在 C# 中加密在 JavaScript 中解密
我正在寻找在 C# 中加密字符串并使用 JavaScript 解密的方法。在这种情况下,JavaScript 是内部系统的脚本语言,因此我不应该担心人们访问解密所需的私钥/密码。
网上搜索解决方案,似乎 AES 加密应该可以解决问题。我研究了 slowAES 和 RijndaelManaged 解决方案,但没能让它发挥作用。
我使用了 Cheeso 提供的 C# 代码并收到了相同的密文。但是当我尝试使用 SlowAES 加密同一段数据时,我收到了完全不同的密码。
var testString = new Array("w", "a", "t", "s", "o", "n", "?");
var test = slowAES.encrypt(testString, slowAES.modeOfOperation.CBC, "12345678901234567890123456789012", slowAES.aes.keySize.SIZE_256, new Array(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0));
alert(test.cipher);
有人能指出我正确的方向吗?我不在乎方法,只要能达到结果就行。我的目标是以 URL 为例:
www.test.com/clientid=123
使用 .NET (C#) 将其加密,使其看起来像
www.test.com/clientid=asdf;lkjsxd;flkjq934857u9duhfgkjhgalsdkjfh
,然后使用 JavaScript 对其进行转换返回
www.test.com/clientid=123
谢谢, 鲁什
I am looking for way to encrypt string in C# and to decrypt it using JavaScript. JavaScript in this case is a scripting language for internal system, so I should not worry about people accessing private key/password which will be required for decryption.
Searching online for solution it seems that AES encryption should do the trick. I’ve looked into slowAES and RijndaelManaged solution, but had no luck getting it to work.
I’ve used C# code which Cheeso provided and received identical cipher text. But when I’ve attempted to use slowAES to encrypt same piece of data I’ve received completely different cipher.
var testString = new Array("w", "a", "t", "s", "o", "n", "?");
var test = slowAES.encrypt(testString, slowAES.modeOfOperation.CBC, "12345678901234567890123456789012", slowAES.aes.keySize.SIZE_256, new Array(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0));
alert(test.cipher);
Can someone point me into right direction? I don’t care on the method, as long as I can achieve results. My goal is to take URL for example:
www.test.com/clientid=123
use .NET (C#) to encrypt it to look like
www.test.com/clientid=asdf;lkjsxd;flkjq934857u9duhfgkjhgalsdkjfh
and then use JavaScript to convert it back to
www.test.com/clientid=123
Thanks,
ITRushn
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
加密/解密操作发生在二进制数据上。因此,您必须在 C# 和 javascript 之间保留该二进制数据。将输出编码为 base64 或十六进制字符串可能是最好的方法。
Encryption/decryption operations occur on binary data. Therefore, you must preserve that binary data between C# and javascript. Encoding the output as a base64 or hexadecimal string is probably the best way to do that.
选项 1
如果您的唯一目的是保护服务器和客户端之间的敏感数据(这是一个已解决的问题),请使用 SSL。
选项 2
给定网址 www.test.com/clientid=123
使用 .NET (C#) 来对其进行加密并指向不同的位置:
www.mywebserver.com/forward.aspx?url=asdf;lkjsxd;flkjq934857u9duhfgkjhgalsdkjfh
然后在forward.aspx页面中,解密并重定向到www.test.com/clientid=123
客户端然后遵循 HTTP 重定向并完成。没有共享密钥,易于实现,它只是工作。
注意:
至于您原来的解决方案,如果没有 COM 或其他一些互操作方式,就无法安全地完成。我这么说的原因是 JScript 需要访问公钥/私钥对,据我所知,这是不可能的。如果没有公钥/私钥,服务器将需要与客户端共享对称密钥。由于无法安全地传输此密钥,您并没有保护数据,而只是对其进行了混淆。
我认为最简单的方法是使用 SSL,然后使用转发 URL。
Option 1
If your only intent is securing sensitive data between the server and client that is a solved problem, use SSL.
Option 2
given the url www.test.com/clientid=123
use .NET (C#) to encrypt it and to point to a different location:
www.mywebserver.com/forward.aspx?url=asdf;lkjsxd;flkjq934857u9duhfgkjhgalsdkjfh
and then in the forward.aspx page, decrypt and redirect to www.test.com/clientid=123
the client then follows the HTTP redirect and prest-o-done. No shared keys, easy to implement, it just works.
Note:
As for your original solution it can not be done securely without COM or some other means of inter-op. The reason I say this is that the JScript would need access to a public/private key pair which, to the best of my knowledge, is not possible. Without a public/private key the server would be required to share a symmetric key with the client. With no means by which to securely transfer this key you have not secured the data, only obfuscated it.
I think the simplest approach would be to use SSL, followed by that of the forwarding URL.
我已经成功使用 RC4 加密解决了我的问题。您可以在我的 上获取有关实施的更多信息博客。
I’ve managed to solve my issue using RC4 encryption. You can get more information about implementation on my blog.