这里有一个问题。有一个著名的图书馆"奇尔卡特地穴"。它包含3des加密方法。
public static void ChilkatEncryption(String cc, string tdesKey, string tdesIV)
{
Crypt2 crypt = new Chilkat.Crypt2();
bool success = crypt.UnlockComponent("Anything for 30-day trial");
if (success != true)
{
Console.WriteLine(crypt.LastErrorText);
return;
}
// Specify 3DES for the encryption algorithm:
crypt.CryptAlgorithm = "3des";
// CipherMode may be "ecb" or "cbc"
crypt.CipherMode = "cbc";
// KeyLength must be 192. 3DES is technically 168-bits;
// the most-significant bit of each key byte is a parity bit,
// so we must indicate a KeyLength of 192, which includes
// the parity bits.
crypt.KeyLength = 192;
// The padding scheme determines the contents of the bytes
// that are added to pad the result to a multiple of the
// encryption algorithm's block size. 3DES has a block
// size of 8 bytes, so encrypted output is always
// a multiple of 8.
crypt.PaddingScheme = 0;
// EncodingMode specifies the encoding of the output for
// encryption, and the input for decryption.
// It may be "hex", "url", "base64", or "quoted-printable".
crypt.EncodingMode = "hex";
// An initialization vector is required if using CBC or CFB modes.
// ECB mode does not use an IV.
// The length of the IV is equal to the algorithm's block size.
// It is NOT equal to the length of the key.
string ivHex = tdesIV;
crypt.SetEncodedIV(ivHex, "hex");
// The secret key must equal the size of the key. For
// 3DES, the key must be 24 bytes (i.e. 192-bits).
string keyHex = tdesKey;
crypt.SetEncodedKey(keyHex, "hex");
// Encrypt a string...
// The input string is 44 ANSI characters (i.e. 44 bytes), so
// the output should be 48 bytes (a multiple of 8).
// Because the output is a hex string, it should
// be 96 characters long (2 chars per byte).
string encStr = crypt.EncryptStringENC(cc);
Console.WriteLine(encStr);
// Now decrypt:
string decStr = crypt.DecryptStringENC(encStr);
Console.WriteLine(decStr);
}
当我尝试在没有这个第三方库的情况下使用标准提供商进行同样的操作时,结果完全不同:
private static string EncryptData(String cc, byte[] tdesKey, byte[] tdesIV)
{
//Create the file streams to handle the input and output files.
MemoryStream fin = new MemoryStream();
MemoryStream fout = new MemoryStream();
StreamWriter sw = new StreamWriter(fin);
sw.Write(cc);
sw.Flush();
fin.Position = 0;
fout.SetLength(0);
//Create variables to help with read and write.
byte[] bin = new byte[100]; //This is intermediate storage for the encryption.
long rdlen = 0; //This is the total number of bytes written.
long totlen = fin.Length; //This is the total length of the input file.
int len; //This is the number of bytes to be written at a time.
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
tdes.Mode=CipherMode.CBC;
tdes.Padding = PaddingMode.None;
CryptoStream encStream = new CryptoStream(fout, tdes.CreateEncryptor(tdesKey, tdesIV), CryptoStreamMode.Write);
Console.WriteLine("Encrypting...");
//Read from the input file, then encrypt and write to the output file.
while (rdlen < totlen)
{
len = fin.Read(bin, 0, 100);
encStream.Write(bin, 0, len);
rdlen = rdlen + len;
Console.WriteLine("{0} bytes processed", rdlen);
}
byte[] encBytes = fout.ToArray();
return BitConverter.ToString(encBytes);
}
有人知道吗,标准.NET加密应该设置什么参数才能获得相同的3DES结果?
谢谢!
填充不正确
根据这里的Chilkat文档,PaddingScheme
值为0意味着库将使用PKCS#5填充。PKCS#5本质上只是PKCS#7的一个特例,它只针对大小为8字节的块密码(如Triple DES)指定。使用.NET提供程序,应该指定PaddingMode.PKCS7
,而不是如上所述的PaddingMode.None
。
此外,您需要确保显式关闭CryptoStream
,这样它就知道您已经完成了对它的写入,以便它可以加密最后的(填充的)块:
encStream.Close();
byte[] encBytes = fout.ToArray();
编码不正确
另一个可能会也可能不会给您带来问题的问题是,这两个不同的示例使用了不同的文本编码。Chilkat库看起来默认使用"ANSI"编码。然而,在第二个示例中,您没有在StreamWriter
构造函数中显式指定编码,因此它默认为UTF-8。
根据加密的数据,这可能会也可能不会给您带来问题,但基本上,如果您有任何字符在普通旧ASCII的范围之外,您将在两个函数之间得到不一致的结果,因为您实际上不会加密相同的东西。
快速修复方法是在StreamWriter
构造函数中指定编码:
StreamWriter sw = new StreamWriter(fin, Encoding.Default);
这将为您提供一个StreamWriter
,它将根据系统的默认ANSI代码页从字符串中写入字节。这方面的大问题是,无论"ANSI"在您的系统上意味着什么,都不一定与其他人的系统相同(有关详细解释,请参阅此问题),因此如果您需要互操作,这可能会导致问题。
出于这个原因,我强烈建议您指定更具体的编码,例如UTF-8。
对于Chilkat图书馆,你可以这样做:
crypt.Charset = "utf-8";
对于.NET提供程序示例,可以在StreamWriter
构造函数中显式指定编码:
StreamWriter sw = new StreamWriter(fin, Encoding.UTF8);
您也可以省略参数,因为UTF-8是StreamWriter
类使用的默认编码。
顺便说一句,与其一开始就使用
StreamWriter
将输入字符串编码/写入内存流fin
,然后将其读回以一次写入100个字节的CryptoStream
,不如直接编码到字节数组并一次写入CryptoStream
:
var buffer = Encoding.UTF8.GetBytes(cc);
encStream.Write(buffer, 0, buffer.Length);