对称算法异常

时间:2010-01-05 13:54:05

标签: .net

我正在尝试加密要存储在数据库中的电子邮件正文,以避免未经授权的人阅读它以避免SQL注入攻击。

1-您对加密电子邮件有何看法?
2-为什么它不起作用?我想学习加密文本。

    SymmetricAlgorithm symAlgo = SymmetricAlgorithm.Create();
    // I will not use the default keys, although I think they are random enough.
    symAlgo.GenerateKey();
    symAlgo.GenerateIV();

    byte[] key = symAlgo.Key;
    byte[] iv = symAlgo.Key;


    ICryptoTransform crypto = symAlgo.CreateEncryptor();
    byte[] block = UtilityMA.StringUtil.ConvertUTF16StringToByteArray(HTMLBody);
    byte[] cipherText = new byte[block.Length + 32];

    crypto.TransformBlock(block, 0, block.Length, cipherText, 0);


    symAlgo.Clear();
    crypto.Dispose();

crypto.TransformBlock触发异常
System.ArgumentException未被用户代码处理   消息=“值无效。”   源= “mscorlib程序”

堆栈跟踪:        在System.Security.Cryptography.RijndaelManagedTransform.TransformBlock(Byte [] inputBuffer,Int32 inputOffset,Int32 inputCount,Byte [] outputBuffer,Int32 outputOffset)        在Demo.BLL.Contact.History.SendEmail(String HTMLBody,Int32 Record_Id)中的C:\ Documents and Settings \ Administrator \ My Documents \ Visual Studio 2008 \ Projects \ BLL \ BLL \ Contact \ History.cs:第35行        at _Default.BtnSend_Click(Object sender,EventArgs e)位于c:\ Documents and Settings \ Administrator \ My Documents \ Visual Studio 2008 \ Projects \ Demos \ ContactDemo \ Contact.aspx.cs:第46行        在System.Web.UI.WebControls.Button.OnClick(EventArgs e)        在System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)        在System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument)        在System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl,String eventArgument)        在System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)        在System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,Boolean includeStagesAfterAsyncPoint)   InnerException:

2 个答案:

答案 0 :(得分:2)

1)加密很好,但你在哪里存储密钥?如果密钥比数据更安全,那么这只是保护。是的,它确实为SQL注入添加了一层保护,但您应该通过使用参数化语句来消除SQL注入的可能性。

2)它可能失败,因为SymmetricAlgorithm是一个抽象基类,你需要实例化一个具体的类,如RijndaelManaged.Create();

此外,您可能应该使用TransformFinalBlock()而不是TransformBlock(),而使用Encoding.UTF8.GetBytes()而不是UtilityMA.StringUtil.ConvertUTF16StringToByteArray()。

这是一篇关于如何加密/解密的文章: http://www.sharpdeveloper.net/content/archive/2007/06/27/encryption-for-dummies-in-net.aspx

答案 1 :(得分:0)

试试这个。

SymmetricAlgorithm symAlgo = SymmetricAlgorithm.Create();
// I will not use the default keys, although I think they are random enough.
symAlgo.GenerateKey();
symAlgo.GenerateIV();

byte[] key = symAlgo.Key;
byte[] iv = symAlgo.Key;

byte[] cipherText;

using(ICryptoTransform crypto = symAlgo.CreateEncryptor())
{
  byte[] block = UtilityMA.StringUtil.ConvertUTF16StringToByteArray(HTMLBody);
  cipherText = crypto.TransformFinalBlock(block, 0, block.Length)
}

symAlgo.Clear();
相关问题
最新问题