加密-对称密钥
我使用 Rijndael (作为 AES 算法)进行加密。我对值(对象属性)进行加密,并将对象序列化为 xml,然后通过 Web 服务将 xml 发送到接收者。我想传递用于加密数据的加密对称密钥。但我应该传递什么密钥呢? 我的解密算法如下所示(vb.net):
Public Function Encrypt(ByVal stringToEncrypt As String) As String
Dim textConverter As New ASCIIEncoding()
Dim myRijndael As New RijndaelManaged()
Dim encrypted() As Byte
Dim stringToEncryptAsByte() As Byte
Dim encryptedAsString As String
Dim key() As Byte
Dim IV() As Byte
' Set symetric key size og chiper mode
myRijndael.Mode = CipherMode.CBC
myRijndael.KeySize = 128
' Create a new key and initialization vector.
myRijndael.GenerateKey()
myRijndael.GenerateIV()
' Get the key and IV.
key = myRijndael.Key
IV = myRijndael.IV
' Get an encryptor.
Dim encryptor As ICryptoTransform = myRijndael.CreateEncryptor(key, IV)
' Encrypt the data.
Dim msEncrypt As New MemoryStream()
Dim csEncrypt As New CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write)
' Convert the data to a byte array.
stringToEncryptAsByte = textConverter.GetBytes(stringToEncrypt)
' Write all data to the crypto stream and flush it.
csEncrypt.Write(stringToEncryptAsByte, 0, stringToEncryptAsByte.Length)
csEncrypt.FlushFinalBlock()
' Get encrypted array of bytes.
encrypted = msEncrypt.ToArray()
encryptedAsString = Convert.ToBase64String(encrypted)
Return encryptedAsString
End Function
如果我想解密加密的字符串,我必须同时使用密钥和 IV,但我认为我必须仅传递一个密钥值。我是否必须以其他方式执行此操作,或者我应该传递什么? 我的规范规定必须使用 AES 和 128 位密钥对这些值进行加密。
I’m using Rijndael (as AES algorithm) for encrypting. I encrypt the values (objects properties) and serialize the object to xml an dsend the xml to the receiver via a web service. I want to pass along the encrypted symmetric key that I used to encrypt the data. But what key should I pass along?
My decryption algorithm looks like this (vb.net):
Public Function Encrypt(ByVal stringToEncrypt As String) As String
Dim textConverter As New ASCIIEncoding()
Dim myRijndael As New RijndaelManaged()
Dim encrypted() As Byte
Dim stringToEncryptAsByte() As Byte
Dim encryptedAsString As String
Dim key() As Byte
Dim IV() As Byte
' Set symetric key size og chiper mode
myRijndael.Mode = CipherMode.CBC
myRijndael.KeySize = 128
' Create a new key and initialization vector.
myRijndael.GenerateKey()
myRijndael.GenerateIV()
' Get the key and IV.
key = myRijndael.Key
IV = myRijndael.IV
' Get an encryptor.
Dim encryptor As ICryptoTransform = myRijndael.CreateEncryptor(key, IV)
' Encrypt the data.
Dim msEncrypt As New MemoryStream()
Dim csEncrypt As New CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write)
' Convert the data to a byte array.
stringToEncryptAsByte = textConverter.GetBytes(stringToEncrypt)
' Write all data to the crypto stream and flush it.
csEncrypt.Write(stringToEncryptAsByte, 0, stringToEncryptAsByte.Length)
csEncrypt.FlushFinalBlock()
' Get encrypted array of bytes.
encrypted = msEncrypt.ToArray()
encryptedAsString = Convert.ToBase64String(encrypted)
Return encryptedAsString
End Function
If I want to decrypt the encrypted string I have to use both key and IV, but I think I have to pass along only a key value. Do I have to do this another way or what should I pass along?
My specification says that the values have to be encrypted using AES and a 128 bits key.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您将加密密钥与加密数据一起传递,则相当于根本不加密数据(除了肉眼无法读取它之外,但简单的 Base64 编码或类似的编码也可以实现相同的效果。
使用对称加密算法,发送者和接收者必须共享一个秘密(对称密钥,或者可以从中派生密钥的东西),如果不可能,您可能需要使用混合对称/加密算法。非对称加密方案:这里是发送者使用公钥算法对秘密密钥进行加密,并将其与对称加密的数据一起发送(在这种情况下,发送者必须知道与接收者的私钥相对应的公钥。)
也就是说,使用块的链接操作模式。密码(如 CBC),发送方通常将初始化向量与数据一起传递。
If you pass the encryption key along with the encrypted data, this is equivalent to not encrypting the data at all (other than one can't read it with plain eyes, but then a simple Base64 encoding or similar would do the same.
To use a symmetric encryption algorithm, sender and receiver must share a secret (the symmetric key, or something from which the key can be derived). If this is not possible, you might want to use a hybrid symmetric/asymmetric encryption scheme: Here the sender encrypts the secret key using a public key algorithm, and sends it together with the symmetrically encrypted data. (In this case, the sender must know the public key corresponding to the receiver's private key.)
That said, with chaining modes of operation for block ciphers (like CBC), the sender usually passes the initialization vector along with the data.
IV很简单,按原样发送即可。通常的做法是将其添加到密文中,以便接收者在需要时将其剥离。无需对 IV 保密。
密钥并不那么简单,因为它必须保密。有两种通用解决方案:
每次需要向收件人发送加密文件时,使用 Diffie-Hellman 与收件人商定新的密钥。
使用他们的 RSA 公钥来加密 AES 密钥并以这种方式将其发送给他们。
您可能还想研究 HMAC 的使用,以确保文件在传输过程中没有被篡改。
The IV is simple, just send it as-is. It is common practice to prepend it to the cyphertext so the receiver just strips it off when needed. There is no need to keep the IV secret.
The key is not so simple because it must be kept secret. There are two general solutions:
Use Diffie-Hellman to agree a new secret key with your recipient each time you need to send them an encrypted file.
Use their RSA public key to encrypt the AES key and send it to them that way.
You may also want to investigate the use of HMAC to ensure that the file has not been tampered with during transmission.