C＃.NET在一台机器上加密XML，在另一台机器上加密(C#.NET Encrypt XML on one machine and Decrypt on other machine)

我需要在httpwebrequest上做一个GET/PUT/DELETE/POST消息。

我的请求正文包含XML。

我需要加密正文XML中的内容并在客户端/接收端进行解密 。

我看到有多种方法可以加密XML。 其中一个在这里http://msdn.microsoft.com/en-us/library/sb7w85t6.aspx

但我担心的是，接收器应该能够解密它。 在不同的平台上接收器可能不在.NET框架上。

任何人都可以建议一个最好的方法。

到目前为止我尝试了什么：

//创建一个新的Rijndael密钥。

key = new RijndaelManaged(); // Load an XML document. XmlDocument xmlDoc = new XmlDocument(); xmlDoc.PreserveWhitespace = true; xmlDoc.Load("test.xml"); // Encrypt the "creditcard" element. Encrypt(xmlDoc, "creditcard", key); Console.WriteLine("The element was encrypted"); Console.WriteLine(xmlDoc.InnerXml); Decrypt(xmlDoc, key); Console.WriteLine("The element was decrypted"); Console.WriteLine(xmlDoc.InnerXml);

这看起来正在做这项工作。 但我担心这个关键

key = new RijndaelManaged(); Decrypt(xmlDoc, key);

什么是密钥 ，客户端在不同的机器上，不同的框架和不同的技术能够解密这个消息吗？

更新

在研究了几种加密方法之后，我发现X509Certificate2是最好的加密选项，如果在他们的机器上安装了相同的X509证书，客户端也可以解密它。 我可以找到一个加密的脚本

public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, X509Certificate2 Cert) { // Check the arguments. if (Doc == null) throw new ArgumentNullException("Doc"); if (ElementToEncrypt == null) throw new ArgumentNullException("ElementToEncrypt"); if (Cert == null) throw new ArgumentNullException("Cert"); XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement; // Throw an XmlException if the element was not found. if (elementToEncrypt == null) { throw new XmlException("The specified element was not found"); } EncryptedXml eXml = new EncryptedXml(); // Encrypt the element. EncryptedData edElement = eXml.Encrypt(elementToEncrypt, Cert); EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false); }

如果发现此代码要解密

public static void Decrypt(XmlDocument Doc) { // Check the arguments. if (Doc == null) throw new ArgumentNullException("Doc"); // Create a new EncryptedXml object. EncryptedXml exml = new EncryptedXml(Doc); // Decrypt the XML document. exml.DecryptDocument(); }

我的问题是这个解密方法不是要求和X509密钥。 那么它是如何解密的，它不需要和密钥解密。 此解密是否也适用于其他计算机。

I need to do a GET/PUT/DELETE/POST message on httpwebrequest.

my request body contains XML.

I need to encrypt the content in body XML and decrypt back on the client/receiver side.

I see there are multiple ways to encrypt the XML. one of it is here http://msdn.microsoft.com/en-us/library/sb7w85t6.aspx

But my concern is, receiver should be able to decrypt it. and receiver shoul dbe on different platform might not be on .NET framework.

Can any one suggest a best approach for this.

What i have tried so far:

// Create a new Rijndael key.

key = new RijndaelManaged(); // Load an XML document. XmlDocument xmlDoc = new XmlDocument(); xmlDoc.PreserveWhitespace = true; xmlDoc.Load("test.xml"); // Encrypt the "creditcard" element. Encrypt(xmlDoc, "creditcard", key); Console.WriteLine("The element was encrypted"); Console.WriteLine(xmlDoc.InnerXml); Decrypt(xmlDoc, key); Console.WriteLine("The element was decrypted"); Console.WriteLine(xmlDoc.InnerXml);

This looks to be doing the job. But I have concerns about the key

key = new RijndaelManaged(); Decrypt(xmlDoc, key);

What is this Key, will client on different machine and different framework and different technology be able to decrypt this message?

Update

After my research on few encryption methods, I found X509Certificate2 is best encryption option and client can also able to decrypt it, if the same X509 cert is installed on their machine. I could find a script to encrypt

public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, X509Certificate2 Cert) { // Check the arguments. if (Doc == null) throw new ArgumentNullException("Doc"); if (ElementToEncrypt == null) throw new ArgumentNullException("ElementToEncrypt"); if (Cert == null) throw new ArgumentNullException("Cert"); XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement; // Throw an XmlException if the element was not found. if (elementToEncrypt == null) { throw new XmlException("The specified element was not found"); } EncryptedXml eXml = new EncryptedXml(); // Encrypt the element. EncryptedData edElement = eXml.Encrypt(elementToEncrypt, Cert); EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false); }

If found this code to decrypt

public static void Decrypt(XmlDocument Doc) { // Check the arguments. if (Doc == null) throw new ArgumentNullException("Doc"); // Create a new EncryptedXml object. EncryptedXml exml = new EncryptedXml(Doc); // Decrypt the XML document. exml.DecryptDocument(); }

My question is this decrypt method is not asking for and X509 key. So how is it decrypting, doesn't it need and key to decrypt. Will this decryption works on other machines as well.

最满意答案

存在几种加密方法。

对称加密使用相同的密钥来加密和解密数据。 AES加密算法就是这种加密的一个例子。

非对称（基于公钥和私钥）加密使用一对密钥。 在此模式下，您使用其公钥为某人加密数据。 他使用他的私钥（你没有，也不应该有）来解密为他准备的数据。 使用基于证书的PKCS＃7 / CMS标准或使用OpenPGP完成非对称加密。

现在关于XML。 您可以使用上述方法之一加密它，就好像它是二进制数据一样。 或者您可以使用XMLEnc标准对其进行加密。

使用方式取决于谁决定或要求加密格式和方法。 如果是你做出决定，那么决定应该基于双方可以使用的功能（库，代码）以及如何管理密钥（PKI比对称密钥更难管理，但一般来说PKI更多安全）。

请注意：我们的SecureBlackbox产品在.NET，Java和其他平台上支持对称和基于证书的加密（二进制，XMLEnc和OpenPGP）。

There exist several approaches to encryption.

Symmetric encryption uses the same key to encrypt and decrypt the data. AES encryption algorithm is an example of such encryption.

Asymmetric (public- and private-key based) encryption uses a pair of keys. In this mode you encrypt the data for someone using his public key. He uses his private key (which you don't have and should not have) to decrypt the data prepared for him. Asymmetric encryption is accomplished using certificate-based PKCS#7 / CMS standard or using OpenPGP.

Now about XML. You can encrypt it as if it were binary data using one of the above methods. Or you can encrypt it using XMLEnc standard.

The way to use depends on who decides or demands encryption format and method. If it's you that makes the decision, then the decision should be based on what capabilities (libraries, code) both sides can use AND how the keys are managed (PKI is a bit harder to manage than symmetric key, but in general PKI is more secure).

Just a note: our SecureBlackbox product supports both symmetric and certificate-based encryption (both binary, XMLEnc and also OpenPGP) on .NET, Java and other platforms.