简单加密问题 [英] Simple encryption question

问题描述

大家好，

我有一个很简单的问题.它可能有一个复杂的答案，但我们会看到的.我想创建一个加密类.该类必须能够加密和解密文件.

子问题:我计划使用AES算法，其KeySize为256位.这是一种强大的加密算法，还是有更好的加密算法?我更喜欢默认情况下.NET框架支持的算法.

现在我的问题是:我想允许用户将密码传递给将生成密钥的方法，该方法用于加密过程.但是，我也想允许用户加密文件而不必提供密码.我意识到这不是最安全的加密方式.现在，在那种情况下，我想生成一个密钥.如果该方法每次被调用都生成一个不同的密钥，那将是理想的.但是，我找不到一种方法来重现用于解密文件的已用密钥.

有谁知道如何动态生成密钥，该密钥提供不同的密钥，但又能够重现特定加密文件的密钥?

谢谢，爱德华

[edit]
糟糕，忘记了，如果可以将加密文件传输并解密到其他计算机，那就太好了，因此没有硬件ID可以解决问题.
[/edit]

Hey guys,

I have a pretty simple question. It may have a complex answer, but we''ll see. I want to create an encryption class. The class must be able to encrypt and decrypt files.

Sub-question : I plan to use the AES algorithm, with a KeySize of 256 bits. Is this a strong encryption algorithm, or is there a better one? I prefer algorithms supported by the .NET framework by default.

Now my question is : I want to allow the user to pass passwords to a method which will generate a key, that is used for the encryption process. However, I also want to allow the user to encrypt files without having to provide a password. I realize this is not the safest way of encrypting. Now I in that case, I want to generate a key. It would be ideal if that method generates a different key each time it''s called. However I can''t find a way to reproduce a used key for decrypting a file.

Does anyone have an idea how to generated keys dynamically, which delivers different keys, but is also able to reproduce the key of a certain encrypted file?

Thanks, Eduard

[edit]
Oops, forgot to mention, it would be nice if the encrypted files could be transferred and decrypted to other machines, so no hardware id''s can do the trick.
[/edit]

推荐答案

通常，在生成密钥之前，您会添加一些盐"；盐只是随机字节的列表/数组.加盐的密码可以发送到哈希函数；选择一个返回的哈希值大于密钥大小的哈希值.前32个字节(256位)是您的密钥，其余部分可用于验证.
进行加密时，在文件中添加一个小标头:其中包含盐和验证值.
如果用户不想提供密码，则使用string.Empty.
当您想要解密文件时，请读取盐值和验证值.如果可以使用空字符串生成验证值，请使用该空字符串作为密码来生成密钥.否则，向用户询问您可以使用验证值检查的密码.

Normally you will add some "salt" before generating the key; the salt is just a list/array of random bytes. The salted password may be sent to a hash function; select one which returns a hash which is longer than your key size. The first 32 bytes (256 bits) are your key, the rest may be used for verification.
When doing encryption, add a small header to the file: it contains the salt and the verification value.
In case the user does not want to provide a password, string.Empty is used for that.
When you want to decrypt the file, read the salt and verification value. If an empty string could result in the verification value, generate your key with that empty string as a password. Otherwise, ask the user for the password which you can check with the verification value.

这篇关于简单加密问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！