如何加密JavaScript中的字符串并解密该字符串在C# [英] How can I encrypt a string in JavaScript and decrypt that string in C#
问题描述
我以前曾经问过这个问题,尽管在这些情况下,海报想加密公开的网站上的某些东西(通常是一个url),而这些回答主要是不要!。然而,在我的情况下,JavaScript将被存储在非公有内部系统中,所以我认为我有更多的余地。类似问题的一个例子是:如何加密网址在javascript中解密并在c#中解答 - 答案实际上并不回答这个问题。
I've seen this question asked before, though in these cases the poster wanted to encrypt something (usually a url) on a public facing website, and the responses were mostly "don't!". In my case, however, the JavaScript will be stored within a non-public internal system, so I think I have more leeway. One example of a similar question is: How to encrypt url in javascript and decrypt in c# - and the answers don't actually answer the question.
我的'JavaScript'实际上是'SuiteScript',它被定义作为SuiteScript是一个基于JavaScript的API,允许开发人员扩展NetSuite,其中NetSuite是托管的CRM软件包,因此用于加密字符串的任何编码都将被隐藏,除了我公司的员工安全隐藏)
My 'JavaScript' is actually 'SuiteScript', which is defined as "SuiteScript is a JavaScript-based API that gives developers the ability to extend NetSuite", where NetSuite is a hosted CRM package, so any coding used to encrypt my string would be hidden to everyone, except for employees of my company (so considered safely hidden).
我想做的是:
- 生成querystring(例如userid = guidValue& firstName = stringValue& company = stringValue& ...),
- 加密使用安全方法(如AES256,RSA,无论有人可以建议安全),
- 在我的基于C#的网站上调用网页,在网址中传递这个字符串(例如mysite。 com / mypage.aspx?encStr = encryptedString)
- 让C#页面解密,分开名称/值对并进行处理。
- generate a querystring (e.g. userid=guidValue&firstName=stringValue&company=stringValue&...),
- encrypt that using a secure method (such as AES256, RSA, whatever someone can suggest that's secure),
- call a webpage on my C# based website passing this string in the URL (e.g. mysite.com/mypage.aspx?encStr=encryptedString)
- have that C# page decrypt it, separate the name/value pairs and process them.
我已经搜索并搜索stackoverflow,但没有找到任何文章或答案,提供两种技术可以使用的加密方法的明确说明。有人有这样的指示吗?
I've googled around and search stackoverflow, but not found any articles or answers that provide clear instructions of an encryption method that can be used by both technologies. Does anyone have such instructions?
推荐答案
对称
最简单的方法是使用图书馆作为斯坦福Javascript加密库,实施标准(在这种情况下为AES),在C#中使用相同的密码(通过 AesManaged 或 AesCryptoServiceProvider )。
Symmetrical
The simplest way is to use a library as the Stanford Javascript Crypto Library that implement a standard (AES in this case) and to use the same cipher in C# (via AesManaged or AesCryptoServiceProvider).
您将获得一个对称的密码,但是几乎不能有一个参数(关键)设置为两个库都可以工作。
You'll get a symmetrical cipher but there nearly no more than one parameter (the key) to set for both libs to work.
您也可以使用非对称(公钥)密码。一个攻击者得到它的JavaScript代码将能够发送精心设计的请求到您的服务器,但不能拦截其他请求。
You could also use an asymmetrical (Public-Key) cipher instead. An attacker getting it's hand on the javascript code would be able to send crafted requests to your server but won't be able to intercept other requests.
有一个实现 JavaScript中的RSA 和 RSACryptoServiceProvider 类提供支持in .Net
There is an implementation of RSA in javascript and the RSACryptoServiceProvider class provide the support in .Net
完整示例在代码项目中可用,其中包含一个路径到JavaScript中的RSA,以支持填充(使用.Net实现时必需)
A full example is available in Code project including a path to the RSA in javascript lib to support padding (mandatory when using the .Net implementation)
这两个解决方案本身都容易受到重播(攻击者拦截字符串,并稍后(可能多次发送到服务器))
Both of theses solutions by themselves are vulnerable to replay (an attacker intercepting a string and sending it back later -- potentially multiple times -- to the server)
这篇关于如何加密JavaScript中的字符串并解密该字符串在C#的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
