Microsoft Enterprise Library 5.0 系列(二) Cryptography Application Block (初级)
企业库加密应用程序模块提供了2种方式让用户保护自己的数据:
- Hashingproviders: 离散加密法, 简单来说就是把你的信息保存到内存中后用一个离散值表示并返回给程序,这样在程序中只能看到离散值而不是明文,这样就起到简单的加密效果啦.
- Cryptographyproviders: 密钥加密法. 用对称加密方法对数据进行加密(尚未支持非对称加密).
使用企业库加密应用程序模块的优势:
- 减少了需要编写的模板代码,执行标准的任务,可以用它来解决常见的应用程序加密的问题.
- 有助于维持一个应用程序内和跨企业的数据传输加密.
- 允许管理员进行加密配置,包括使用组策略.
- 可扩展,支持用户自定义加密技术.
下面介绍如何使用Microsoft Enterprise Library 5.0中的加密应用程序模块.
1.下载安装好MicrosoftEnterprise Library 5.0,然后在运行EntLibConfig.exe
2. 选择Blocks菜单 ,单击 Add CryptographySettings .
下面分别样式如何创建Hash Providers 和 Symmetric CryptographyProviders 加密策略:
(A) Hash Providers 策略使用步骤:
(1) 点击HashProviders 区块右上角的加号按钮, Add Hash Providers, 然后点击Add Hash Algorithm Provider,在弹出的对话框中选择System.Core下的MD5Cng,
表示我们要用MD5的加密方法获取离散值.
(2) 点击 File 菜单,单击 Save,保存为一个App.config文件,可以先保存到桌面,之后要用到它. 用记事本打开App.config,可以看到如下内容.
代码
<
configuration
>
<
configSections
>
<
section
name
="securityCryptographyConfiguration"
type
="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.Configuration.CryptographySettings,Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=5.0.414.0,Culture=neutral, PublicKeyToken=31bf3856ad364e35"
requirePermission
="true"
/>
</
configSections
>
<
securityCryptographyConfiguration
>
<
hashProviders
>
<
add
name
="MD5Cng"
type
="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.HashAlgorithmProvider,Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=5.0.414.0,Culture=neutral, PublicKeyToken=31bf3856ad364e35"
algorithmType
="System.Security.Cryptography.MD5Cng,System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
saltEnabled
="true"
/>
</
hashProviders
>
</
securityCryptographyConfiguration
>
</
configuration
>
(3) 要使用缓存应用程序模块, 需要导入相应的Dll文件,在此我们要导入的是Microsoft.Practices.EnterpriseLibrary.Caching.dll ,将App.config文件添加到项目中,
并添加usingMicrosoft.Practices.EnterpriseLibrary.Security.Cryptography引用:
添加引用:
usingMicrosoft.Practices.EnterpriseLibrary.Security.Cryptography;
(4) 测试:
usingSystem;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.Practices.EnterpriseLibrary.Security.Cryptography;
namespace test
{
classProgram
{
staticvoid Main( string []args)
{
// 获取离散码
stringhash = Cryptographer.CreateHash( " MD5Cng " , " SensitiveData " );
// 打印显示
Console.WriteLine(hash);
Console.WriteLine( " ------------------------------------------------ " );
// 验证
boolequal = Cryptographer.CompareHash( " MD5Cng " , " SensitiveData " ,hash);
// 打印结果
if (equal)
{
Console.WriteLine( " 正确 " );
}
else
{
Console.WriteLine( " 错误 " );
}
}
}
}
运行结果:
(B) Symmetric CryptographyProviders策略实现步骤:
(1) 点击symmetriccryptography provider 区块右上角的加号按钮,然后点击 Add Symmetric Cryptography Providers, 在此我们能看到3个选项,下面介绍一下:
- Add Custom SymmetricCrypto Provider :顾名思义,用户自定义的加密策略,较麻烦,要自己写相应的加密类.
- Add DPAPI Symmetric Crypto Provider : 添加一个数据加密API生成的对称密钥进行加密.
- Add Sysmmetric Algorithm Provider : 较高级的对称加密方法,需要用户生成Key文件对数据进行保护.
在此我介绍的是第二种方法,因此请单击选择 Add DPAPI Symmetric Crypto Provider.
(2) 点击 File 菜单,单击 Save更新原有的App.config文件,打开可看到以下内容.
代码
<
configuration
>
<
configSections
>
<
section
name
="securityCryptographyConfiguration"
type
="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.Configuration.CryptographySettings,Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=5.0.414.0,Culture=neutral, PublicKeyToken=31bf3856ad364e35"
requirePermission
="true"
/>
</
configSections
>
<
securityCryptographyConfiguration
defaultHashInstance
="MD5Cng"
>
<
hashProviders
>
<
add
name
="MD5Cng"
type
="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.HashAlgorithmProvider,Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=5.0.414.0,Culture=neutral, PublicKeyToken=31bf3856ad364e35"
algorithmType
="System.Security.Cryptography.MD5Cng,System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
saltEnabled
="true"
/>
</
hashProviders
>
<
symmetricCryptoProviders
>
<
add
type
="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.DpapiSymmetricCryptoProvider,Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=5.0.414.0,Culture=neutral, PublicKeyToken=31bf3856ad364e35"
name
="DPAPISymmetric Crypto Provider"
/>
</
symmetricCryptoProviders
>
</
securityCryptographyConfiguration
>
</
configuration
>
(3) 测试:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.Practices.EnterpriseLibrary.Security.Cryptography;
namespace test
{
class Program
{
static void Main( string [] args)
{
/// /获取离散码
// string hash = Cryptographer.CreateHash("MD5Cng", "SensitiveData");
/// /打印显示
// Console.WriteLine(hash);
// Console.WriteLine("------------------------------------------------");
/// /验证
// bool equal = Cryptographer.CompareHash("MD5Cng", "SensitiveData", hash);
/// /打印结果
// if (equal)
// {
// Console.WriteLine("正确");
// }
// else
// {
// Console.WriteLine("错误");
// }
string Encrypt = Cryptographer.EncryptSymmetric( " DPAPI Symmetric Crypto Provider " , " SensitiveData " );
Console.WriteLine( " 密文: " + Encrypt);
Console.WriteLine( " ------------------------------------------------ " );
Encrypt = Cryptographer.DecryptSymmetric( " DPAPI Symmetric Crypto Provider " , Encrypt);
Console.WriteLine( " 原文: " + Encrypt);
}
}
}
运行结果:
