基于.net的加密汇总（2）

引用C#密码加密

EncryptPassWord类:

using System; using System.Data; using System.Configuration; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; using System.Security.Cryptography; using System.Text;
public class EncryptPassWord {     /// <summary>     /// 获取密钥     /// </summary>     /// <returns></returns>     public static string CreateSalt()     {         byte [] data = new byte [ 8 ];         new RNGCryptoServiceProvider().GetBytes(data);         return Convert.ToBase64String(data);     }
    /// <summary>     /// 加密密码     /// </summary>     /// <param name="pwdString"></param>     /// <param name="salt"></param>     /// <returns></returns>     public static string EncryptPwd( string pwdString, string salt)     {         if (salt == null || salt == "" )         {             return pwdString;         }         byte [] bytes = Encoding.Unicode.GetBytes(salt.ToLower().Trim() + pwdString.Trim());         return BitConverter.ToString(((HashAlgorithm)CryptoConfig.CreateFromName( " SHA1 " )).ComputeHash(bytes));     } }

 

 

DESEncrypt类:

using System; using System.Data; using System.Configuration; using System.Web; using System.Web.Security; using System.Security.Cryptography; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; using System.IO; using System.Text; /// <summary> /// Summary description for DESEncrypt /// </summary> public class DESEncrypt {     private string iv = " 12345678 " ;     private string key = " 12345678 " ;     private Encoding encoding = new UnicodeEncoding();     private DES des;
    public DESEncrypt()     {         des = new DESCryptoServiceProvider();     }
    /// <summary>     /// 设置加密密钥     /// </summary>     public string EncryptKey     {         get { return this .key; }         set         {             this .key = value;         }            }
    /// <summary>     /// 要加密字符的编码模式     /// </summary>     public Encoding EncodingMode     {         get { return this .encoding; }         set { this .encoding = value; }     }
    /// <summary>     /// 加密字符串并返回加密后的结果     /// </summary>     /// <param name="str"></param>     /// <returns></returns>     public string EncryptString( string str)     {         byte [] ivb = Encoding.ASCII.GetBytes( this .iv);         byte [] keyb = Encoding.ASCII.GetBytes( this .EncryptKey); // 得到加密密钥         byte [] toEncrypt = this .EncodingMode.GetBytes(str); // 得到要加密的内容         byte [] encrypted;         ICryptoTransform encryptor = des.CreateEncryptor(keyb, ivb);         MemoryStream msEncrypt = new MemoryStream();         CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write);         csEncrypt.Write(toEncrypt, 0 , toEncrypt.Length);         csEncrypt.FlushFinalBlock();         encrypted = msEncrypt.ToArray();         csEncrypt.Close();         msEncrypt.Close();         return this .EncodingMode.GetString(encrypted);     } }

 

1.原理:每次产生一个随机字符串作为密匙,用户输入一个密码,密码经过密匙加密得到一个字符串存放在数据库中...当需要验证密码时,要先得到密匙才能验证.

  (1).登录时,验证代码

 

// 根据用户名得到用户信息       DataTable dt = WYTWeb.UserDAO.UserLogin(userName); if (dt.Rows.Count == 0 ) {     return - 2 ; // 用户不存在 }
DataRow row = dt.Rows[ 0 ]; // 得到密匙 string salt = row[ " salt " ].ToString(); // 验证密码是否正确 if (EncryptPassWord.EncryptPwd(password, salt) == row[ " password " ].ToString()) {       // 登录成功 }

 

(2)修改密码时(与插入一条新密码一样)

 

// 从基类获得登录id int userId = LoginUser_Id; // 获得密匙 string salt = EncryptPassWord.CreateSalt(); // 得到经过加密后的"密码" string password = EncryptPassWord.EncryptPwd(txtPassword.Text.Trim(), salt); // 修改原数据 int result = WYTWeb.UserDAO.EditPassword(userId, password, salt); if (result > 0 ) {      WYTWeb.LogDAO.InsertLog( " info " , " wytWeb " , " 用户 " + userId + " 修改了密码 " , userId , this .Request.UserHostAddress.ToString());      ShowMessage( " 密码修改成功 " );            // this.Response.Redirect("CompanyInfo.aspx"); } else {     WYTWeb.LogDAO.InsertLog( " info " , " wytWeb " , " 用户 " + userId + " 修改密码失败 " , userId, this .Request.UserHostAddress.ToString());     ShowMessage( " 密码修改失败 " ); }