aes类时微软msdn中最常用的加密类,微软官网也有例子,参考链接:
但是这个例子并不好用,限制太多,通用性差,实际使用中,我遇到的更多情况需要是这样:
1、输入一个字节数组,经aes加密后,直接输出加密后的字节数组。
2、输入一个加密后的字节数组,经aes解密后,直接输出原字节数组。
对于我这个十八流业余爱好者来说,aes我是以用为主的,所以具体的aes是怎么运算的,我其实并不关心,我更关心的是aes的处理流程。结果恰恰这一方面,网上的信息差强人意,看了网上不少的帖子,但感觉都没有说完整说透,而且很多帖子有错误。
因此,我自己绘制了一张此种方式下的流程图:
按照此流程图进行了核心代码的编写,验证方法aescoresingletest既是依照此流程的产物,实例化类aescoresingle后调用此方法即可验证。
至于类中的异步方法enordecryptfileasync,则是专门用于文件加解密的处理,此异步方法参考自《c# 6.0学习笔记》(周家安 著)最后的示例,这本书写得真棒。
using system;
using system.collections.generic;
using system.io;
using system.linq;
using system.security.cryptography;
using system.text;
using system.threading;
using system.threading.tasks;
using system.windows;
namespace aessinglefile
{
class aescoresingle
{
/// <summary>
/// 使用用户口令,生成符合aes标准的key和iv。
/// </summary>
/// <param name="password">用户输入的口令</param>
/// <returns>返回包含密钥和向量的元组</returns>
private (byte[] key, byte[] iv) generatekeyandiv(string password)
{
byte[] key = new byte[32];
byte[] iv = new byte[16];
byte[] hash = default;
if (string.isnullorwhitespace(password))
throw new argumentexception("必须输入口令!");
using (sha384 sha = sha384.create())
{
byte[] buffer = encoding.utf8.getbytes(password);
hash = sha.computehash(buffer);
}
//用sha384的原因:生成的384位哈希值正好被分成两段使用。(32+16)*8=384。
array.copy(hash, 0, key, 0, 32);//生成256位密钥(32*8=256)
array.copy(hash, 32, iv, 0, 16);//生成128位向量(16*8=128)
return (key: key, iv: iv);
}
public byte[] encryptbyte(byte[] buffer, string password)
{
byte[] encrypted;
using (aes aes = aes.create())
{
//设定密钥和向量
(aes.key, aes.iv) = generatekeyandiv(password);
//设定运算模式和填充模式
aes.mode = ciphermode.cbc;//默认
aes.padding = paddingmode.pkcs7;//默认
//创建加密器对象(加解密方法不同处仅仅这一句话)
var encryptor = aes.createencryptor(aes.key, aes.iv);
using (memorystream msencrypt = new memorystream())
{
using (cryptostream csencrypt = new cryptostream(msencrypt, encryptor, cryptostreammode.write))//选择write模式
{
csencrypt.write(buffer, 0, buffer.length);//对原数组加密并写入流中
csencrypt.flushfinalblock();//使用write模式需要此句,但read模式必须要有。
encrypted = msencrypt.toarray();//从流中写入数组(加密之后,数组变长,详见方法aescoresingletest内容)
}
}
}
return encrypted;
}
public byte[] decryptbyte(byte[] buffer, string password)
{
byte[] decrypted;
using (aes aes = aes.create())
{
//设定密钥和向量
(aes.key, aes.iv) = generatekeyandiv(password);
//设定运算模式和填充模式
aes.mode = ciphermode.cbc;//默认
aes.padding = paddingmode.pkcs7;//默认
//创建解密器对象(加解密方法不同处仅仅这一句话)
var decryptor = aes.createdecryptor(aes.key, aes.iv);
using (memorystream msdecrypt = new memorystream(buffer))
{
using (cryptostream csdecrypt = new cryptostream(msdecrypt, decryptor, cryptostreammode.read))//选择read模式
{
byte[] buffer_t = new byte[buffer.length];/*--s1:创建临时数组,用于包含可用字节+无用字节--*/
int i = csdecrypt.read(buffer_t, 0, buffer.length);/*--s2:对加密数组进行解密,并通过i确定实际多少字节可用--*/
//csdecrypt.flushfinalblock();//使用read模式不能有此句,但write模式必须要有。
decrypted = new byte[i];/*--s3:创建只容纳可用字节的数组--*/
array.copy(buffer_t, 0, decrypted, 0, i);/*--s4:从buffert拷贝出可用字节到decrypted--*/
}
}
return decrypted;
}
}
public byte[] enordecryptbyte(byte[] buffer, string password, actiondirection direction)
{
if (buffer == null)
throw new argumentnullexception("buffer为空");
if (password == null || password == "")
throw new argumentnullexception("password为空");
if (direction == actiondirection.encrypt)
return encryptbyte(buffer, password);
