CryptDeriveKey失败AES算法名 [英] CryptDeriveKey fails for AES algorithm name
问题描述
我想实现的AES加密在我的应用程序。我有以下的code创建的用户密码哈希版本。
I'm trying to implement AES encryption in my application. I have the following code to create a hashed version of the user password.
PasswordDeriveBytes passwdHash = new PasswordDeriveBytes( password, salt,
"SHA1", 128 );
byte[] keyBytes = passwdHash.CryptDeriveKey( "AES", "SHA1",
192, iv );
第二行抛出一个 System.Security.Cryptography.CryptographicException
的错误信息对象标识符(OID)是未知
。我使用反射来验证被抛出的错误,因为 CryptDeriveKey()
不喜欢AES算法名(我使用 AesCryptoServiceProvider( )
来执行加密)。我试图改变名称为AESManaged,AES192和Rijndael算法,但他们都抛出同样的异常。
The second line throws a System.Security.Cryptography.CryptographicException
with the error message Object identifier (OID) is unknown
. I used Reflector to verify that the error is being thrown because CryptDeriveKey()
does not like the "AES" algorithm name (I'm using AesCryptoServiceProvider()
to perform the encryption). I tried changing the name to "AESManaged", "AES192" and "Rijndael" but they all throw the same exception.
我如何得到这个工作?或者是有导出密钥字节的替代方法? 此外,有没有在允许的算法名字符串是什么样的任何文件?我找不到MSDN文档该函数的任何信息。
How do I get this to work? Or is there an alternative method of deriving the key bytes? Also, is there any documentation on what the allowed algorithm name strings are? I can't find anything on the MSDN docs for that function.
我使用Visual Studio 2008和目标.NET Framework 3.5的
I'm using Visual Studio 2008 and target .NET framework 3.5
在此先感谢您的帮助!
推荐答案
为什么要来源于密码盐,而不是密码本身的关键?通常你用原始的密码和盐;确实是在我的书(的笑容的)第6章有以下示例。
Why do you want to derive a key from a password salt rather than the password itself? Usually you use the "raw" password and a salt; indeed in my book (grin) chapter 6 has the following sample.
private void GetKeyAndIVFromPasswordAndSalt(
string password,
byte[] salt,
SymmetricAlgorithm symmetricAlgorithm,
ref byte[] key,
ref byte[] iv)
{
Rfc2898DeriveBytes rfc2898DeriveBytes =
new Rfc2898DeriveBytes(password, salt);
key = rfc2898DeriveBytes.GetBytes(symmetricAlgorithm.KeySize / 8);
iv = rfc2898DeriveBytes.GetBytes(symmetricAlgorithm.BlockSize / 8);
}
当然盐应该是一个加密的安全随机字节数组;
Of course salt should be a cryptographically secure random byte array;
private static byte[] GenerateKeyGenerateRandomBytes(int length)
{
byte[] key = new byte[length];
RNGCryptoServiceProvider provider = new RNGCryptoServiceProvider();
provider.GetBytes(key);
return key;
}
这篇关于CryptDeriveKey失败AES算法名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!