C＃中，如何检查值是使用MD5密码加密？ [英] C#, how to check if value is encrypted using MD5 passphrase?

问题描述

我有以下代码加密值（见下表）。现在，我想编写一个bool isEncrypted（）方法。有没有检查是否值已使用此函数加密的傻瓜证明和可靠的方式。我有解密程序，并可以控制密码短语，但不知道这会有所帮助。

原因是 - 当应用程序第一次运行，在配置文件中的值是不加密的，在这种情况下，该应用应该自动加密这些值。 2日来看，我不想再加密，因为很明显，将导致严重破坏。最后，我不希望有一个isEncrypted属性添加到配置价值。我希望它的工作，并尽可能的动态。

到目前为止，我倾向于使用LEN（128）为决定因素，但总是有未加密的价值也正在这个长度远程机会。

先谢谢了。

 公共静态字符串加密（字符串文本）
 {
 //当地人
 VAR密码=5ab394ed-3920-4932-8d70-9c1b08f4ba4e 
字节[]的结果; 
 VAR = UTF8新UTF8Encoding（）; 
 
 //步骤1.散列使用MD5 
中的密码//我们使用MD5散列发生器作为结果是128位的字节数组
 //这是一个有效的长度我们使用以下
变种hashProvider =新MD5CryptoServiceProvider（）到了TripleDes编码器; 
 VAR tdesKey = hashProvider.ComputeHash（utf8.GetBytes（密码））; 
 
 //第2步：创建一个新的TripleDESCryptoServiceProvider对象
 //第3步：设置编码器
变种tdesAlgorithm =新TripleDESCryptoServiceProvider 
 {
键= tdesKey，
模式= CipherMode.ECB，
填充= PaddingMode.PKCS7 
}; 
 
 //第4步：将输入字符串一个byte [] 
 VAR dataToEncrypt = utf8.GetBytes（文本）; 
 
 //第5步尝试）加密字符串
试
 {
变种加密= tdesAlgorithm.CreateEncryptor（; 
结果= encryptor.TransformFinalBlock（dataToEncrypt，0，dataToEncrypt.Length）; 
} 
终于
 {
 //清除任何敏感信息
 tdesAlgorithm.Clear的TripleDES的和Hashprovider服务（）; 
 hashProvider.Clear（）; 
} 
 
 //第6步：返回加密的字符串作为一个base64编码字符串
返回Convert.ToBase64String（结果）; 
} 
  

解决方案

您可以在做些什么isEncrypted方法是尝试对消息进行解密。结果
由于您使用的PKCS7填充最有可能的一个未加密的邮件将无法解密，因为填充不符合设定的填充模式。

解密将抛出一个异常，你就必须抓住这一点，在这种情况下返回false。

有一个远端机会如果数据符合填充模式解密将经过（当未加密的消息）。但是，这是最不可能的。

我想在这种情况下做些什么是添加某种标志中的加密数据或追加一些数据加密的消息，因为我可以然后在解密将其删除。这将是最万无一失的方法。

I have the following code to encrypt a value (listed below). Now I would like to write a bool isEncrypted() method. Is there a fool proof and reliable way to check if a value has been encrypted using this function. I have the decrypt routine and can control the pass phrase, but not sure if that will help.

The reason is - when the app first runs, values in a configuration file are not encrypted, in this case the app should auto encrypt these values. On 2nd run I don't want to encrypt again because obviously that would cause havoc. Lastly I don't want to have to add an isEncrypted attribute to the config value. I want it to work and look as dynamic as possible.

So far I am leaning towards using the len (128) as deciding factor, but there is always a remote chance of the unencrypted value also being this length.

Thanks in advance.

public static string encrypt(string text)
    {
        // Locals
        var passphrase = "5ab394ed-3920-4932-8d70-9c1b08f4ba4e";
        byte[] results;
        var utf8 = new UTF8Encoding();

        // Step 1. We hash the passphrase using MD5
        // We use the MD5 hash generator as the result is a 128 bit byte array
        // which is a valid length for the TripleDES encoder we use below
        var hashProvider = new MD5CryptoServiceProvider();
        var tdesKey = hashProvider.ComputeHash(utf8.GetBytes(passphrase));

        // Step 2. Create a new TripleDESCryptoServiceProvider object
        // Step 3. Setup the encoder
        var tdesAlgorithm = new TripleDESCryptoServiceProvider
        {
            Key = tdesKey,
            Mode = CipherMode.ECB,
            Padding = PaddingMode.PKCS7
        };

        // Step 4. Convert the input string to a byte[]
        var dataToEncrypt = utf8.GetBytes(text);

        // Step 5. Attempt to encrypt the string
        try
        {
            var encryptor = tdesAlgorithm.CreateEncryptor();
            results = encryptor.TransformFinalBlock(dataToEncrypt, 0, dataToEncrypt.Length);
        }
        finally
        {
            // Clear the TripleDes and Hashprovider services of any sensitive information
            tdesAlgorithm.Clear();
            hashProvider.Clear();
        }

        // Step 6. Return the encrypted string as a base64 encoded string
        return Convert.ToBase64String(results);
    }

解决方案

What you could do in the isEncrypted method is to try to decrypt the message.
Since you are using PKCS7 padding most likely an unencrypted message will fail to decrypt since the padding does not conform to the set padding mode.

The decryption will throw an exception and you'll have to catch this and return false in this case.

There is a remote chance that the decryption will go through (when the message is not encrypted) if the data conforms to the padding mode. This is however most unlikely.

What I would do in this case would be to add some kind of flag in the encrypted data or append some data to encrypted message since I can then remove it in the decryption. This would be the most foolproof way.

这篇关于C＃中，如何检查值是使用MD5密码加密？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！