//建立加密对象的密钥和偏移量,此值重要,不能修改
des.Key = ASCIIEncoding.ASCII.GetBytes(sKey);
des.IV = ASCIIEncoding.ASCII.GetBytes(sKey);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(),CryptoStreamMode.Write);
//Flush the data through the crypto stream into the memory stream
cs.Write(inputByteArray, 0, inputByteArray.Length);
cs.FlushFinalBlock();
//Get the decrypted data back from the memory stream
//建立StringBuild对象,CreateDecrypt使用的是流对象,必须把解密后的文本变成流对象
StringBuilder ret = new StringBuilder();
return System.Text.Encoding.Default.GetString(ms.ToArray());
}
2.2 范例
使用非对称算法加密消息的四个主要步骤
1. 获取发送者的私钥和接收者的公钥。
2. 借助随机密钥(random key)和初始化向量,用对称算法加密消息。
3. 用接收者的公钥为2步骤中的密钥和初始化向量加密。
4. 用发送者的私钥对消息进行数字签名处理。
对应的解密的四个步骤
1. 获取发送者的公钥和接收者的私钥。
2. 验证数字签名。
3. 解密密钥和初始化向量。
4. 使用解密后的密钥和初始化向量解密消息。
代码分析:
1. 获取密钥
...{
X509CertificateStore x509Store = null;
if (location == "CurrentUser")
...{
x509Store = X509CertificateStore.CurrentUserStore(X509CertificateStore.MyStore);
}
else
...{
x509Store = X509CertificateStore.LocalMachineStore(X509CertificateStore.MyStore);
}
bool open = x509Store.OpenRead();
X509Certificate sender_cert = null;
X509Certificate receiver_cert = null;
if (!open)
...{
throw new Exception("unable to open the certificate store");
}
sender_cert = x509Store.FindCertificateBySubjectName("CN=XinChen, E=none@none.com")[0 ];
receiver_cert = x509Store.FindCertificateBySubjectName("CN=Sherry, E=none@none.com")[0 ];
RSAParameters sender_privateKey = sender_cert.Key.ExportParameters(true);
RSAParameters receiver_publicKey = receiver_cert.PublicKey.ExportParameters(false);
}
2. 对称算法加密 (不指定初始密钥和初始向量,则由系统自动生成)
...{
SymmetricAlgorithm symmProvider = SymmetricAlgorithm.Create("TripleDES");
encryptor = symmProvider.CreateEncryptor();
CryptoStream encStream = new CryptoStream(data, encryptor, CryptoStreamMode.Read);
MemoryStream encrypted = new MemoryStream();
byte[] buffer = new byte[1024];
int count = 0;
while ((count = encStream.Read(buffer,0,1024)) > 0)
...{
encrypted.Write(buffer,0,count);
}
}
3. 用接收者的公钥为2步骤中的密钥和初始化向量加密
...{
byte[] key;
byte[] iv;
RSACryptoServiceProvider asymmetricProvider = new RSACryptoServiceProvider();
asymmetricProvider.ImportParameters(receiver_publicKey);
key = asymmetricProvider.Encrypt(symmProvider.Key,false);
iv = asymmetricProvider.Encrypt(symmProvider.IV,false);
}
4. 创建数字签名
使用密钥为消息散列进行加密
...{
byte[] signature;
asymmetricProvider.ImportParameters(sender_privateKey);
signature = asymmetricProvider.SignData(encrypted.ToArray(), new SHA1CryptoServiceProvider());
}
上面四个步骤的最后输出为encrypted、key、iv和signature
解密的代码演示:
1. 获取密钥
...
2. 验证数字签名
...{
asymmetricProvider.ImportParameters(sender_publicKey);
bool verify = asymmetricProvider.VerifyData(encrypted, new SHA1CryptoServiceProvider(), signature)
}
3. 解密密钥和初始化向量
...{
asymmetricProvider.ImportParameters(receiver_privateKey);
byte[] decryptedKey = asymmetricProvider.Decrypt(key, false);
byte[] decryptediv = asymmetricProvider.Decrypt(iv, false);
}
4. 使用解密后的密钥和初始化向量解密消息。
...{
SymmetricAlgorithm symmProvider = SymmetricAlgorithm.Create("TripleDES");
ICryptoTransform decryptor = symmProvider.CreateDecryptor(decryptedKey, decryptediv);
CryptoStream decStream = new CryptoStream(encrypted, decryptor, CryptoStreamMode.Read);
}