c 中rfc2898derivebytes的替代方案而无需使用clr。C#样本在下面共享。
string clearText="text to sign";
string EncryptionKey = "secret";
byte[] clearBytes = Encoding.UTF8.GetBytes(clearText);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x48, 0x71, 0x21, 0x6d, 0x21, 0x4c, 0x61, 0x62, 0x72, 0x62, 0x61, 0x62, 0x72 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write))
{
cs.Write(clearBytes, 0, clearBytes.Length);
cs.Close();
}
clearText = Convert.ToBase64String(ms.ToArray());
}
}
您可以在openssl中使用 PKCS5_PBKDF2_HMAC。
这两个功能都是PBKDF2函数,可以使用互换性。
更新:
这是用于您在C#和OpenSSL中生成类似键的示例代码。
C#侧:
public static void Main()
{
string EncryptionKey = "secret";
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x48, 0x71, 0x21, 0x6d, 0x21, 0x4c, 0x61, 0x62, 0x72, 0x62, 0x61, 0x62, 0x72 }, 1000);
Console.WriteLine("[{0}]", string.Join(", ", pdb.GetBytes(32)));
Console.WriteLine("[{0}]", string.Join(", ", pdb.GetBytes(16)));
}
OpenSSL侧:
#include <openssl/evp.h>
#include <string.h>
#include <stdlib.h>
int main(){
char secret[] = "secret";
unsigned char buf[48] = {0,};
int size = 48;
unsigned char salt[] = { 0x48, 0x71, 0x21, 0x6d, 0x21, 0x4c, 0x61, 0x62, 0x72, 0x62, 0x61, 0x62, 0x72 };
PKCS5_PBKDF2_HMAC(secret, strlen(secret), salt, sizeof(salt), 1000, EVP_sha1(), size, buf);
for (int i = 0; i < size; i++)
printf("%d ", buf[i]);
return 0;
}
在这些代码中只记得只有1,000,使用至少100,000甚至1,000,000。