如何使用自定义字符串(密码)作为 AES 密码密钥

问题描述 投票:0回答:2

我有以下代码。如果密钥(密码)是 32 个字符的字符串,则效果很好。但是,如果我喜欢使用像“密码”或类似的简单密码(甚至空白键),如何修复代码?现在我收到错误:System.Security.Cryptography.CryptographicException:“指定的密钥不是该算法的有效大小。”

    public string EncryptString(string plainText, string key)
    {
        using (Aes aes = Aes.Create())
        {
            aes.Key = Encoding.UTF8.GetBytes(key);
            aes.IV = new byte[16];
            ICryptoTransform encryptor = aes.CreateEncryptor(aes.Key, aes.IV);
            using (MemoryStream memoryStream = new MemoryStream())
            {
                using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
                {
                    using (StreamWriter streamWriter = new StreamWriter(cryptoStream))
                    {
                        streamWriter.Write(plainText);
                    }
                    return Convert.ToBase64String(memoryStream.ToArray());
                }
            }
        }
    }
    public string DecryptString(string cipherText, string key)
    {
        using (Aes aes = Aes.Create())
        {
            aes.Key = Encoding.UTF8.GetBytes(key);
            aes.IV = new byte[16];
            ICryptoTransform decryptor = aes.CreateDecryptor(aes.Key, aes.IV);
            using (MemoryStream memoryStream = new MemoryStream(Convert.FromBase64String(cipherText)))
            {
                using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
                {
                    using StreamReader streamReader = new StreamReader(cryptoStream);
                    return streamReader.ReadToEnd();
                }
            }
        }
    }
c# aes
2个回答
-1
投票

您可以使用散列函数将任何密码散列到您想要的长度。

填充密码似乎是一种更简单的方法来完成它,但是,请考虑以下情况,我们在末尾填充零。

P1:321 P2:3210

填充后,上述两个密码将计算为相同的密钥(32100...)。这可能存在安全风险。

另一方面,散列将产生完全不同的密钥。对于此用例,您可以直接使用 sha256 作为哈希函数。并使用静态密钥作为哈希函数。

-1
投票

感谢您提供解决问题的指导。以下固定代码工作正常:

   public string EncryptString(string plainText, string key)
   {
       using (Aes aes = Aes.Create())
       {
           byte[] aesKey = SHA256.HashData(StringToBytes(key));
           byte[] aesIV = MD5.Create().ComputeHash(StringToBytes(key));
           aes.Key = aesKey;
           aes.IV = aesIV;

           ICryptoTransform encryptor = aes.CreateEncryptor(aes.Key, aes.IV);
           using (MemoryStream memoryStream = new MemoryStream())
           {
               using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
               {
                   using (StreamWriter streamWriter = new StreamWriter(cryptoStream))
                   {
                       streamWriter.Write(plainText);
                   }
                   return Convert.ToBase64String(memoryStream.ToArray());
               }
           }
       }
   }
   public string DecryptString(string cipherText, string key)
   {
       using (Aes aes = Aes.Create())
       {
           byte[] aesKey = SHA256.HashData(StringToBytes(key));
           byte[] aesIV = MD5.Create().ComputeHash(StringToBytes(key));
           aes.Key = aesKey;
           aes.IV = aesIV;

           ICryptoTransform decryptor = aes.CreateDecryptor(aes.Key, aes.IV);
           using (MemoryStream memoryStream = new MemoryStream(Convert.FromBase64String(cipherText)))
           {
               using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
               {
                   using StreamReader streamReader = new StreamReader(cryptoStream);
                   return streamReader.ReadToEnd();
               }
           }
       }
   }
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.