.Net常见的几种加密方式
.Net加密算法主要分为:对称算法、非对称算法、哈希算法、随机算法。每种算法都有自己的使用场景,例如 保护隐私(防止查看)、保护完整性(防止更改)、数字签名、生成秘钥、秘钥交换、生成随机数等。
按照不同场景,微软建议使用的算法如下:
- 数据隐私:Aes
- 数据完整性:HMACSHA256、HMACSHA512
- 数字签名:ECDsa、RSA
- 密钥交换:ECDiffieHellman、RSA
- 随机数生成:RandomNumberGenerator
- 从密码生成密钥:Rfc2898DeriveBytes
一、私钥加密
私钥加密也称之为对称加密,因为使用的是相同的秘钥来加密、解密。对称加密是对流执行的,所以可以对大数据进行加密。对称加密速度比公钥加密速度快。对称算法要求创建秘钥和初始化向量(IV),秘钥必须保密、IV可以公开但应定期更改。常见的私钥加密有:DES、AES、HMACSHA256、HMACSHA384、HMACSHA512等。
using System;
using System.Collections.Generic;
using System.IO;
using System.Net.Http;
using System.Security.Cryptography;
using System.Text;
namespace Demo
{
class Program
{
static void Main(string[] args)
{
#region 秘钥长度
//16位密钥 = 128位
//24位密钥 = 192位
//32位密钥 = 256位
Aes aes = Aes.Create();
KeySizes[] ks = aes.LegalKeySizes;
foreach (KeySizes k in ks)
{
Console.WriteLine("\tLegal min key size = " + k.MinSize);
Console.WriteLine("\tLegal max key size = " + k.MaxSize);
Console.WriteLine("\tLegal skipsize = " + k.SkipSize);
}
//This sample produces the following output:
// Legal min key size = 128
// Legal max key size = 256
// Legal skipsize = 64
#endregion
string original = "Here is some data to encrypt!";
// Create a new instance of the Aes
// class. This generates a new key and initialization
// vector (IV).
//using (Aes myAes = Aes.Create())
//{
// var strkey = Convert.ToBase64String(myAes.Key);
// var striv = Convert.ToBase64String(myAes.IV);
//}
var strkey = "BlkUeVL1KZ/AVTo36ziIOIg+cvztnOCUlc3HNoQBs8c=";
var striv = "G2+hseZr74KJtu1BCdzdwQ==";
//Aes加密
var encrypted = AesEncrypt(original, strkey, striv);
//Aes解密
string roundtrip = AesDecrypt(encrypted, strkey, striv);
Console.WriteLine("Encrypted: {0}", encrypted);
Console.WriteLine("Round Trip: {0}", roundtrip);
Console.ReadLine();
}
/// 二、公钥加密
公钥加密也称之为非对称加密,因为使用的是可公开的公钥加密数据、受保护的私钥解密数据。公钥算法是对少数字节执行的,执行速度比私钥算法慢,所以只适用于少量数据的加密,并且设计的目的也不是用于大数据加密。公钥算法也可以用与数字签名,使用私钥签名数据,公钥验证签名。
常见的公钥算法有:
- RSA:可用于加密数据和数字签名。
- DSA:只能用于数字签名,没有RSA安全。
- ECDiffieHellman:只能用于秘钥生成。
- ECDsa
using System;
using System.Collections.Generic;
using System.IO;
using System.Net.Http;
using System.Security.Cryptography;
using System.Text;
namespace Demo
{
class Program
{
static void Main(string[] args)
{
#region netframework-4.5
//RSA
/*
Create a new instance of the RSA class.
Export the public key information and send it to a third party.
