RSACryptoServiceProvider 不产生一致的输出
我需要使用 RSA 加密一些文本,然后使用私钥恢复它。我的问题是,RSACryptoServiceProvider.Encrypt() 每次都会输出不同的值,即使使用相同的密钥也是如此。这是我放入 LINQpad 中进行测试的代码:
CspParameters cp = new CspParameters();
cp.KeyContainerName = "MyKey";
cp.Flags = CspProviderFlags.UseMachineKeyStore | CspProviderFlags.UseExistingKey;
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cp);
// using LINQpad to verify the key is loaded properly -- same every time
rsa.ToXmlString(true).Dump();
byte[] rgb = new ASCIIEncoding().GetBytes("Hello world");
byte[] xx = rsa.Encrypt(rgb, false);
string b64 = Convert.ToBase64String(xx);
// this changes every time:
b64.Dump();
我猜测该类必须使用其他东西以及影响输出的密钥,但我正在努力找出是什么。
I need to encrypt some text with RSA, and then recover it later using the private key. My problem is that RSACryptoServiceProvider.Encrypt() outputs a different value every time, even when using the same key. Here is my code which I put into LINQpad to test:
CspParameters cp = new CspParameters();
cp.KeyContainerName = "MyKey";
cp.Flags = CspProviderFlags.UseMachineKeyStore | CspProviderFlags.UseExistingKey;
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cp);
// using LINQpad to verify the key is loaded properly -- same every time
rsa.ToXmlString(true).Dump();
byte[] rgb = new ASCIIEncoding().GetBytes("Hello world");
byte[] xx = rsa.Encrypt(rgb, false);
string b64 = Convert.ToBase64String(xx);
// this changes every time:
b64.Dump();
I'm guessing that the class must be using something else as well as the key to affect the output, but I'm struggling to find out what.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
同一明文每次加密时密文都不同,但这并不意味着它不能一致解密。
这确实是一个好的密码算法能够具有这种行为的标志,使其对各种攻击更具弹性。
这是因为加密逻辑在过程中引入了随机性,例如通过在明文本身之前系统地添加一些随机字节。只要解密逻辑知道在整个密文解密后忽略这些字节,那么它就可以重现原始的明文。
我建议您获取此 b64 文本的任何实例,将其提交到反向过程,并查看在所有情况下生成的“rgb”都是“Hello world”。
The fact that the cipher text is different each time the same cleartext is encrypted doesn't mean that it cannot be decrypted consistently.
This is indeed the sign of a good cryptographic algorithm to have be able to have this behavior, making it more resilient to various attacks.
This is because the the encryption logic introduces randomness in the process, for example by systematically adding some random bytes before the cleartext itself. So long as the decryption logic knows to ignore these bytes after the whole ciphertext is decrypted then it can reproduce the original cleartext.
I suggest you take any instance of this b64 text, submit it to the reverse process and see that the "rgb" produced is "Hello world" in all cases.
不同的输出是完全正常的。这是因为您的数据由 PKCS#1 或 OAEP 填充 - 并且两者都在使用/添加一些随机数据。
现在这不是您应该使用 RSA 的方式。原因有很多,但对您来说最直接的原因是填充/块大小限制了您可以加密的字节数(并且 RSA 太慢,无法考虑循环加密块)。
我写了一篇关于该主题的博客文章,描述了如何混合对称(更好)速度,无大小限制)与非对称加密 - 两全其美:-)
The different output is perfectly normal. This is due to the fact that your data is being padded by PKCS#1 or OAEP - and both are using/adding some random data.
Now this is not how you should be using RSA. Many reasons but the most direct, for you, is because the padding / block size is limiting the number of bytes you can encrypt (and RSA is too slow to consider looping encrypting blocks).
I wrote a blog entry on the subject that describe how you can mix symmetric (better speed, no size limit) with asymmetric encryption - getting the best of both worlds :-)