待解密的数据超过最大此模数的36字节 [英] The data to be decrypted exceeds the maximum for this modulus of 36 bytes

问题描述

我试图做一个安全的密码，但那里有什么毛病我如何使用RSA。
我的继承人代码：

 私人无效testencodedecode（）
 {
串迈赫迪=迈赫迪; 
 VAR ENC = encodePass（迈赫迪）; 
 VAR DEC = decodePass（ENC）; 
} 
私人RSAParameters rsaKey（）
 {
 VAR值= context.Settings.First（S = GT; s.ID == 1）; 
 
字节[] PWD = Encoding.ASCII.GetBytes（setting.PWDKEY）; 
 
字节[] =世博{1,0,1}; 
 
 VAR键=新System.Security.Cryptography.RSAParameters（）; 
 key.Exponent =世博会; 
 key.Modulus = PWD; 
 
返回键; 
} 
 
私人字符串encodePass（字符串传递）
 {
 VAR提供商=新的RSACryptoServiceProvider（）; 
 provider.ImportParameters（rsaKey（））; 
 
 VAR encryptedBytes = provider.Encrypt（Encoding.UTF8.GetBytes（通），FALSE）; 
 
返回Encoding.UTF8.GetString（encryptedBytes）; 
} 
 
私人字符串decodePass（字符串传递）
 {
 VAR提供商=新的RSACryptoServiceProvider（）; 
 provider.ImportParameters（rsaKey（））; 
串解密= Encoding.UTF8.GetString（provider.Decrypt（Encoding.UTF8.GetBytes（通），真））; 
返回解密; 
} 
  

这似乎加密罚款，但对解密具有以下错误：

要被解密的数据超过这一模的36个字节的最大

解决方案

有这里的方法的一些重大问题。首先，当你在另一个答案的评论中提到的是，您使用的是的Guid 来构建RSA模，这是完全无效的。不能使用随机数据直接构造公钥为多种原因：

<醇>

模量必须符合特定的结构，也就是说，它是产品两个大的素数，而你的的Guid 以二进制形式一般不会出现。

为了解密RSA加密的数据，你必须知道用来生成模量两个素数。即使你的无规弹性模量为两个大素数神奇你的产品将无法确定它们，因为这将需要分解的模量，这是一种有意很难做到（确实事，难度是RSA的整个基础安全性）。

您应该生成使用的RSACryptoServiceProvider 构造RSA密钥例如：

  //构建的RSACryptoServiceProvider，并创建一个新的2048位键
变种CSP =新的RSACryptoServiceProvider（2048） ; 
  

有关这个新生成密钥的参数，然后可以导出：

  //导出RSA参数，包括私营参数
 VAR参数= csp.ExportParameters（真）; 
  

然后参数可以存储（安全），并用来重新初始化解密以后在CSP

还有其他明显的问题，例如一个事实，即数据可以实际使用RSA加密的量由密钥大小的限制，因此具有2048位密钥的上面创建，您可以加密八分之二千零四十八 - 11 = 245字节（其中11字节是应用了PKCS＃1 v1.5的填充的结果）。如果要加密比这更多，一般的方法是使用对称密码（例如AES）来加密数据，然后使用RSA仅加密AES密钥

最后，而这可能会工作，我仍然不会因为有几乎总是与滚你自己的加密方案问题，依靠它的安全性。

I'm trying to make a password safe, but theres something wrong with how I use RSA. Heres my codes:

    private void testencodedecode()
    {
        string mehdi = "mehdi";
        var enc = encodePass(mehdi);
        var dec = decodePass(enc);
    }
    private RSAParameters rsaKey()
    {
        var setting = context.Settings.First(s => s.ID == 1);

        byte[] pwd = Encoding.ASCII.GetBytes(setting.PWDKEY);

        byte[] expo = {1,0,1};

        var key = new System.Security.Cryptography.RSAParameters();
        key.Exponent = expo;
        key.Modulus = pwd;

        return key;
    }

    private string encodePass(string pass)
    {
        var provider = new RSACryptoServiceProvider();
        provider.ImportParameters(rsaKey());

        var encryptedBytes = provider.Encrypt(Encoding.UTF8.GetBytes(pass), false);

        return Encoding.UTF8.GetString(encryptedBytes);
    }

    private string decodePass(string pass)
    {
       var provider = new RSACryptoServiceProvider();
       provider.ImportParameters(rsaKey());
       string decrypted = Encoding.UTF8.GetString(provider.Decrypt(Encoding.UTF8.GetBytes(pass), true));
       return decrypted;
    }

It seems to encrypt fine, but on decryption has the following error:

The data to be decrypted exceeds the maximum for this modulus of 36 bytes.

解决方案

There are some major issues with the method here. The first, as you mentioned in a comment on another answer is that you're using a Guid to construct the RSA modulus, which is entirely invalid. You cannot use random data to construct the public key directly for a number of reasons:

1. The modulus must conform to a specific structure, i.e. it is the product of two large prime numbers, whereas your Guid in binary form generally will not be.
2. In order to decrypt the RSA-encrypted data, you must know the two primes used to generate the modulus. Even if your random modulus was magically the product of two large primes you wouldn't be able to determine them, since this would require factoring the modulus, which is an intentionally difficult thing to do (indeed, the difficulty is the entire basis of RSA's security).

You should be generating the RSA key using the RsaCryptoServiceProvider constructor e.g.:

// Construct the RsaCryptoServiceProvider, and create a new 2048bit key
var csp = new RsaCryptoServiceProvider(2048);

The parameters for this newly generated key can then be exported:

// Export the RSA parameters, including the private parameters
var parameters = csp.ExportParameters(true);

The parameters can then be stored (securely) and used to re-initialize the CSP for decryption later.

There are also other obvious problems, such as the fact that the amount of data you can actually encrypt with RSA is limited by the key size, so with a 2048 bit key as created above, you can encrypt 2048 / 8 - 11 = 245 bytes (where the 11 bytes is a result of the PKCS#1 v1.5 padding that is applied). If you want to encrypt more than this, the general method is to use a symmetric cipher (e.g. AES) to encrypt the data, and then use RSA only to encrypt the AES key.

Finally, whilst this may work, I still wouldn't rely on it for security as there are almost always issues with roll-your-own encryption schemes.

这篇关于待解密的数据超过最大此模数的36字节的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！