*/
//using (RSA rsa = RSA.Create())
//{
// var publicKey1 = rsa.ToXmlString(false);//公钥
// var privateKey1 = rsa.ToXmlString(true);//公钥、私钥
//}
var publicKey = "38BMPKXER5pb33bslSPaibF7rrCPDFI2Ur6NQs7+Nflb3u+sLNVeNdLkO+8jevqEJRYbX8aJveTc3oCN9YqIqZVLlP9dSpbKCiJURp7KXPiBwzm4R+3KHf4SQbDU1r9ehj+FPxIHxkmRyDI8YVmrk3qSlgbcuY7WY0JFhtx8clU= AQAB 38BMPKXER5pb33bslSPaibF7rrCPDFI2Ur6NQs7+Nflb3u+sLNVeNdLkO+8jevqEJRYbX8aJveTc3oCN9YqIqZVLlP9dSpbKCiJURp7KXPiBwzm4R+3KHf4SQbDU1r9ehj+FPxIHxkmRyDI8YVmrk3qSlgbcuY7WY0JFhtx8clU= AQAB 9wP5W44hIosp3xRfeWBHRlWjIj17MW4TF29YFo/lC6pZH0Onw1ARggBaRRmjZhFsrMNQQ5x+t2mItW/YQ9czpw==
5+O0BloSYXJPxK8VMQi4gwpC7b+rqfjKlesD8TSlsmq91fvIKuOuVC7Dntbi3EVikQnuMm4gJtB5mu5x8KLZow==
RoMn527HHqlDJp8WMfu93OINU3ThedbGNGZgavBgndfe4QHbHfH5TXb0Tc1ny3cl4ptOij5eHdVOZRysS5Fe+Q== xD25Tl7Pi1QYGZUp0/NTYuI+PcGlXxTDLRhUn740M8eNnBeWEGXaVDe3KSclmc/GWIQU5uy3nOF06B6+oizPDQ== Ukdbn+ggSHfzJq1CVL4XP5pB5CFpX+vkLJ7WoVFo1RpUKMEPtehSpKGL62fZ7fHsZzExcHhqvm5kSyXKNqGBUQ== 20WXMKP+u3Dw8giYhvuQ8fllzOcn+JoktGgbBUrW40wQlWRpZbJf1f1rP7T2H1Gb6MBGaVCmsdqz/LUc6XEuxLTAKT4sfkUlBcGS6L5GIEzNMfDwetOLQn8YCM/qsaFdNtwhl4J0CTJQkbeTLQ0rO/iWKF87F37WcUb/Jnk7h40= 三、数字签名
数字签名使用的是公钥算法实现的,使用私钥签名数据、公钥验证数据,保护数据完整性。常见的数字签名算法有RSA、RSA2、ECDsa、DSA。
- RSA:全称SHA1WithRSA,对RSA密钥的长度不限制,推荐使用2048位以上。
- RSA2:全称SHA256WithRSA,强制要求RSA密钥的长度至少为2048,比RSA更加安全。
using System;
using System.Collections.Generic;
using System.IO;
using System.Net.Http;
using System.Security.Cryptography;
using System.Text;
namespace Demo
{
class Program
{
static void Main(string[] args)
{
#region netframework-4.5
//1.私钥生成签名
//The hash value to sign.
str = "我是RSA数字签名。";
byte[] hashValue = CalcSHA256(str);
byte[] signedHashValue;
string signedStr;
//Generate a public/private key pair.
using (var rsa = new RSACryptoServiceProvider())
{
rsa.FromXmlString(privateKey);
//Create an RSAPKCS1SignatureFormatter object and pass it the
//RSA instance to transfer the private key.
RSAPKCS1SignatureFormatter rsaFormatter = new RSAPKCS1SignatureFormatter(rsa);
//Set the hash algorithm to SHA256.
rsaFormatter.SetHashAlgorithm("SHA256");
//Create a signature for hashValue and assign it to
//signedHashValue.
