相当于javascript中的Rfc2898DeriveBytes?

时间:2013-12-20 03:02:21

标签: javascript node.js cryptography pbkdf2 cryptojs

我见过C#代码可以使用以下代码加密并稍后解密密码:

http://wp7-travel.googlecode.com/svn/trunk/SilverlightPhoneDatabase/Cryptography.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Cryptography;
using System.IO;
using System.Reflection;

namespace SilverlightPhoneDatabase
{
    /// <summary>
    /// Class used to encrypt the database
    /// </summary>
    public static class Cryptography
    {

        /// <summary>
        /// Incrypt the input using password provided
        /// </summary>
        /// <param name="input">Input string to encrypt</param>
        /// <param name="password">Password to use</param>
        /// <returns>Encrypted string</returns>
        public static string Encrypt(string input, string password)
        {

            string data = input;
            byte[] utfdata = UTF8Encoding.UTF8.GetBytes(data);
            byte[] saltBytes = UTF8Encoding.UTF8.GetBytes(password);



            // Our symmetric encryption algorithm
            AesManaged aes = new AesManaged();

            // We're using the PBKDF2 standard for password-based key generation
            Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes(password, saltBytes);

            // Setting our parameters
            aes.BlockSize = aes.LegalBlockSizes[0].MaxSize;
            aes.KeySize = aes.LegalKeySizes[0].MaxSize;
            aes.Key = rfc.GetBytes(aes.KeySize / 8);
            aes.IV = rfc.GetBytes(aes.BlockSize / 8);

            // Encryption
            ICryptoTransform encryptTransf = aes.CreateEncryptor();

            // Output stream, can be also a FileStream
            MemoryStream encryptStream = new MemoryStream();
            CryptoStream encryptor = new CryptoStream(encryptStream, encryptTransf, CryptoStreamMode.Write);

            encryptor.Write(utfdata, 0, utfdata.Length);
            encryptor.Flush();
            encryptor.Close();

            byte[] encryptBytes = encryptStream.ToArray();
            string encryptedString = Convert.ToBase64String(encryptBytes);

            return encryptedString;
        }

        /// <summary>
        /// Decrypt string using password provided
        /// </summary>
        /// <param name="base64Input">Input to decrypt</param>
        /// <param name="password">Password to use</param>
        /// <returns>Decrypted string</returns>
        public static string Decrypt(string base64Input, string password)
        {

            byte[] encryptBytes = Convert.FromBase64String(base64Input);
            byte[] saltBytes = Encoding.UTF8.GetBytes(password);

            // Our symmetric encryption algorithm
            AesManaged aes = new AesManaged();

            // We're using the PBKDF2 standard for password-based key generation
            Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes(password, saltBytes);

            // Setting our parameters
            aes.BlockSize = aes.LegalBlockSizes[0].MaxSize;
            aes.KeySize = aes.LegalKeySizes[0].MaxSize;
            aes.Key = rfc.GetBytes(aes.KeySize / 8);
            aes.IV = rfc.GetBytes(aes.BlockSize / 8);

            // Now, decryption
            ICryptoTransform decryptTrans = aes.CreateDecryptor();

            // Output stream, can be also a FileStream
            MemoryStream decryptStream = new MemoryStream();
            CryptoStream decryptor = new CryptoStream(decryptStream, decryptTrans, CryptoStreamMode.Write);

            decryptor.Write(encryptBytes, 0, encryptBytes.Length);
            decryptor.Flush();
            decryptor.Close();

            byte[] decryptBytes = decryptStream.ToArray();
            string decryptedString = UTF8Encoding.UTF8.GetString(decryptBytes, 0, decryptBytes.Length);
            return decryptedString;
        }
    }
}

我不是安全专家,对加密算法的经验有限。我有一个加密的密码,由这种代码加密,现在想要在node.js程序(Javascript)中访问解密的密码。

似乎crypto-js有一个pbkdf2.js模块,但它只知道如何加密密码。

我见过http://anandam.name/pbkdf2/,但它似乎只是一个加密器。没有解密。

任何人都可以提供解密密码的代码,给定已知的盐和用于加密密码的迭代,使用普通的Javascript,最好利用crypto-js等常用模块吗?

1 个答案:

答案 0 :(得分:3)

PBKDF是基于密码的密钥派生功能。 PBKDF不是加密算法。可以将它们与带盐的单向安全散列算法(使相同密码的输出唯一)和迭代计数(使它们变慢)进行比较。许多PBKDF,例如你问题中的PBKDF2,实际上是使用SHA-1等哈希算法实现的。

PBKDF函数通常用于在密码上生成唯一标识符。该标识符将具有生成的密钥材料的所有属性,包括在没有暴力攻击的情况下无法检索输入材料的属性。换句话说,您无法解密密码 - 您只能尝试每个可能的密码以查看PBKDF2的输出是否匹配。