大家好, 我的客户需要使用对称密钥加密(私钥)加密密码。 当创建用户帐户时,用户的密码将被加密并借助私钥保存在数据库表中。 私钥应该在一定的时间间隔内改变。 我开发了以下代码,我使用的密钥如
Hi All, My client required to encrypt password using symmetric key cryptography(Private Key). When user account will be created then password of the user will be encrypted and save in the database table with the help of the private key. The private key should be change with some interval of the time. I have develop below code, I am using key like "
B374A26A71490437AA024E4FADD5B497FDFF1A8EA6FF12F6FB65AF2720B59CCF。 实际上使用密钥加密数据是好的,但是当我解密数据时,我们还需要IV密钥,并且每个加密都需要不同。 我不想在数据库中保存任何密钥。如何管理请建议。 我使用以下代码:
". Actually encrypt data with key is Ok but when I decrypt data we need the IV key also and its different for each encryption. I don't want to save any key in the database. How to manage it please suggest. I used the below code:
private RijndaelManaged CreateCipher() { // Triple DES RijndaelManaged cipher = new RijndaelManaged(); cipher.KeySize = 256; cipher.BlockSize = 128; cipher.Padding = PaddingMode.ISO10126; cipher.Mode = CipherMode.CBC; //GenKey_SaveInContainer("KeyContainer"); //string text = GetKeyFromContainer("KeyContainer"); // string text = System.IO.File.ReadAllText("D:\\ITC\\Symmetric Key\\Key.txt"); byte[] key = HexToByteArray(text); cipher.Key = key; return cipher; } public byte[] HexToByteArray(string hexString) { if (0 != (hexString.Length % 2)) { throw new ApplicationException("Hex string must be multiple of 2 in length"); } int byteCount = hexString.Length / 2; byte[] byteValues = new byte[byteCount]; for (int i = 0; i < byteCount; i++) { byteValues[i] = Convert.ToByte(hexString.Substring(i * 2, 2), 16); } return byteValues; } public string Encrypt(string plainText) { RijndaelManaged rijndael = CreateCipher(); //Console.WriteLine(Convert.ToBase64String(rijndael.IV)); ICryptoTransform cryptoTransform = rijndael.CreateEncryptor(); byte[] plain = Encoding.UTF8.GetBytes(plainText); byte[] cipherText = cryptoTransform.TransformFinalBlock(plain, 0, plain.Length); Program Prm = new Program(); //int i = Prm.Insert("Test1", Convert.ToBase64String(cipherText), plainText); //Console.WriteLine(Convert.ToBase64String(cipherText)); //Program P1 = new Program(); CipherText = Convert.ToBase64String(cipherText); IV = Convert.ToBase64String(rijndael.IV); Console.WriteLine(Convert.ToBase64String(rijndael.IV)); return CipherText; } public string Decrypt(string iv, string cipherText) { RijndaelManaged cipher = CreateCipher(); cipher.IV = Convert.FromBase64String(iv); ICryptoTransform cryptTransform = cipher.CreateDecryptor(); byte[] cipherTextBytes = Convert.FromBase64String(cipherText); byte[] plainText = cryptTransform.TransformFinalBlock(cipherTextBytes, 0, cipherTextBytes.Length); return (Encoding.UTF8.GetString(plainText)); //Console.WriteLine(Encoding.UTF8.GetString(plainText)); }推荐答案
嗯,这可能不是您问题的确切答案,但您绝不应将密码存储在简单甚至加密形式。您应该始终以不可逆转的形式存储它。为此,您可以使用哈希函数。请参阅解释清楚的文章以供参考。 密码存储:怎么做。 [ ^ ] 初学者教程,用于理解和实现密码哈希和盐析 [ ^ ] 问候.. Well, this may not be the exact answer to your question, but you should never store your password in plain or even in Encrypted form. You should always store it in some irreversible form. In order to do that, you can make use of Hashing function. Please see well explained Articles for reference. Password Storage: How to do it.[^] A Beginner's Tutorial for Understanding and Implementing Password Hashing and Salting[^] Regards..
大家好,您的回复将受到高度赞赏。 Hi All, Your reply will be highly appreciated.
更多推荐
使用对称密钥加密来加密和解密数据
发布评论