加密查询字符串，包括密钥

发布于 2025-01-01 22:06:27 字数 326 浏览 0 评论 0原文

我有一个应用程序使用查询字符串在页面之间传递一些值。我发现了一些关于如何加密查询字符串中的值的示例，但问题是我的 KEYS 告诉了更多有关查询字符串的信息，然后是所有整数转换为字符串的值。

有没有办法加密 ASP.NET 中的整个查询字符串（包括键和键值）？

比如：

Default.aspx?value1=40&value2=30&value3=20

谢谢

 Default.aspx?56sdf78fgh90sdf4564k34klog5646l

！

原文

I have an app that is using query string to pass some values around pages. I found few examples on how to encrypt values in query string, but the problem is that my KEYS tell more about query string then the values which are all integers converted to string.

Is there a way to encrypt the whole query string in ASP.NET including keys and key values?

Something like:

Default.aspx?value1=40&value2=30&value3=20

 Default.aspx?56sdf78fgh90sdf4564k34klog5646l

Thanks!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

饭团 2025-01-08 22:06:27

上面的许多参考文献都忽略了一个问题，那就是在返回加密字符串之前，URL 编码（在返回字符串之前请参阅下文）。我使用的是 IIS 7.5，它会自动为您“解码”字符串，因此解密“应该”没问题。加密和解密代码如下所示。

public string EncryptQueryString(string inputText, string key, string salt)
{
    byte[] plainText = Encoding.UTF8.GetBytes(inputText);

    using (RijndaelManaged rijndaelCipher = new RijndaelManaged())
    {
        PasswordDeriveBytes secretKey = new PasswordDeriveBytes(Encoding.ASCII.GetBytes(key), Encoding.ASCII.GetBytes(salt));
        using (ICryptoTransform encryptor = rijndaelCipher.CreateEncryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))
        {
            using (MemoryStream memoryStream = new MemoryStream())
            {
                using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
                {
                    cryptoStream.Write(plainText, 0, plainText.Length);
                    cryptoStream.FlushFinalBlock();
                    string base64 = Convert.ToBase64String(memoryStream.ToArray());

                    // Generate a string that won't get screwed up when passed as a query string.
                    string urlEncoded = HttpUtility.UrlEncode(base64);
                    return urlEncoded;
                }
            }
        }
    }
}

public string DecryptQueryString(string inputText, string key, string salt)
        {
            byte[] encryptedData = Convert.FromBase64String(inputText);
            PasswordDeriveBytes secretKey = new PasswordDeriveBytes(Encoding.ASCII.GetBytes(key), Encoding.ASCII.GetBytes(salt));

            using (RijndaelManaged rijndaelCipher = new RijndaelManaged())
            {
                using (ICryptoTransform decryptor = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))
                {
                    using (MemoryStream memoryStream = new MemoryStream(encryptedData))
                    {
                        using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
                        {
                            byte[] plainText = new byte[encryptedData.Length];
                            cryptoStream.Read(plainText, 0, plainText.Length);
                            string utf8 = Encoding.UTF8.GetString(plainText);
                            return utf8;
                        }
                    }
                }
            }
        }

There is one issue that many of the references above overlook, and that is just prior to returning the encrypted string, URL Encode (see below right before the string is returned). I am using IIS 7.5, and it will automatically "Decode" the string for you, so the decryption "should" be OK. Both the Encrypt and Decrypt code is shown below.

public string EncryptQueryString(string inputText, string key, string salt)
{
    byte[] plainText = Encoding.UTF8.GetBytes(inputText);

    using (RijndaelManaged rijndaelCipher = new RijndaelManaged())
    {
        PasswordDeriveBytes secretKey = new PasswordDeriveBytes(Encoding.ASCII.GetBytes(key), Encoding.ASCII.GetBytes(salt));
        using (ICryptoTransform encryptor = rijndaelCipher.CreateEncryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))
        {
            using (MemoryStream memoryStream = new MemoryStream())
            {
                using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
                {
                    cryptoStream.Write(plainText, 0, plainText.Length);
                    cryptoStream.FlushFinalBlock();
                    string base64 = Convert.ToBase64String(memoryStream.ToArray());

                    // Generate a string that won't get screwed up when passed as a query string.
                    string urlEncoded = HttpUtility.UrlEncode(base64);
                    return urlEncoded;
                }
            }
        }
    }
}

public string DecryptQueryString(string inputText, string key, string salt)
        {
            byte[] encryptedData = Convert.FromBase64String(inputText);
            PasswordDeriveBytes secretKey = new PasswordDeriveBytes(Encoding.ASCII.GetBytes(key), Encoding.ASCII.GetBytes(salt));

            using (RijndaelManaged rijndaelCipher = new RijndaelManaged())
            {
                using (ICryptoTransform decryptor = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))
                {
                    using (MemoryStream memoryStream = new MemoryStream(encryptedData))
                    {
                        using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
                        {
                            byte[] plainText = new byte[encryptedData.Length];
                            cryptoStream.Read(plainText, 0, plainText.Length);
                            string utf8 = Encoding.UTF8.GetString(plainText);
                            return utf8;
                        }
                    }
                }
            }
        }

回复收藏 0 原文