使用 AES 的 C# 私有/公共加密
我正在尝试弄清楚如何对 AES 加密的公钥/私钥进行加密。我希望能够像这样使用它:
byte[] BytesToEncrypt = { 0x01, 0x02, 0x03, 0x04, 0x05 };
byte[] PublicKey;
byte[] PrivateKey;
byte[] EncryptedBytes;
byte[] UnencryptedBytes;
PrivateKey = CreatePrivateKey();
PublicKey = CreatePublicKey(PrivateKey);
EncryptedBytes = EncryptBytes(PrivateKey);
// This line should return unencrypted bytes
UnencryptedBytes = UnencryptBytes(EncryptedBytes, PrivateKey);
// This line should also return the unencrypted bytes
UnencryptedBytes = UnencryptBytes(EncryptedBytes, PublicKey);
我怎样才能实现这样的东西?我见过公共/私有加密,但我见过的所有示例似乎都使用 RSA 加密。我想使用 AES。这可能吗?
I am trying to figure out how to make public/private keys that are AES encrypted. I'd like to be able to use it like so:
byte[] BytesToEncrypt = { 0x01, 0x02, 0x03, 0x04, 0x05 };
byte[] PublicKey;
byte[] PrivateKey;
byte[] EncryptedBytes;
byte[] UnencryptedBytes;
PrivateKey = CreatePrivateKey();
PublicKey = CreatePublicKey(PrivateKey);
EncryptedBytes = EncryptBytes(PrivateKey);
// This line should return unencrypted bytes
UnencryptedBytes = UnencryptBytes(EncryptedBytes, PrivateKey);
// This line should also return the unencrypted bytes
UnencryptedBytes = UnencryptBytes(EncryptedBytes, PublicKey);
How can I implement something like this? I've seen public/private encryption, but all the examples I've seen seem to use RSA encryption. I want to use AES. Is this possible?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
AES 是一种对称密钥加密算法,因此谈论 AES 公钥和私钥是没有意义的。如果您的 AES 密钥是公开的,则根本没有安全性。
如果您愿意,可以使用 AES 加密来加密 RSA 公钥,但这是不必要的,因为它不是您需要保密的东西。
您可以使用 AES 加密来加密 RSA 私钥。如果您想用密码保护您的密钥,这样如果您的计算机被盗,他们就无法使用您的密钥,这可能会很有用。
您还可以使用非对称加密将对称密钥传输给另一方,然后使用对称加密与他们进行通信。 TLS 使用此原则。它很有用,因为对称算法的计算速度更快,但以纯文本形式向某人发送对称密钥是不安全的,因此您需要非对称加密来保证对称密钥的安全。
AES is an algorithm for symmetric-key encryption, so it doesn't make sense to talk about public and private AES keys. If your AES key is public there is no security at all.
You can encrypt an RSA public key using AES encryption if you wish, but it is unnecessary as it is not something you need to keep secret.
You can encrypt an RSA private key using AES encryption. This could be useful if you want to password protect your key so that if your computer is stolen they cannot use your key.
You can also use an asymmetric encryption to transfer a symmetric key to another party and then afterwards communicate with them using symmetric encryption. TLS uses this principle. It can be useful because symmetric algorithms can be faster to compute, but sending a symmetric key to someone in plain text would be insecure so you need the asymmetric encryption to keep the symmetric key safe.
虽然 AES 加密是对称的,但我假设您的目标是加密数据(并且无论出于何种原因都必须使用 AES),将该数据提供给其他人,允许他们读取它,但前提是他们拥有您的公钥。
您可以考虑此工作流程:
这与 SSL 的做法类似(虽然不完全一样,因为有一个握手过程,数据使用公钥而不是私钥加密),但可能会满足您的需求。
此工作流程可确保仅当某人拥有您的公钥时才能发现您的 AES 密钥,但如果他们拥有正确的 AES 密钥,则不会阻止某人用其他数据替换您的原始数据。这就是公钥/私钥数据签名的用途。
While AES encryption is symmetric, I assume that your goal is to encrypt data (and have to use AES for whatever reason), give that data to someone else, allow them to read it, but only if they have your public key.
You could consider this workflow:
This is similar to what SSL does (not exactly though because the there is a handshake procedure with data being encrypted using public keys, not private keys), but might meet your needs.
This workflow ensures that your AES key can only be discovered if someone has your public key, but given that they then have the correct AES key, doesn't prevent someone from replacing your original data with other data. That's what public/private key data signing is for.