我有一个程序,可以在其中写入和读取配置文件。在编写时,我使用vb.net中的RijndaelManaged对象对整个文件进行加密,在读取时,我会使用相同的密钥和init向量值进行解密。
它在我的开发机器和许多其他机器上都运行良好。但是,有些电脑无法使用相同的程序加密/解密文件。
这个加密对象中有什么东西可以阻止它吗?你建议使用什么?
感谢
编辑:这是我用来加密和解密的代码:据我所见,如果我加密主机上的字节,我可以从任何电脑上解密。然而,如果我从另一台电脑上加密字节,我就无法从任何电脑解密。此外,当我查看文件的内容时,它们看起来根本不一样。请注意,我通常使用的方法是从文件(通常是XML)创建一个内存流,然后加密/解密。
Public Shared Function EncryptBytes(ByVal strContenu() As Byte, ByVal initVectorBytes() As Byte, ByVal saltValueBytes() As Byte) As Byte()
' Convert our plaintext into a byte array.
' Let us assume that plaintext contains UTF8-encoded characters.
Dim plainTextBytes As Byte() = strContenu
'plainTextBytes = System.Text.Encoding.Unicode.GetBytes(strMessage)
Dim strPassPhrase As String = "d%6&?76dhd8?532LDhds8!7?&?8&?dhcv77"
Dim strHashAlgorithm As String = "SHA1"
Dim intPswdIterations As Integer = 2
' First, we must create a password, from which the key will be derived.
' This password will be generated from the specified passphrase and
' salt value. The password will be created using the specified hash
' algorithm. Password creation can be done in several iterations.
Dim password As PasswordDeriveBytes
password = New PasswordDeriveBytes(strPassPhrase, _
saltValueBytes, _
strHashAlgorithm, _
intPswdIterations)
' Use the password to generate pseudo-random bytes for the encryption
' key. Specify the size of the key in bytes (instead of bits).
Dim keyBytes As Byte()
keyBytes = password.GetBytes(32)
' Create uninitialized Rijndael encryption object.
Dim symmetricKey As RijndaelManaged
symmetricKey = New RijndaelManaged()
' It is reasonable to set encryption mode to Cipher Block Chaining
' (CBC). Use default options for other symmetric key parameters.
symmetricKey.Mode = CipherMode.CBC
' Generate encryptor from the existing key bytes and initialization
' vector. Key size will be defined based on the number of the key
' bytes.
Dim encryptor As ICryptoTransform
encryptor = symmetricKey.CreateEncryptor(keyBytes, initVectorBytes)
' Define memory stream which will be used to hold encrypted data.
Dim memoryStream As System.IO.MemoryStream
memoryStream = New System.IO.MemoryStream()
' Define cryptographic stream (always use Write mode for encryption).
Dim cryptoStream As CryptoStream
cryptoStream = New CryptoStream(memoryStream, _
encryptor, _
CryptoStreamMode.Write)
' Start encrypting.
cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length)
' Finish encrypting.
cryptoStream.FlushFinalBlock()
' Convert our encrypted data from a memory stream into a byte array.
Dim cipherTextBytes As Byte()
cipherTextBytes = memoryStream.ToArray()
' Close both streams.
memoryStream.Close()
cryptoStream.Close()
' Convert encrypted data into a base64-encoded string.
'Dim cipherText As String
'cipherText =
Return cipherTextBytes
' Return encrypted string.
'Return cipherText
End Function
Public Shared Function DecryptBytes(ByVal strContenuEncrypte() As Byte, ByVal initVectorBytes() As Byte, ByVal saltValueBytes() As Byte) As Byte()
' Convert strings defining encryption key characteristics into byte
' arrays. Let us assume that strings only contain ASCII codes.
' If strings include Unicode characters, use Unicode, UTF7, or UTF8
' encoding.
' Convert our ciphertext into a byte array.
Dim cipherTextBytes As Byte() = strContenuEncrypte
Dim strPassPhrase As String = "d%6&?76dhd8DSDhds8!7?&?8&?dhcv77"
Dim strHashAlgorithm As String = "SHA1"
Dim intPswdIterations As Integer = 2
' First, we must create a password, from which the key will be
' derived. This password will be generated from the specified
' passphrase and salt value. The password will be created using
' the specified hash algorithm. Password creation can be done in
' several iterations.