signedHashValue = rsaFormatter.CreateSignature(hashValue);
signedStr = Convert.ToBase64String(signedHashValue);
}
//2.公钥验证签名
str = "我是RSA数字签名。";
signedStr = "rhzchQiUc4/hPz1Qcx6kSz8vmDkNNX/nLIzU0NkUJe/Mq7MrQBzHC5+NguPLy86UHkQKp3z1TxnIOSYS9rKAtn2B6rbDepd2jpwTed93qsC+ZrFh2gDXbKHHZFcmcqEwj2vjOpqibynC5Y5phu4dBExSCf4KsgInMrJM17maFJg=";
hashValue = CalcSHA256(str);
signedHashValue = Convert.FromBase64String(signedStr);
using (var rsa = new RSACryptoServiceProvider())
{
rsa.FromXmlString(publicKey);
RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
rsaDeformatter.SetHashAlgorithm("SHA256");
if (rsaDeformatter.VerifySignature(hashValue, signedHashValue))
{
Console.WriteLine("The signature is valid.");
}
else
{
Console.WriteLine("The signature is not valid.");
}
}
#endregion
#region RSA2数字签名
//1.私钥生成签名
//The hash value to sign.
var str = "我是RSA数字签名。";
byte[] hashValue = CalcSHA256(str);
byte[] signedHashValue;
string signedStr;
//Generate a public/private key pair.
using (var rsa = RSA.Create())
{
rsa.ImportRSAPrivateKey(Convert.FromBase64String(privateKey), out int bytesRead);
//Create an RSAPKCS1SignatureFormatter object and pass it the
//RSA instance to transfer the private key.
RSAPKCS1SignatureFormatter rsaFormatter = new RSAPKCS1SignatureFormatter(rsa);
//Set the hash algorithm to SHA256.
rsaFormatter.SetHashAlgorithm("SHA256");
//Create a signature for hashValue and assign it to
//signedHashValue.
signedHashValue = rsaFormatter.CreateSignature(hashValue);
signedStr = Convert.ToBase64String(signedHashValue);
}
//2.公钥验证签名
str = "我是RSA数字签名。";
signedStr = "Gt8GYpwhSE2kUyYeCsaQQyWpViMW/Gl89gJ+riXZDte0etIX00MoFzn6nzIe7fm/xESytc/VAKn2LtT+5bNarHI1vT3VdjsrPJwFNb7mJiHxMA9hyz3gRikHu1v153DejlJ1cVDgV7y8NL79OpB6qZOuPmU/sP8Om3tqCLqTUDUkNR0+kxuDI7Jpysi30zmmsIT8VpcYoV+PYoCoDLE2UJgX7oPMS8FRNajS+3GIrVstn5nh+XiavUA32sC1iZN1gfwVGQRMVuNSFkVy5xwFBiDkU90ho+HLhaSW3Zh2uQpWphHYwMZLgSItahF43WIF4w0W1Y6+P0i3zfeYGNxKGg==";
hashValue = CalcSHA256(str);
signedHashValue = Convert.FromBase64String(signedStr);
using (var rsa = RSA.Create())
{
rsa.ImportRSAPublicKey(Convert.FromBase64String(publicKey), out int bytesRead);
RSAPKCS1SignatureDeformatter rsaDeformatter = new RSAPKCS1SignatureDeformatter(rsa);
rsaDeformatter.SetHashAlgorithm("SHA256");
if (rsaDeformatter.VerifySignature(hashValue, signedHashValue))
{
Console.WriteLine("The signature is valid.");
}
else
{
Console.WriteLine("The signature is not valid.");
}
}
#endregion
Console.ReadLine();
}
private static byte[] CalcSHA1(string str)
{
using (SHA1 sha = System.Security.Cryptography.SHA1.Create())
{
var bytes = sha.ComputeHash(Encoding.UTF8.GetBytes(str));
return bytes;
}
}
private static byte[] CalcSHA256(string str)
{
using (SHA256 sha = System.Security.Cryptography.SHA256.Create())
{
var bytes = sha.ComputeHash(Encoding.UTF8.GetBytes(str));
return bytes;
}
}
}
}
四、哈希算法
