.Net RijndaelManaged可以'找不到Javascript

.Net RijndaelManaged can't find Javascript

本文关键字:找不到 Javascript RijndaelManaged 可以 Net      更新时间:2023-09-26

我在C#WCF中使用以下加密/解密:

    public static string EncryptString(string InputText, string Password)
    {
        RijndaelManaged RijndaelCipher = new RijndaelManaged();
        RijndaelCipher.Padding = PaddingMode.ISO10126;
        if (string.IsNullOrEmpty(Password) == true)
        {
            Password = "Test";
        }
        byte[] PlainText = System.Text.Encoding.Unicode.GetBytes(InputText);
        byte[] Salt = Encoding.ASCII.GetBytes(Password.Length.ToString());
        //This class uses an extension of the PBKDF1 algorithm defined in the PKCS#5 v2.0 
        //standard to derive bytes suitable for use as key material from a password. 
        //The standard is documented in IETF RRC 2898.
        PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(Password, Salt);
        //Creates a symmetric encryptor object. 
        ICryptoTransform Encryptor = RijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16));
        MemoryStream memoryStream = new MemoryStream();
        //Defines a stream that links data streams to cryptographic transformations
        CryptoStream cryptoStream = new CryptoStream(memoryStream, Encryptor, CryptoStreamMode.Write);
        cryptoStream.Write(PlainText, 0, PlainText.Length);
        //Writes the final state and clears the buffer
        cryptoStream.FlushFinalBlock();
        byte[] CipherBytes = memoryStream.ToArray();
        memoryStream.Close();
        memoryStream = null;
        cryptoStream.Close();
        cryptoStream = null;
        PlainText = null;
        Salt = null;
        try
        {
            GC.Collect();
        }
        catch { }
        return Convert.ToBase64String(CipherBytes);
    }

    public static string DecryptString(string InputText, string Password)
    {
        RijndaelManaged RijndaelCipher = new RijndaelManaged();
        RijndaelCipher.Padding = PaddingMode.ISO10126;
        if (string.IsNullOrEmpty(Password) == true)
        {
            Password = "Test";
        }
        byte[] EncryptedData = Convert.FromBase64String(InputText);
        byte[] Salt = Encoding.ASCII.GetBytes(Password.Length.ToString());
        //Making of the key for decryption
        PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(Password, Salt);
        //Creates a symmetric Rijndael decryptor object.
        ICryptoTransform Decryptor = RijndaelCipher.CreateDecryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16));
        MemoryStream memoryStream = new MemoryStream(EncryptedData);
        //Defines the cryptographics stream for decryption.THe stream contains decrpted data
        CryptoStream cryptoStream = new CryptoStream(memoryStream, Decryptor, CryptoStreamMode.Read);
        byte[] PlainText = new byte[EncryptedData.Length];
        int DecryptedCount = cryptoStream.Read(PlainText, 0, PlainText.Length);
        memoryStream.Close();
        memoryStream = null;
        cryptoStream.Close();
        cryptoStream = null;
        Salt = null;
        try
        {
            GC.Collect();
        }
        catch { }
        //Converting to string
        return Encoding.Unicode.GetString(PlainText, 0, DecryptedCount);
    }

现在,我正在尝试使用Java脚本来适应,希望在我的网络中加密数据,并能够在我的WCF中解密数据,我尝试使用这个脚本,但没有工作,在那里我可以找到Javascript或JS&净样本?

得到以下错误:{"要解密的数据长度无效。"}

谢谢。

好的,如果我理解正确,您希望在浏览器中用javascript加密用户名/密码,以便将数据安全地传输到WCF服务。为了实现这一点,您在两侧都使用AES(对称)加密。

如果这是正确的,那么您应该真正使用SSL。为什么?因为SSL可以做到这一点,但要好得多。简单地说,SSL将在对RSA密钥的公钥进行身份验证后协商AES密钥。因此,您可以获得客户端javascript的额外好处,因为它可以确保与正确的服务器通信。

我认为roll您自己的AES方法的错误在于,至少,您必须向客户端javascript公开您的密钥(没有公钥身份验证步骤)。这意味着你正在立即破坏安全性,因为任何拥有该密钥的人现在都可以向服务器发送数据。

如果我误解了,那么也许有合适的时机来做这件事,然而,目前我还没有看到。

希望这能有所帮助。

相关文章: