使用Java和C#中的Bouncy Castle进行RSA加密的结果之间的差异

时间:2015-05-26 22:12:45

标签: java c# encryption rsa bouncycastle

我有一个Java 工作示例应用程序(使用Bouncy Castle),我需要移植到C#(我也在使用Bouncy Castle for C#)。

代码几乎相同。但是,即使我为两者提供完全相同的模数和指数,结果数组也与字符串完全不同。

重申:Java摘录是有效的代码

我哪里出错了?提前谢谢!

爪哇: 

public static String encodeRSA(String keyModulus, String keyExponent,
        String data) {
    try {

        byte btMod[] = Base64.decode(keyModulus);
        byte btExp[] = Base64.decode(keyExponent);

        BigInteger modulus = new BigInteger(1, btMod);
        BigInteger pubExp = new BigInteger(1, btExp);

        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(modulus, pubExp);
        RSAPublicKey key = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec);

        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(Cipher.ENCRYPT_MODE, key);

        byte[] cipherData = cipher.doFinal(data.getBytes());
        String tmp = new String(Base64.encode(cipherData));

        System.out.println(tmp);

        return tmp;
    } catch (Exception e) {
        System.out.println(e.getMessage());
    }
    return "";
}

C#: 

    private static string EncodeRSA(string modulus, string exponent, string data)
    {
        //Base64, DotNetUtilities functions and BigInteger type are from Bouncy Castle
        byte[] btMod = Base64.Decode(modulus);
        byte[] btExp = Base64.Decode(exponent);

        BigInteger mod = new BigInteger(1, btMod);
        BigInteger exp = new BigInteger(1, btExp);

        RsaKeyParameters bcKeySpec = new RsaKeyParameters(false, mod, exp);
        RSAParameters keySpec = DotNetUtilities.ToRSAParameters(bcKeySpec);

        RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
        rsa.ImportParameters(keySpec);


        byte[] plaintext = Encoding.UTF8.GetBytes(data);
        byte[] ciphertext = rsa.Encrypt(plaintext, false);
        string cipherresult = Encoding.UTF8.GetString(Base64.Encode(ciphertext));
        return cipherresult;
    }

模量: 

gdBAMJVXCuEGhX0b1hPAggpD7Ayi33JhsARksGkEatQsdox3BG3bTR/vz8M4vZe74EZj0aZrk0rGJGmAEJZ9GlXq6JzIRYBW5zULsBoPDq4spgobECJLsXq8CnZzOrOM+meIXFhoK8Jyob4X9q62HkDwhMMyqsBG0epWMHPIgkU=

指数: 

AQAB

输出: 

Java output for the entry "1]teste]111111]MTExMTExMTExMTExMTExMQ==" 
using the given modulus/exponent

dUCVsGrZIwSyh0ZAxon3wMSPPoQqflpRNtQ5c+TILuOR/5IihABJpZRL6E1TjYs62WXvQUbeFqRYbdAvbjY3YZk+aSviBosdN54+T8+/5agjveeDBi6LXu6r1+KBriq2K1ULg9YC62SrSbRN8VMJ9gkgatF2ux06PyouJOPJPN8=

编辑 - 带有给定条目,模数和指数的C#输出 

CHyg5J+OMuG9H9S7R24Lg2iXeLN/Rgh7XcyDQJqMNZobH0V1hqe2dxrcE3R+UrVl/aDWJg3aXNtP3+8YFA17fLr9yIbIYv5o2zeRMdHbyrW/z26JGaynsay096KEzJ0uBAACJQ3LZryd5ei7zzo77Bnka2Un7C9TJvldswhldxM=

1 个答案:

答案 0 :(得分:1)

RSA加密的输出或任何安全加密方法将与随机无法区分的数据输出到攻击者。这由对称密码的IV和RSA的填充方法执行。如果情况并非如此,则攻击者将能够看到不同密文的相似之处;加密“是”两次,并出现相同的密文。因此,攻击者可以轻松区分E(pk, "yes") | E(pk, "yes")E(pk, "yes") | E (pk, "no")

因此,Java和C#都会在编码之前输出一个恰好与模数大小相同的密文。然而,在用于RSA的模幂运算之前,首先用安全随机数据填充明文。验证密文生成是否正确的方法是使用私钥解密密文。实际上,如果您有多次运行Java或C#,您会发现即使在相同的语言/运行时内,密文也会不断变化。

相关问题
最新问题