是否可以修改三重DES,以便在加密/解密时不包含前向和后向斜杠?
我在mvc上有这个actionlink没有加密但是当我尝试加密传递给控制器方法的id时,id被加密并包含一些正斜杠(/vO5Ppr4+Phzx+lHD4Jp6JubZlYXK0Az9OA9J8urf+MJFw62c3Y0Q/Q==)因此我得到了404找不到,控制器方法没有被调用。
MVC ActionLink:
<span> | </span> @Html.ActionLink("Student Rights", "StudentRights","Threads", new { id = CommonLayer.Securities.Encryption.EncryptTripleDES(item.ID) }, null)
加密方法:
private static byte[] KEY_192 =
{
111,21,12,65,21,12,2,1,
5,30,34,78,98,1,32,122,
123,124,125,126,212,212,213,214
};
private static byte[] IV_192 =
{
1,2,3,4,5,12,13,14,
13,14,15,13,17,21,22,23,
24,25,121,122,122,123,124,124
};
/// <summary>
/// Encrypt using TripleDES
/// </summary>
/// <param name="vl">String to Encrypt</param>
/// <returns>Encrypted String</returns>
public static String EncryptTripleDES(String vl)
{
if (vl != "")
{
TripleDESCryptoServiceProvider cryptoprovider = new TripleDESCryptoServiceProvider();
MemoryStream ms = new MemoryStream();
CryptoStream cs = new CryptoStream(ms, cryptoprovider.CreateEncryptor(KEY_192, IV_192), CryptoStreamMode.Write);
StreamWriter sw = new StreamWriter(cs);
sw.Write(vl);
sw.Flush();
cs.FlushFinalBlock();
ms.Flush();
return Convert.ToBase64String(ms.GetBuffer(), 0, (int)ms.Length);
}
return "";
}
/// <summary>
/// Decrypt using TripleDES
/// </summary>
/// <param name="vl">String to Decrypt</param>
/// <returns>Decrypted String</returns>
public static String DecryptTripleDES(String vl)
{
if (vl != "")
{
TripleDESCryptoServiceProvider cryptoprovider = new TripleDESCryptoServiceProvider();
Byte[] buffer = Convert.FromBase64String(vl);
MemoryStream ms = new MemoryStream(buffer);
CryptoStream cs = new CryptoStream(ms, cryptoprovider.CreateDecryptor(KEY_192, IV_192), CryptoStreamMode.Read);
StreamReader sw = new StreamReader(cs);
return sw.ReadToEnd();
}
return "";
}
答案 0 :(得分:2)
这不是3DES的输出,即随机(外观)二进制数据的Base 64编码。
您可以简单地(原始)对结果进行URL编码,也可以用任何其他字符替换该字符。检查Base 64 page on Wikipedia for ideas。尝试并遵守通用标准,例如将+替换为-,并将/替换为_,标准为RFC 4648。
您可能还想删除最后的=个字符。如果你的base 64库可以解码这样的base 64,这是有效的,否则你可以简单地再次附加它们,直到你得到一个具有4个base 64个字符的倍数的字符串。
答案 1 :(得分:2)
像owlstead建议的那样,使用RFC 4648中描述的url safe Base64编码。
我的实现会产生一些垃圾,但对于短字符串来说,只要你不是每秒调用一百万次就没关系。
public static string ToUrlSafeBase64(byte[] bytes)
{
return Convert.ToBase64String(bytes).Replace('+', '-').Replace('/', '_').Replace("=","");
}
public static byte[] FromUrlSafeBase64(string s)
{
while (s.Length % 4 != 0)
s += "=";
s = s.Replace('-', '+').Replace('_', '/');
return Convert.FromBase64String(s);
}
用作:
var str = ToUrlSafeBase64(bytes);
var bytes = FromUrlSafeBase64(str);
答案 2 :(得分:0)
以下功能适用于另一篇帖子why-is-base64-encode-adding-a-slash-in-the-result
function mybase64_encode($s) {
return str_replace(array('+', '/'), array(',', '-'), base64_encode($s));
}
function mybase64_decode($s) {
return base64_decode(str_replace(array(',', '-'), array('+', '/'), $s));
}