else
return decryptbyte(buffer, password);
}
public enum actiondirection//该枚举说明是加密还是解密
{
encrypt,//加密
decrypt//解密
}
public static void aescoresingletest(string s_in, string password)//验证加密解密模块正确性方法
{
byte[] buffer = encoding.utf8.getbytes(s_in);
aescoresingle aescore = new aescoresingle();
byte[] buffer_ed = aescore.encryptbyte(buffer, password);
byte[] buffer_ed2 = aescore.decryptbyte(buffer_ed, password);
string s = encoding.utf8.getstring(buffer_ed2);
string s2 = "下列字符串\n" + s + '\n' + $"原buffer长度 → {buffer.length}, 加密后buffer_ed长度 → {buffer_ed.length}, 解密后buffer_ed2长度 → {buffer_ed2.length}";
messagebox.show(s2);
/* 字符串在加密前后的变化(默认ciphermode.cbc运算模式, paddingmode.pkcs7填充模式)
* 1、如果数组长度为16的倍数,则加密后的数组长度=原长度+16
如对于下列字符串
d:\user\documents\administrator - dopus config - 2020-06-301.ocb
使用utf8编码转化为字节数组后,
原buffer → 64, 加密后buffer_ed → 80, 解密后buffer_ed2 → 64
* 2、如果数组长度不为16的倍数,则加密后的数组长度=16倍数向上取整
如对于下列字符串
d:\user\documents\cc_20200630_113921.reg
使用utf8编码转化为字节数组后
原buffer → 40, 加密后buffer_ed → 48, 解密后buffer_ed2 → 40
参考文献:
1-《aes补位填充paddingmode.zeros模式》http://blog.chinaunix.net/uid-29641438-id-5786927.html
2-《关于pkcs5padding与pkcs7padding的区别》https://www.cnblogs.com/midea0978/articles/1437257.html
3-《aes-128 ecb 加密有感》http://blog.sina.com.cn/s/blog_60cf051301015orf.html
*/
}
/***---声明cancellationtokensource对象--***/
private cancellationtokensource cts;//using system.threading;引用
public task enordecryptfileasync(stream instream, long instream_seek, stream outstream, long outstream_seek, string password, actiondirection direction, iprogress<int> progress)
{
/***---实例化cancellationtokensource对象--***/
cts?.dispose();//cts为空,不动作,cts不为空,执行dispose。
cts = new cancellationtokensource();
task mytask = new task(
() =>
{
enordecryptfile(instream, instream_seek, outstream, outstream_seek, password, direction, progress);
}, cts.token, taskcreationoptions.longrunning);
mytask.start();
return mytask;
}
public void enordecryptfile(stream instream, long instream_seek, stream outstream, long outstream_seek, string password, actiondirection direction, iprogress<int> progress)
{
if (instream == null || outstream == null)
throw new argumentexception("输入流与输出流是必须的");
//--调整流的位置(通常是为了避开文件头部分)
instream.seek(instream_seek, seekorigin.begin);
outstream.seek(outstream_seek, seekorigin.begin);
//用于记录处理进度
long total_length = instream.length - instream_seek;
long totalread_length = 0;
//初始化报告进度
progress.report(0);
using (aes aes = aes.create())
{
//设定密钥和向量
(aes.key, aes.iv) = generatekeyandiv(password);
//创建加密器解密器对象(加解密方法不同处仅仅这一句话)
icryptotransform cryptor;
if (direction == actiondirection.encrypt)
cryptor = aes.createencryptor(aes.key, aes.iv);
else
cryptor = aes.createdecryptor(aes.key, aes.iv);
using (cryptostream cstream = new cryptostream(outstream, cryptor, cryptostreammode.write))
{
byte[] buffer = new byte[512 * 1024];//每次读取512kb的数据
int readlen = 0;
while ((readlen = instream.read(buffer, 0, buffer.length)) != 0)
{
// 向加密流写入数据
cstream.write(buffer, 0, readlen);
totalread_length += readlen;
//汇报处理进度
if (progress != null)
{
long per = 100 * totalread_length / total_length;
progress.report(convert.toint32(per));
}
}
}
}
}
}
}
以上就是c# aes字节数组加密解密流程及代码实现的详细内容,更多关于c# aes字节数组加密解密的资料请关注www.887551.com其它相关文章!
黄山市民网:https://www.huangshanshimin.com/
