使用AES的解密数据的大小错误 [英] Wrong size of decrypted data using AES
问题描述
在我们的项目中,我们使用follow方法在存储之前加密/解密重要数据。传入字节的大小始终为32.请查看:
In our project we use follow methods to encrypt/decrypt important data before storing. Size of incoming bytes is always 32. Please take a look:
public static string Encrypt(byte[] data, string pass)
{
using (var algorithm = new RijndaelManaged())
{
algorithm.Padding = PaddingMode.PKCS7;
var salt = new byte[32];
new Random().NextBytes(salt);
using (var rng = new Rfc2898DeriveBytes(pass, salt, 3072))
{
algorithm.Key = rng.GetBytes(algorithm.KeySize / 8);
algorithm.IV = rng.GetBytes(algorithm.BlockSize / 8);
using (var oms = new MemoryStream())
{
using (var ims = new MemoryStream(data))
{
var encryptor = algorithm.CreateEncryptor();
var cs = new CryptoStream(oms, encryptor, CryptoStreamMode.Write);
ims.CopyTo(cs);
cs.FlushFinalBlock();
}
oms.Flush();
var target = new byte[oms.Length + salt.Length];
oms.ToArray().CopyTo(target, 0);
salt.CopyTo(target, oms.Length);
return Convert.ToBase64String(target);
}
}
}
}
public static byte[] Decrypt(string data, string pass)
{
var allbytes = Convert.FromBase64String(data);
var salt = new byte[32];
var databytes = new byte[allbytes.Length - salt.Length];
Array.Copy(allbytes, databytes.Length, salt, 0, salt.Length);
Array.Copy(allbytes, 0, databytes, 0, databytes.Length);
using (var algorithm = new RijndaelManaged())
{
algorithm.Padding = PaddingMode.PKCS7;
using (var rng = new Rfc2898DeriveBytes(pass, salt, 3072))
{
algorithm.Key = rng.GetBytes(algorithm.KeySize / 8);
algorithm.IV = rng.GetBytes(algorithm.BlockSize / 8);
using (var oms = new MemoryStream())
{
using (var ims = new MemoryStream(databytes))
{
var decryptor = algorithm.CreateDecryptor();
using (var cs = new CryptoStream(ims, decryptor, CryptoStreamMode.Read))
{
cs.CopyTo(oms);
}
}
return oms.ToArray();
}
}
}
}此代码适用于所有情况。但在客户环境中,我们在解密期间有47个字节而不是32个字节。经过一些调查后,我意识到当使用不正确的密码时可能会发生这种行为(与加密相同但在另一个字节组合中解密为
)。但客户非常确定密码是否正确。当环境配置(Windows更新,安全配置等)引起这样的问题时,可能会出现这种情况吗?感谢您的帮助。
This code works great in all cases. But on customer environment we've got 47 bytes instead of 32 during decryption. After some investigation I realized that such behavior may occurs when use incorrect passphrase (not same as encrypted but good enogth to decrypt in another byte combination). But customer very sure that password is correct. Might be a situation when environmental configuration (Windows of .Net updates, security config etc.) cause such problem? Thanks for any help.
推荐答案
你好DevForRest,
Hi DevForRest,
感谢你在这里发帖。
>> 但在客户环境中,我们在解密期间有47个字节而不是32个字节。
盐大小必须为8个字节或更大,迭代次数必须大于零。你怎么得到47字节的盐? salt字节设置为32. 我测试代码。没有代码可以更改
盐的值。
The salt size must be 8 bytes or larger and the iteration count must be greater than zero. How do you get the salts of 47 bytes? The salt bytes is set to 32. I test the code. There is no code to change this value of salts.
您提供的代码使用相同的密码。你如何获得数据字节?你如何将你从解密中获得的值转换成字符串?
The code you provided works well with the same password. How do you get the bytes of data? And how do you convert the value you get from the decrypt to string?
如果我用错误的密码测试代码,我会得到例外。
If I test the code with wrong password, I will get the exception.
以下是我为您的参考调用这两种方法的方法。
Here is the way I invoke these two methods fro your reference.
byte[] data = Encoding.UTF8.GetBytes("hello");
string encrypt = Encrypt(data, "word");
string str = Encoding.UTF8.GetString(Decrypt(encrypt, "word"));
最好的问候,
Best Regards,
Wendy
这篇关于使用AES的解密数据的大小错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
