我有以下代码。如果密钥(密码)是 32 个字符的字符串,则效果很好。但是,如果我喜欢使用像“密码”或类似的简单密码(甚至空白键),如何修复代码?现在我收到错误:System.Security.Cryptography.CryptographicException:“指定的密钥不是该算法的有效大小。”
public string EncryptString(string plainText, string key)
{
using (Aes aes = Aes.Create())
{
aes.Key = Encoding.UTF8.GetBytes(key);
aes.IV = new byte[16];
ICryptoTransform encryptor = aes.CreateEncryptor(aes.Key, aes.IV);
using (MemoryStream memoryStream = new MemoryStream())
{
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter streamWriter = new StreamWriter(cryptoStream))
{
streamWriter.Write(plainText);
}
return Convert.ToBase64String(memoryStream.ToArray());
}
}
}
}
public string DecryptString(string cipherText, string key)
{
using (Aes aes = Aes.Create())
{
aes.Key = Encoding.UTF8.GetBytes(key);
aes.IV = new byte[16];
ICryptoTransform decryptor = aes.CreateDecryptor(aes.Key, aes.IV);
using (MemoryStream memoryStream = new MemoryStream(Convert.FromBase64String(cipherText)))
{
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
{
using StreamReader streamReader = new StreamReader(cryptoStream);
return streamReader.ReadToEnd();
}
}
}
}
您可以使用散列函数将任何密码散列到您想要的长度。
填充密码似乎是一种更简单的方法来完成它,但是,请考虑以下情况,我们在末尾填充零。
P1:321 P2:3210
填充后,上述两个密码将计算为相同的密钥(32100...)。这可能存在安全风险。
另一方面,散列将产生完全不同的密钥。对于此用例,您可以直接使用 sha256 作为哈希函数。并使用静态密钥作为哈希函数。
感谢您提供解决问题的指导。以下固定代码工作正常:
public string EncryptString(string plainText, string key)
{
using (Aes aes = Aes.Create())
{
byte[] aesKey = SHA256.HashData(StringToBytes(key));
byte[] aesIV = MD5.Create().ComputeHash(StringToBytes(key));
aes.Key = aesKey;
aes.IV = aesIV;
ICryptoTransform encryptor = aes.CreateEncryptor(aes.Key, aes.IV);
using (MemoryStream memoryStream = new MemoryStream())
{
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter streamWriter = new StreamWriter(cryptoStream))
{
streamWriter.Write(plainText);
}
return Convert.ToBase64String(memoryStream.ToArray());
}
}
}
}
public string DecryptString(string cipherText, string key)
{
using (Aes aes = Aes.Create())
{
byte[] aesKey = SHA256.HashData(StringToBytes(key));
byte[] aesIV = MD5.Create().ComputeHash(StringToBytes(key));
aes.Key = aesKey;
aes.IV = aesIV;
ICryptoTransform decryptor = aes.CreateDecryptor(aes.Key, aes.IV);
using (MemoryStream memoryStream = new MemoryStream(Convert.FromBase64String(cipherText)))
{
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
{
using StreamReader streamReader = new StreamReader(cryptoStream);
return streamReader.ReadToEnd();
}
}
}
}