CryptographicException:填充是无效的,不能除去 [英] CryptographicException: Padding is invalid and cannot be removed
问题描述
我需要一些简单的字符串加密,所以我写了下面code(带了大量的灵感来自的here ):
I needed some simple string encryption, so I wrote the following code (with a great deal of "inspiration" from here):
// create and initialize a crypto algorithm
private static SymmetricAlgorithm getAlgorithm(string password) {
SymmetricAlgorithm algorithm = Rijndael.Create();
Rfc2898DeriveBytes rdb = new Rfc2898DeriveBytes(
password, new byte[] {
0x53,0x6f,0x64,0x69,0x75,0x6d,0x20, // salty goodness
0x43,0x68,0x6c,0x6f,0x72,0x69,0x64,0x65
}
);
algorithm.Padding = PaddingMode.ISO10126;
algorithm.Key = rdb.GetBytes(32);
algorithm.IV = rdb.GetBytes(16);
return algorithm;
}
/*
* encryptString
* provides simple encryption of a string, with a given password
*/
public static string encryptString(string clearText, string password) {
SymmetricAlgorithm algorithm = getAlgorithm(password);
byte[] clearBytes = System.Text.Encoding.Unicode.GetBytes(clearText);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, algorithm.CreateEncryptor(), CryptoStreamMode.Write);
cs.Write(clearBytes, 0, clearBytes.Length);
cs.Close();
return Convert.ToBase64String(ms.ToArray());
}
/*
* decryptString
* provides simple decryption of a string, with a given password
*/
public static string decryptString(string cipherText, string password) {
SymmetricAlgorithm algorithm = getAlgorithm(password);
byte[] cipherBytes = Convert.FromBase64String(cipherText);
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, algorithm.CreateDecryptor(), CryptoStreamMode.Write);
cs.Write(cipherBytes, 0, cipherBytes.Length);
cs.Close();
return System.Text.Encoding.Unicode.GetString(ms.ToArray());
}
在code能够正常工作,不同之处在于,当使用不正确的密钥来解密数据,我得到一个CryptographicException - 填充是无效的不能删除 - 在decryptString的cs.Close()线。
The code appears to work fine, except that when decrypting data with an incorrect key, I get a CryptographicException - "Padding is invalid and cannot be removed" - on the cs.Close() line in decryptString.
例如code:
string password1 = "password";
string password2 = "letmein";
string startClearText = "The quick brown fox jumps over the lazy dog";
string cipherText = encryptString(startClearText, password1);
string endClearText = decryptString(cipherText, password2); // exception thrown
我的问题是,这是可以预期?我本来以为用了错误的密码解密只会导致废话产出,而不是例外。
My question is, is this to be expected? I would have thought that decrypting with the wrong password would just result in nonsense output, rather than an exception.
推荐答案
虽然这已经被回答了,我认为这将是一个不错的主意,解释为什么这是可以预料的。
Although this have been already answered I think it would be a good idea to explain why it is to be expected.
一个填充方案通常适用,因为大多数加密过滤器不是语义安全和prevent某种形式cryptoatacks的。例如,通常在RSA中 OAEP 的填充方案使用其中prevents某些种类的攻击(如选定的明文攻击或致盲)。
A padding scheme is usually applied because most cryptographic filters are not semantically secure and to prevent some forms of cryptoatacks. For example, usually in RSA the OAEP padding scheme is used which prevents some sorts of attacks (such as a chosen plaintext attack or blinding).
一个填充方案追加一些(通常)随机垃圾邮件米发送消息之前。在OAEP方法,例如两个甲骨文被使用(这是一个简单的解释):
A padding scheme appends some (usually) random garbage to the message m before the message is sent. In the OAEP method, for example, two Oracles are used (this is a simplistic explanation):
- 鉴于你PADD K1位用0和K0位用一个随机数的模量的大小。
- 然后,通过应用一些转变的消息,你得到填充的消息至极被加密并发送。
这为您提供了一个随机的消息,然后用一种方法来测试,如果邮件是垃圾与否。由于填充方案是可逆的,当您解密消息,而你也不能说对邮件本身的完整性什么可以,其实,做出了一些填充断言,因此你可以知道消息已被正确解密或者你正在做一些错误的(即有人篡改了消息,或者你用错了钥匙)
That provides you with a randomization for the messages and with a way to test if the message is garbage or not. As the padding scheme is reversible, when you decrypt the message whereas you can't say anything about the integrity of the message itself you can, in fact, make some assertion about the padding and thus you can know if the message has been correctly decrypted or you're doing something wrong (i.e someone has tampered with the message or you're using the wrong key)
这篇关于CryptographicException:填充是无效的,不能除去的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
