大约有100,000种不同的加密字符串的方法。使用AES,CBC和PKCS7等标准可以使事情变得更容易 - 但IV仍然存在问题。盐,编码等(如www.Crypto.Stackexchange.com所述)
对于我的iOS项目(Obj-C),我使用的是FBEncryptor project,这是一种简单且记录良好的加密字符串的方法。但是,我需要能够在Windows平台上解密由FBEncryptor生成的iOS AES字符串的代码 - 最好是VB.NET。
我还没有找到另一个与FBEncryptor兼容的VB.NET项目。
有谁知道任何与FBEncryptor一起使用的VB.NET加密项目?如果没有,那么我需要做些什么来使Rijndael Managed库(由Microsoft提供)与FBEncryptor一起使用?
我的VB.NET代码使用Rijndael Managed:
Imports System.Security
Imports System.Security.Cryptography
Imports System.IO
Imports System.Runtime.InteropServices
Imports System.Text.RegularExpressions
Imports System.Text
Module Encrypt2
Public saltBytes As Byte()
Dim hashAlgorithm As String = "SHA1"
Public Sub GenerateSalt()
' Define min and max salt sizes.
Dim minSaltSize As Integer
Dim maxSaltSize As Integer
minSaltSize = 8
maxSaltSize = 8
' Generate a random number for the size of the salt.
Dim random As Random
random = New Random()
Dim saltSize As Integer
saltSize = random.Next(minSaltSize, maxSaltSize)
' Allocate a byte array, which will hold the salt.
saltBytes = New Byte(saltSize - 1) {}
' Initialize a random number generator.
Dim rng As RNGCryptoServiceProvider
rng = New RNGCryptoServiceProvider()
' Fill the salt with cryptographically strong byte values.
rng.GetNonZeroBytes(saltBytes)
End Sub
Public Function Encrypt(ByVal plainText As String, ByVal keyword As String) As String
Dim hashAlgorithm As String = "SHA1"
Dim passwordIterations As Integer = 128
Dim initVector As String = "@7781157e2629b09"
Dim keySize As Integer = 256
Dim initVectorBytes As Byte() = Encoding.ASCII.GetBytes(initVector)
Dim plainTextBytes As Byte() = Encoding.ASCII.GetBytes(plainText)
GenerateSalt()
Dim password As New Rfc2898DeriveBytes(keyword, saltBytes, passwordIterations)
Dim keyBytes As Byte() = password.GetBytes(keySize \ 8)
Dim symmetricKey As New RijndaelManaged()
symmetricKey.Mode = CipherMode.CBC
Dim encryptor As ICryptoTransform = symmetricKey.CreateEncryptor(keyBytes, initVectorBytes)
Dim memoryStream As New MemoryStream()
Dim cryptoStream As New CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write)
cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length)
cryptoStream.FlushFinalBlock()
Dim cipherTextBytes As Byte() = memoryStream.ToArray()
memoryStream.Close()
cryptoStream.Clear()
Dim cipherText As String = Convert.ToBase64String(cipherTextBytes)
Return (cipherText)
End Function
Public Function Decrypt(ByVal cipherText As String, ByVal keyword As String) As String
Dim hashAlgorithm As String = "SHA1"
Dim passwordIterations As Integer = 128
Dim initVector As String = "@7781157e2629b09"
Dim keySize As Integer = 256
' Convert strings defining encryption key characteristics into Byte
' arrays. Let us assume that strings only contain ASCII codes.
' If strings include Unicode characters, use Unicode, UTF7, or UTF8
' encoding
Dim initVectorBytes As Byte() = Encoding.ASCII.GetBytes(initVector)
' Convert the Ciphertext into a Byte array
Dim cipherTextBytes As Byte() = Encoding.ASCII.GetBytes(cipherText)
' First we must create a password, from which the key will be
' derived. This password will be generated from the specified
' passphrase and salt value. The password will be created using
' the specified hash algorithm. Password creation can be done in
' several iterations
GenerateSalt()
Dim password As New Rfc2898DeriveBytes(keyword, saltBytes, passwordIterations)
' Use the password to generate pseudo-random bytes for the encryption
' key. Specify the size of the key in bytes (instead of bits)
Dim keyBytes As Byte() = password.GetBytes(keySize \ 8)
' Create uninitialized Rijndael encryption object
Dim symmetricKey As New RijndaelManaged()
' It is reasonable to set encryption mode to Cipher Block Chaining
' (CBC). Use default options for other symmetric key parameters.
symmetricKey.Mode = CipherMode.CBC
' Generate decryptor from the existing key bytes and initialization
' vector. Key size will be defined based on the number of the key
'bytes
Dim decryptor As ICryptoTransform = symmetricKey.CreateDecryptor(keyBytes, initVectorBytes)
' Define memory stream which will be used to hold encrypted data.
Dim memoryStream As New MemoryStream(cipherTextBytes)
' Define cryptographic stream (always user Read mode for encryption).
Dim cryptoStream As New CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read)
' Since at this point we don't know what the size of decrypted data
' will be, allocate the buffer long enough to hold ciphertext;
' plaintext is never longer than ciphertext
Dim plainTextBytes As Byte() = New Byte(cipherTextBytes.Length - 1) {}
' Start decrypting.
Dim decryptedByteCount As Integer = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length)
' Close both streams
memoryStream.Close()
cryptoStream.Close()
' Convert decrypted data into a string
' Let us assume that the original plaintext string was UTF8-Encoded.
Dim plainText As String = Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount)
' Return the decrypted string
Return (plainText)
End Function
End Module
你会注意到IV是静态的,密码迭代很少。这是因为我不确定如何以与FBEncryptor相同的方法生成IV。您可能还注意到,在尝试解密时,字节长度存在问题。
任何帮助将不胜感激!谢谢!
答案 0 :(得分:2)
一个注意事项。我看着FBEncryptor。它使用了一些不好的做法。因此,如果安全性对您很重要,我建议您再多阅读一下,并选择另一个加密代码(或者自己编写)。
FBEncryptor确实关注加密 a)将字符串转换为字节数组(基于UTF8编码) b)将密钥转换为字节数组(基于UTF编码)。 c)仅复制前16个字节的密钥 d)创建IV,即16位0x00 e)使用AES / CBC / PKCS7Padding加密来自项目a)的字节数组,并在d)中创建IV f)生成的加密数据转换为Base64
它确实遵循解密 a)将加密字符串从Base64转换为字节数组 b)将密钥转换为字节数组(基于UTF编码)。 c)仅复制前16个字节的密钥 d)创建IV,即16位0x00 e)使用AES / CBC / PKCS7Padding在d)中创建IV,从项目a)解密字节数组 f)使用UTF8编码将加密数据从e)转换为字符串
你应该在VB.NET中做同样的事情。我想你几乎所有的部分 - 您将需要删除所有SHA1和盐相关的东西,并使用相同的步骤b)。 你需要研究用于VB.NET的PKCS7Padding