基于密钥的简单文本文件加密 [英] simple text file encryption based on a key

问题描述

我正在尝试实现一个简单的文本文件加密技术，我正在使用以下代码来实现。代码不是由我写的，我只是googled并得到它。加密技术似乎相当简单，简洁易用。我看到它只有一个功能可以进行加密和解密。只要传递钥匙，它会做的伎俩。但是，我只想知道，是否可以检查用户的密钥是否正确。目前它只会根据传递的密钥加密/解密文本文件。但是没有机制来检查我们正在使用正确的密钥进行解密。无论我们通过什么密钥，它将被解密，但是它将不可读。任何想法如何解决这个问题..？

I am trying to implement a simple text file encryption technique and I am using the following code to do so. The code is not written by me, I just googled and got it. The encryption technique seems to be pretty simple, concise and easy to implement. I see that it has only one function that can do the encryption and the decryption on the fly. Just pass the key it will do the trick. However, I just wanted to know, is it possible for me to check if the key is passed by the user is correct or not. Currently it will just encrypt / decrypt the text file based on the passed key. But there is no mechanism to check if we are decrypting with correct key or not. Whatever the key we pass, it will get decrypted, but it will not be readable. Any idea how to tackle this problem..?

procedure TEnDeCrypt.EnDecryptFile(pathin, pathout: string; Chave: Word);
var
  InMS, OutMS: TMemoryStream;
  cnt: Integer;
  C: byte;
begin
  InMS  := TMemoryStream.Create;
  OutMS := TMemoryStream.Create;
  try
    InMS.LoadFromFile(pathin);
    InMS.Position := 0;
    for cnt := 0 to InMS.Size - 1 DO
      begin
        InMS.Read(C, 1);
        C := (C xor not (ord(chave shr cnt)));
        OutMS.Write(C, 1);
      end;
    OutMS.SaveToFile(pathout);
  finally
    InMS.Free;
    OutMS.Free;
  end;
end;

推荐答案

使用散列算法在纯文本上生成校验和并将其存储在加密文件的开头。

Generate a checksum on the plain text using a hashing algorithm and store it at the beginning of the encrypted file.

您可以通过散列解密的文本来确认密钥，并确保校验和匹配。

You can verify the key by hashing the decrypted text and ensure that the checksum matches.

如果您使用强大的散列算法（如SHA256）来生成校验和，用户将难以自动执行暴力攻击，因为它的计算费用昂贵。

If you use a strong hashing algorithm such as SHA256 to generate the checksum, it will be difficult for the user to automate a brute force attack because it will be computationally expensive.

为确保文件完好无损，您还可能希望在加密文件上存储校验和，并将其存储在文件头中。否则，将无法区分无效的密码与截断的文件。

To ensure that the file is intact, you may also wish to store a checksum on the encrypted file and store it in the file header as well. Otherwise, there will be no way to differentiate an invalid password from a truncated file.

我通常使用 Blowfish 加密算法，可从多个来源获取Delphi。 Blowfish没有已知的弱点，相当紧凑和快速。

I typically use the Blowfish encryption algorithm, which is available for Delphi from multiple sources. Blowfish has no known weaknesses and is fairly compact and fast.

这篇关于基于密钥的简单文本文件加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！