoStream类。 可以使用派生自 类的任何类来初始化 CryptoStream Stream 类,其中包括 FileStream、 MemoryStream和 NetworkStream。 使用这些类,可以对多个流对象执行对称加密。
以下示例说明了如何为 Aes 算法创建默认实现类的新实例。 该实例用于对 CryptoStream 类执行加密。 在此示例中,使用名为 的流对象初始化 CryptoStream fileStream
,该流对象可以是任何类型的托管流。 向 Aes 类中的 CreateEncryptor 方法传递用于加密的密钥和 IV。 在此例中,使用了由 aes
生成的默认密钥和 IV。
Dim aes As Aes = Aes.Create()
Dim cryptStream As New CryptoStream(
fileStream, aes.CreateEncryptor(key, iv), CryptoStreamMode.Write)
Aes aes = Aes.Create();
CryptoStream cryptStream = new CryptoStream(
fileStream, aes.CreateEncryptor(key, iv), CryptoStreamMode.Write);
执行此代码后,使用 AES 算法对写入到 CryptoStream 对象的任何数据进行加密。
下面的示例演示创建流、加密流、写入流和关闭流的整个过程。 此示例创建使用 CryptoStream 类和 Aes 类加密的文件流。 生成的 IV 将写入到 FileStream 的开头,因此可以读取它并将其用于解密。 然后使用 StreamWriter 类将消息写入到加密流。 虽然可以多次使用同一个密钥来加密和解密数据,但建议每次生成一个新的随机 IV。 这样加密的数据总是不同的,即使纯文本是相同的。
using System.Security.Cryptography;
try
{
using (FileStream fileStream = new("TestData.txt", FileMode.OpenOrCreate))
{
using (Aes aes = Aes.Create())
{
byte[] key =
{
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16
};
aes.Key = key;
byte[] iv = aes.IV;
fileStream.Write(iv, 0, iv.Length);
using (CryptoStream cryptoStream = new(
fileStream,
aes.CreateEncryptor(),
CryptoStreamMode.Write))
{
// By default, the StreamWriter uses UTF-8 encoding.
// To change the text encoding, pass the desired encoding as the second parameter.
// For example, new StreamWriter(cryptoStream, Encoding.Unicode).
using (StreamWriter encryptWriter = new(cryptoStream))
{
encryptWriter.WriteLine("Hello World!");
}
}
}
}
Console.WriteLine("The file was encrypted.");
}
catch (Exception ex)
{
Console.WriteLine($"The encryption failed. {ex}");
}
Imports System
Imports System.IO
Imports System.Security.Cryptography
Module Module1
Sub Main()
Try
' Create a file stream
Using fileStream As New FileStream("TestData.txt", FileMode.OpenOrCreate)
' Create a new instance of the default Aes implementation class
' and configure encryption key.
Using aes As Aes = Aes.Create()
'Encryption key used to encrypt the stream.
'The same value must be used to encrypt and decrypt the stream.
Dim key As Byte() = {
&H1, &H2, &H3, &H4, &H5, &H6, &H7, &H8,
&H9, &H10, &H11, &H12, &H13, &H14, &H15, &H16
}
aes.Key = key
' Stores IV at the beginning of the file.
' This information will be used for decryption.
Dim iv As Byte() = aes.IV
fileStream.Write(iv, 0, iv.Length)
' Create a CryptoStream, pass it the FileStream, and encrypt
' it with the Aes class.
Using cryptoStream As New CryptoStream(fileStream, aes.CreateEncryptor(), CryptoStreamMode.Write)
' By default, the StreamWriter uses UTF-8 encoding.
' To change the text encoding, pass the desired encoding as the second parameter.
' For example, New StreamWriter(cryptoStream, Encoding.Unicode).
Using sWriter As New StreamWriter(cryptoStream)
'Write to the stream.
sWriter.WriteLine("Hello World!")
End Using
End Using
End Using
End Using
'Inform the user that the message was written
'to the stream.
Console.WriteLine("The text was encrypted.")
Catch
'Inform the user that an exception was raised.
Console.WriteLine("The encryption failed.")
Throw
End Try
End Sub
End Module
代码使用 AES 对称算法加密流,写入 IV,然后将加密的“Hello World!”写入到流中。 如果代码成功,则会创建一个名为 TestData.txt 的加密文件,并向控制台显示以下文本:
The file was encrypted.
你可以使用解密数据中的对称解密示例来解密文件。 该示例和此示例指定了相同的密钥。
但是,如果引发异常,代码会在控制台中显示以下文本:
The encryption failed.
