阅读加密的cookie

时间:2013-05-18 08:26:36

标签: c# asp.net cookies encryption

我使用this example作为基础来读取和写入加密的cookie。问题是返回的解密字符串包含无效字符。即cookie值为

  

'myvalue的'

以及返回的内容是

  

ž!3Z ^

这是我使用的代码:

 protected void Button1_Click(object sender, EventArgs e)
        {
            HttpCookie myCookie = new HttpCookie("MyCookie");
            string valString = "MyValue";

            string keyAsString = "BJF8hXsXce7dhCWjGICNrnq1Gc8mWyMlODbiYvXTXCo=";

            byte[] myKey = Convert.FromBase64String(keyAsString);
            // Create a new instance of the AesManaged 
            // class.  This generates a new key and initialization  
            // vector (IV). 
            using (AesManaged myAes = new AesManaged())
            {
                //Set default values as padding mode and ciphermode not supported in Silverlight
                byte[] encrypted = EncryptStringToBytes_Aes(valString, myKey, myAes.IV);
                myCookie.Value = Convert.ToBase64String(encrypted, 0, (int)encrypted.Length);

                string roundtrip = DecryptStringFromBytes_Aes(Convert.FromBase64String(myCookie.Value), myAes.Key, myAes.IV);
            }

            //
            myCookie.Expires = DateTime.Now.AddDays(1d);
            Response.Cookies.Add(myCookie);
        }

加密/解密功能是:

  static byte[] EncryptStringToBytes_Aes(string plainText, byte[] Key, byte[] IV)
        {
            // Check arguments. 
            if (plainText == null || plainText.Length <= 0)
                throw new ArgumentNullException("plainText");
            if (Key == null || Key.Length <= 0)
                throw new ArgumentNullException("Key");
            if (IV == null || IV.Length <= 0)
                throw new ArgumentNullException("Key");
            byte[] encrypted;
            // Create an AesManaged object 
            // with the specified key and IV. 
            using (AesManaged aesAlg = new AesManaged())
            {
                aesAlg.Key = Key;
                aesAlg.IV = IV;

                aesAlg.Mode = CipherMode.ECB;

                // Create a decryptor to perform the stream transform.
                ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);

                // Create the streams used for encryption. 
                using (MemoryStream msEncrypt = new MemoryStream())
                {
                    using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
                    {
                        using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
                        {

                            //Write all data to the stream.
                            swEncrypt.Write(plainText);
                        }
                        encrypted = msEncrypt.ToArray();
                    }
                }
            }
            // Return the encrypted bytes from the memory stream. 
            return encrypted;

        }


        static string DecryptStringFromBytes_Aes(byte[] cipherText, byte[] Key, byte[] IV)
        {
            // Check arguments. 
            if (cipherText == null || cipherText.Length <= 0)
                throw new ArgumentNullException("cipherText");
            if (Key == null || Key.Length <= 0)
                throw new ArgumentNullException("Key");
            if (IV == null || IV.Length <= 0)
                throw new ArgumentNullException("Key");

            // Declare the string used to hold 
            // the decrypted text. 
            string plaintext = null;

            // Create an AesManaged object 
            // with the specified key and IV. 
            using (AesManaged aesAlg = new AesManaged())
            {
                aesAlg.Key = Key;
                aesAlg.IV = IV;
                aesAlg.Padding = PaddingMode.None;
                aesAlg.Mode = CipherMode.ECB;

                // Create a decrytor to perform the stream transform.
                ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);

                // Create the streams used for decryption. 
                using (MemoryStream msDecrypt = new MemoryStream(cipherText))
                {
                    using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
                    {
                        using (StreamReader srDecrypt = new StreamReader(csDecrypt))
                        {

                            // Read the decrypted bytes from the decrypting stream 
                            // and place them in a string.

                            plaintext = srDecrypt.ReadToEnd();
                        }
                    }
                }

            }
           return plaintext;
    }

看起来像某种编码问题。起初我认为问题在于读取cookie值本身。但即使我试图解密刚加密的值,即

  

string roundtrip = DecryptStringFromBytes_Aes(encrypted,myAes.Key,   myAes.IV);

我仍然遇到同样的问题。

不确定这是否有帮助,但主要目标是只读取cookie。最初,cookie将使用共享密钥从第三方PHP应用程序创建(因此我使用了ECB CipherMode)。此代码只是一个示例,以确保我可以读取加密的cookie。

0 个答案:

没有答案