哈希算法将任意长度的二进制数据映射到较小的固定长度的二进制值,数据发生改变后,数据对应的哈希值也将改变。常见的哈希算法有MD5、SHA1、SHA256、SHA384、SHA512。由于MD5和SHA1发现了漏洞不安全,不推荐使用。
using System;
using System.Collections.Generic;
using System.IO;
using System.Net.Http;
using System.Security.Cryptography;
using System.Text;
namespace Demo
{
class Program
{
static void Main(string[] args)
{
string original = "Here is some data to encrypt!";
//1.MD5加密
using (var md5 = MD5.Create())
{
var bytes = md5.ComputeHash(Encoding.UTF8.GetBytes(original));
var sb = new StringBuilder();
foreach (var item in bytes)
{
sb.Append(item.ToString("X2"));
}
Console.WriteLine($"MD5:{sb.ToString()}");
}
//2.SHA1加密
using (SHA1 mySHA1 = SHA1.Create())
{
var bytes = mySHA1.ComputeHash(Encoding.UTF8.GetBytes(original));
var sb = new StringBuilder();
foreach (var item in bytes)
{
sb.Append(item.ToString("X2"));
}
Console.WriteLine($"SHA256:{sb.ToString()}");
}
//3.SHA256加密
using (SHA256 mySHA256 = SHA256.Create())
{
var bytes = mySHA256.ComputeHash(Encoding.UTF8.GetBytes(original));
var sb = new StringBuilder();
foreach (var item in bytes)
{
sb.Append(item.ToString("X2"));
}
Console.WriteLine($"SHA256:{sb.ToString()}");
}
//4.SHA512加密
using (SHA512 mySHA256 = SHA512.Create())
{
var bytes = mySHA256.ComputeHash(Encoding.UTF8.GetBytes(original));
var sb = new StringBuilder();
foreach (var item in bytes)
{
sb.Append(item.ToString("X2"));
}
Console.WriteLine($"SHA512:{sb.ToString()}");
}
Console.ReadLine();
}
}
}
五、随机数
随机数生成是很多加密操作的必要组成部分。 例如,加密密钥需要尽可能的随机,以便使其很难再现。
using System;
using System.Collections.Generic;
using System.IO;
using System.Net.Http;
using System.Security.Cryptography;
using System.Text;
namespace Demo
{
class Program
{
static void Main(string[] args)
{
var str="";
//1.RandomNumberGenerator:
#region
using (var random = RandomNumberGenerator.Create())
{
//生成32位秘钥
var bytes = new byte[32];
random.GetBytes(bytes);//用加密型强随机值序列填充字节数组。
str = Convert.ToBase64String(bytes);
Console.WriteLine(str);
}
#endregion
//2.Random:
#region
var rd = new Random();
//1.生成32位秘钥
var rdbytes = new byte[32];
rd.NextBytes(rdbytes);
str = Convert.ToBase64String(rdbytes);
Console.WriteLine(str);
//2.随机生成1-100的整数。
for (int i = 0; i < 10; i++)
{
var num = rd.Next(0, 101);//生成介于指定下限(含)与指定上限(不含)之间的随机整数。
Console.WriteLine(num);
}
//3. 随机生成姓名
string[] malePetNames = { "Rufus", "Bear", "Dakota", "Fido",
"Vanya", "Samuel", "Koani", "Volodya",
"Prince", "Yiska" };
Random rnd = new Random();
// Generate random indexes for pet names.
int mIndex = rnd.Next(malePetNames.Length);
// Display the result.
Console.WriteLine("Suggested pet name of the day: ");
Console.WriteLine(" For a male: {0}", malePetNames[mIndex]);
//4.指定种子
//使用的种子相同,生成的随机数也相同。
var seed = (int)DateTime.Now.Ticks;
var rd1 = new Random(seed);
var rd2 = new Random(seed);
Console.WriteLine(rd1.Next());
Console.WriteLine(rd2.Next());
// The example displays output similar to the following:
// 2004787064
// 2004787064
#endregion
Console.ReadLine();
}
}
}