密钥和 IV 分配给 AES 对象的目的是什么? [英] What is the purpose of key and IV assignment to AES object?
问题描述
在 AES 的 MSDN 中,我可以在示例中看到以下部分.
In MSDN for AES I can see the following part in the sample.
...
using (Aes aesAlg = Aes.Create())
{
aesAlg.Key = Key;
aesAlg.IV = IV;
ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);
...
} ...
我试图跳过将密钥和 IV 分配给 AES 对象(尽管在创建加密器时像这样设置它们.
I've tried to skipping the assignment of key and IV to the AES object (although setting them in the creation of the encryptor like this.
...
using (Aes aesAlg = Aes.Create())
{
//aesAlg.Key = Key;
//aesAlg.IV = IV;
ICryptoTransform encryptor = aesAlg.CreateEncryptor(Key, IV);
...
} ...
这似乎对结果没有影响.然而,由于它是样本的一部分,我担心它会出现问题.可能是我只尝试了没有显示的示例.
It seems to make no difference in the outcome. However, since it is a part of the sample, I worry that there is a case when it matters. It might be that I only tried examples where it doesn't show.
我什么时候需要将密钥和 IV 分配给 AES 对象?
When do I need to assign the key and IV to the AES object?
推荐答案
在第一个代码片段中,您已经为 Key 和 IV 属性赋值了对称算法对象,因此在创建加密转换时无需再次传递它们.在这种情况下,使用无参数重载,它使用已分配的 Key 和 IV 来创建加密器/解密器.
In the first code snippet, you've assigned values to the Key and IV properties of the symmetric algorithm object so you don't need to pass them again when you create the crypto transform. In this case, use the parameterless overload which uses the already assigned Key and IV to create the encryptor/decryptor.
using (Aes aesAlg = Aes.Create())
{
aesAlg.Key = Key;
aesAlg.IV = IV;
ICryptoTransform encryptor = aesAlg.CreateEncryptor();
// ...
}
第二个代码片段将使用传递的 Key 和 IV 参数创建相同的转换,而不管 aesAlg.Key 和 aesAlg.IV 值.考虑以下几点:
The second code snippet will create the same transform using the passed Key and IV params regardless of the aesAlg.Key and aesAlg.IV values. Consider the following:
using (Aes aesAlg = Aes.Create())
{
aesAlg.Key = Key;
aesAlg.IV = IV;
ICryptoTransform encryptor = aesAlg.CreateEncryptor(someOtherKey, somOtherIV);
// ...
}
这里,someOtherKey 和 someOtherIV 用于创建转换,而 aesAlg 属性被忽略.另一个需要考虑的例子:
Here, someOtherKey and someOtherIV are used to create the transform and the aesAlg properties are ignored. Another example to consider:
using (Aes aesAlg = Aes.Create())
{
ICryptoTransform encryptor = aesAlg.CreateEncryptor();
// ...
}
现在,aesAlg.Key &aesAlg.IV 属性为 null 并且 .CreateEncryptor() 将使用它们来创建转换.但是,该方法不会抛出任何异常,因为这些属性的 getter - 按设计 - 不返回 null 而是创建并分配随机值.
Now, both aesAlg.Key & aesAlg.IV properties are null and the .CreateEncryptor() will use them to create the transform. However, the method won't throw any exceptions because the getters of these properties - by design - don't return null and they create and assign random values instead.
您可能想尝试以下操作:
You might want to try the following:
private void SomeCaller()
{
using (var crypto = Aes.Create())
{
// A random Key is generated...
PrintHexValue(crypto.Key);
// And assigned...
PrintHexValue(crypto.Key);
var pass = "Konrad Viltersten";
var bytes = Encoding.UTF8.GetBytes(pass);
var rfc = new Rfc2898DeriveBytes(pass,
new SHA256Managed().ComputeHash(bytes), 1000);
var key = rfc.GetBytes(crypto.LegalKeySizes[0].MaxSize / 8);
var iv = rfc.GetBytes(crypto.LegalBlockSizes[0].MinSize / 8);
// Doesn't change the crypto.Key and crypto.IV properties...
var encr = crypto.CreateEncryptor(key, iv);
// The generated password-based key...
PrintHexValue(key);
// The random key remains...
PrintHexValue(crypto.Key);
crypto.Key = key;
crypto.IV = iv;
// The password-based key is assigned to the crypto.Key...
PrintHexValue(crypto.Key);
}
}
private void PrintHexValue(byte[] bytes) =>
Console.WriteLine(BitConverter.ToString(bytes).Replace("-", string.Empty));
结论
您的第二个代码片段是创建加密转换的快捷方式.您需要第一个在更广泛的范围内,例如这个.
Your second code snippet is a shortcut to create a crypto transform. You'll need the first one In wider scopes like this one for example.
这篇关于密钥和 IV 分配给 AES 对象的目的是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