Dim password As PasswordDeriveBytes
password = New PasswordDeriveBytes(strPassPhrase, _
saltValueBytes, _
strHashAlgorithm, _
intPswdIterations)
' Use the password to generate pseudo-random bytes for the encryption
' key. Specify the size of the key in bytes (instead of bits).
Dim keyBytes As Byte()
keyBytes = password.GetBytes(32)
' Create uninitialized Rijndael encryption object.
Dim symmetricKey As RijndaelManaged
symmetricKey = New RijndaelManaged()
' It is reasonable to set encryption mode to Cipher Block Chaining
' (CBC). Use default options for other symmetric key parameters.
symmetricKey.Mode = CipherMode.CBC
' Generate decryptor from the existing key bytes and initialization
' vector. Key size will be defined based on the number of the key
' bytes.
Dim decryptor As ICryptoTransform
decryptor = symmetricKey.CreateDecryptor(keyBytes, initVectorBytes)
' Define memory stream which will be used to hold encrypted data.
Dim memoryStream As System.IO.MemoryStream
memoryStream = New System.IO.MemoryStream(cipherTextBytes)
' Define memory stream which will be used to hold encrypted data.
Dim cryptoStream As CryptoStream
cryptoStream = New CryptoStream(memoryStream, _
decryptor, _
CryptoStreamMode.Read)
' Since at this point we don't know what the size of decrypted data
' will be, allocate the buffer long enough to hold ciphertext;
' plaintext is never longer than ciphertext.
Dim plainTextBytes As Byte()
ReDim plainTextBytes(cipherTextBytes.Length)
' Start decrypting.
Dim decryptedByteCount As Integer
decryptedByteCount = cryptoStream.Read(plainTextBytes, _
0, _
plainTextBytes.Length)
' Close both streams.
memoryStream.Close()
cryptoStream.Close()
' Convert decrypted data into a string.
' Let us assume that the original plaintext string was UTF8-encoded.
Dim plainText As String
plainText = System.Text.Encoding.Unicode.GetString(plainTextBytes, _
0, _
decryptedByteCount)
' Return decrypted string.
Return plainTextBytes
End Function
如果您使用Mono而不是普通的.NET作为运行时,那么PasswordDeriveBytes对于任何高于20的输出都将失败。当请求的输出比PasswordDeriveBytes中的哈希输出所能提供的输出多时,PasswordDeriveBytes使用未知、专有、不确定、损坏、加密不安全的方法。Mono开发人员已将其标记为未修复。。
最好的做法是升级到Rfc2898DeriveBytes,它实现了PBKDF2而不是PBKDF1。PBKDF2定义了如何扩展输出量,以便所有实现都能按照指定的方式运行。
如果您需要比哈希函数提供的输出更多的输出,那么在PBKDF2的输出上使用KBKDF(如HKDF)会更安全。PKBDF2需要另一个完整的轮次来创建更多的数据,这可能有利于攻击者而不是普通用户,并将根据请求的字节数将CPU负载增加一倍或三倍。
[编辑]
还要注意的是,PasswordDeriveBytes的构造函数接受密码字符串,它没有指定要使用的字符编码,因此最好在将其提供给构造函数之前将其转换为字节。
不过,根据大多数观察,两者似乎都使用UTF-8——请注意,其他运行时(如Java)在这方面可能有所不同。
猜测:您是在文本模式下编写和读取文件吗?当加密的数据碰巧包含0x1A(EOF,ctrl-z)时,读取可能会提前停止,并且解密到几个字节。
您不能将120Gb文件上传到字节()。或者你有一台疯狂的机器。尝试在Ram 中上传Byte-to-Byte
Dim fStream As FileStream = New FileStream("Encrypted.Encrypted", FileMode.Create)
Dim cryptoStream As New CryptoStream(fStream, Encryptor, CryptoStreamMode.Write)
Using UploadFile As FileStream = New FileStream(OpenfileDialog.FileName, FileMode.Open)
For i = 0 To UploadFile.Length - 1
Dim NewByte As New Byte
NewByte = UploadFile.ReadByte
cryptoStream.WriteByte(NewByte)
Next
End Using
cryptoStream.FlushFinalBlock()
cryptoStream.Close()
fStream.Close()