三重DES,不使用向前或向后斜线

时间:2014-05-25 12:44:47

标签: asp.net-mvc model-view-controller encryption tripledes

是否可以修改三重DES,以便在加密/解密时不包含前向和后向斜杠?

我在mvc上有这个actionlink没有加密但是当我尝试加密传递给控制器​​方法的id时,id被加密并包含一些正斜杠(/vO5Ppr4+Phzx+lHD4Jp6JubZlYXK0Az9OA9J8urf+MJFw62c3Y0Q/Q==)因此我得到了404找不到,控制器方法没有被调用。

MVC ActionLink:

<span> | </span> @Html.ActionLink("Student Rights", "StudentRights","Threads", new { id = CommonLayer.Securities.Encryption.EncryptTripleDES(item.ID) }, null)

加密方法:

private static byte[] KEY_192 = 
        {
            111,21,12,65,21,12,2,1,
            5,30,34,78,98,1,32,122,
            123,124,125,126,212,212,213,214
        };

    private static byte[] IV_192 = 
        {
            1,2,3,4,5,12,13,14,
            13,14,15,13,17,21,22,23,
            24,25,121,122,122,123,124,124
        };

    /// <summary>
    /// Encrypt using TripleDES
    /// </summary>
    /// <param name="vl">String to Encrypt</param>
    /// <returns>Encrypted String</returns>
    public static String EncryptTripleDES(String vl)
    {
        if (vl != "")
        { 
            TripleDESCryptoServiceProvider cryptoprovider = new TripleDESCryptoServiceProvider();
            MemoryStream ms = new MemoryStream();
            CryptoStream cs = new CryptoStream(ms, cryptoprovider.CreateEncryptor(KEY_192, IV_192), CryptoStreamMode.Write);
            StreamWriter sw = new StreamWriter(cs);
            sw.Write(vl);
            sw.Flush();
            cs.FlushFinalBlock();
            ms.Flush();
            return Convert.ToBase64String(ms.GetBuffer(), 0, (int)ms.Length);
        } 
        return "";
    } 

    /// <summary>
    /// Decrypt using TripleDES
    /// </summary>
    /// <param name="vl">String to Decrypt</param>
    /// <returns>Decrypted String</returns>
    public static String DecryptTripleDES(String vl)
    { 
        if (vl != "")
        { 
            TripleDESCryptoServiceProvider cryptoprovider = new TripleDESCryptoServiceProvider();
            Byte[] buffer = Convert.FromBase64String(vl);
            MemoryStream ms = new MemoryStream(buffer);
            CryptoStream cs = new CryptoStream(ms, cryptoprovider.CreateDecryptor(KEY_192, IV_192), CryptoStreamMode.Read);
            StreamReader sw = new StreamReader(cs);
            return sw.ReadToEnd();
        } 
        return "";
    }

3 个答案:

答案 0 :(得分:2)

这不是3DES的输出,即随机(外观)二进制数据的Base 64编码。

您可以简单地(原始)对结果进行URL编码,也可以用任何其他字符替换该字符。检查Base 64 page on Wikipedia for ideas。尝试并遵守通用标准,例如将+替换为-,并将/替换为_,标准为RFC 4648

您可能还想删除最后的=个字符。如果你的base 64库可以解码这样的base 64,这是有效的,否则你可以简单地再次附加它们,直到你得到一个具有4个base 64个字符的倍数的字符串。

答案 1 :(得分:2)

像owlstead建议的那样,使用RFC 4648中描述的url safe Base64编码。

我的实现会产生一些垃圾,但对于短字符串来说,只要你不是每秒调用一百万次就没关系。

public static string ToUrlSafeBase64(byte[] bytes)
{
    return Convert.ToBase64String(bytes).Replace('+', '-').Replace('/', '_').Replace("=","");
}

public static byte[] FromUrlSafeBase64(string s)
{
    while (s.Length % 4 != 0)
        s += "=";
    s = s.Replace('-', '+').Replace('_', '/');
    return Convert.FromBase64String(s);
}

用作:

var str = ToUrlSafeBase64(bytes);

var bytes = FromUrlSafeBase64(str);

答案 2 :(得分:0)

以下功能适用于另一篇帖子why-is-base64-encode-adding-a-slash-in-the-result

function mybase64_encode($s) {
    return str_replace(array('+', '/'), array(',', '-'), base64_encode($s));
}


function mybase64_decode($s) {
    return base64_decode(str_replace(array(',', '-'), array('+', '/'), $s));
}