非对称加密
非对称算法通常用于加密少量数据,例如加密对称密钥和 IV。 通常情况下,单独执行的非对称加密使用另一方生成的公共密钥。 为此,.NET 提供了 RSA 类。
下面的示例使用公钥信息加密对称密钥和 IV。 初始化代表第三方公钥的两个字节数组。 RSAParameters 对象初始化为这些值。 然后,使用 RSA.ImportParameters 方法将 RSAParameters 对象(以及它所代表的公钥)导入 RSA 实例。 最后,对 Aes 类创建私钥和 IV 进行加密。 此示例要求系统安装 128 位加密。
Imports System
Imports System.Security.Cryptography
Module Module1
Sub Main()
'Initialize the byte arrays to the public key information.
Dim modulus As Byte() = {214, 46, 220, 83, 160, 73, 40, 39, 201, 155, 19, 202, 3, 11, 191, 178, 56, 74, 90, 36, 248, 103, 18, 144, 170, 163, 145, 87, 54, 61, 34, 220, 222, 207, 137, 149, 173, 14, 92, 120, 206, 222, 158, 28, 40, 24, 30, 16, 175, 108, 128, 35, 230, 118, 40, 121, 113, 125, 216, 130, 11, 24, 90, 48, 194, 240, 105, 44, 76, 34, 57, 249, 228, 125, 80, 38, 9, 136, 29, 117, 207, 139, 168, 181, 85, 137, 126, 10, 126, 242, 120, 247, 121, 8, 100, 12, 201, 171, 38, 226, 193, 180, 190, 117, 177, 87, 143, 242, 213, 11, 44, 180, 113, 93, 106, 99, 179, 68, 175, 211, 164, 116, 64, 148, 226, 254, 172, 147}
Dim exponent As Byte() = {1, 0, 1}
'Create values to store encrypted symmetric keys.
Dim encryptedSymmetricKey() As Byte
Dim encryptedSymmetricIV() As Byte
'Create a new instance of the default RSA implementation class.
Dim rsa As RSA = RSA.Create()
'Create a new instance of the RSAParameters structure.
Dim rsaKeyInfo As New RSAParameters()
'Set rsaKeyInfo to the public key values.
rsaKeyInfo.Modulus = modulus
rsaKeyInfo.Exponent = exponent
'Import key parameters into rsa
rsa.ImportParameters(rsaKeyInfo)
'Create a new instance of the default Aes implementation class.
Dim aes As Aes = Aes.Create()
'Encrypt the symmetric key and IV.
encryptedSymmetricKey = rsa.Encrypt(aes.Key, RSAEncryptionPadding.Pkcs1)
encryptedSymmetricIV = rsa.Encrypt(aes.IV, RSAEncryptionPadding.Pkcs1)
End Sub
End Module
using System;
using System.Security.Cryptography;
class Class1
{
static void Main()
{
//Initialize the byte arrays to the public key information.
byte[] modulus =
{
214,46,220,83,160,73,40,39,201,155,19,202,3,11,191,178,56,
74,90,36,248,103,18,144,170,163,145,87,54,61,34,220,222,
207,137,149,173,14,92,120,206,222,158,28,40,24,30,16,175,
108,128,35,230,118,40,121,113,125,216,130,11,24,90,48,194,
240,105,44,76,34,57,249,228,125,80,38,9,136,29,117,207,139,
168,181,85,137,126,10,126,242,120,247,121,8,100,12,201,171,
38,226,193,180,190,117,177,87,143,242,213,11,44,180,113,93,
106,99,179,68,175,211,164,116,64,148,226,254,172,147
};
byte[] exponent = { 1, 0, 1 };
//Create values to store encrypted symmetric keys.
byte[] encryptedSymmetricKey;
byte[] encryptedSymmetricIV;
//Create a new instance of the RSA class.
RSA rsa = RSA.Create();
//Create a new instance of the RSAParameters structure.
RSAParameters rsaKeyInfo = new RSAParameters();
//Set rsaKeyInfo to the public key values.
rsaKeyInfo.Modulus = modulus;
rsaKeyInfo.Exponent = exponent;
//Import key parameters into rsa.
rsa.ImportParameters(rsaKeyInfo);
//Create a new instance of the default Aes implementation class.
Aes aes = Aes.Create();
//Encrypt the symmetric key and IV.
encryptedSymmetricKey = rsa.Encrypt(aes.Key, RSAEncryptionPadding.Pkcs1);
encryptedSymmetricIV = rsa.Encrypt(aes.IV, RSAEncryptionPadding.Pkcs1);
}
}