在c#和php中使用Bouncy Castle加密和解密

时间:2016-10-10 23:55:11

标签: c# php encryption cryptography bouncycastle

我在c#中使用充气城堡和以下代码来加密和解密c#中的数据

public static string BCEncrypt(string input)
{
    string keyString = "mysecretkey12345";
    string keyStringBase64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(keyString));
    byte[] inputBytes = Encoding.UTF8.GetBytes(input);
    byte[] iv = new byte[16]; 

    //Set up
    AesEngine engine = new AesEngine();
    CbcBlockCipher blockCipher = new CbcBlockCipher(engine); //CBC
    PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CbcBlockCipher(engine), new Pkcs7Padding());
   //PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(blockCipher); //Default scheme is PKCS5/PKCS7
   KeyParameter keyParam = new KeyParameter(Convert.FromBase64String(keyStringBase64));
   ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, iv, 0, 16);

   // Encrypt
   cipher.Init(true, keyParamWithIV);
   byte[] outputBytes = new byte[cipher.GetOutputSize(inputBytes.Length)];
   int length = cipher.ProcessBytes(inputBytes, outputBytes, 0);
   cipher.DoFinal(outputBytes, length); //Do the final block
   return Convert.ToBase64String(outputBytes);
}

public static string BCDecrypt(string input)
{
    string keyString = "mysecretkey12345";
    string keyStringBase64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(keyString));
    byte[] inputBytes = Encoding.UTF8.GetBytes(input);
    byte[] iv = new byte[16];
    //Set up
    AesEngine engine = new AesEngine();
    CbcBlockCipher blockCipher = new CbcBlockCipher(engine); //CBC
    PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(blockCipher); //Default scheme is PKCS5/PKCS7
    KeyParameter keyParam = new KeyParameter(Convert.FromBase64String(keyStringBase64));
    ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, iv, 0, 16);

    //Decrypt            
    byte[] outputBytes = Convert.FromBase64String(input);
    cipher.Init(false, keyParamWithIV);
    byte[] comparisonBytes = new byte[cipher.GetOutputSize(outputBytes.Length)];
    int length = cipher.ProcessBytes(outputBytes, comparisonBytes, 0);
    cipher.DoFinal(comparisonBytes, length); //Do the final block
    return System.Text.Encoding.UTF8.GetString(comparisonBytes, 0, comparisonBytes.Length);
}

这是我正在使用的代码php代码:

<?
    function encrypt($input, $key) {
        $size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB); 
        $input = Security::pkcs5_pad($input, $size); 
        $td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, '');  
        $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND); 
        mcrypt_generic_init($td, $key, $iv); 
        $data = mcrypt_generic($td, $input); 
        mcrypt_generic_deinit($td); 
        mcrypt_module_close($td); 
        $data = base64_encode($data); 
        return $data; 
   } 

   function pkcs5_pad ($text, $blocksize) { 
       $pad = $blocksize - (strlen($text) % $blocksize); 
       return $text . str_repeat(chr($pad), $pad); 
   }

   function decrypt($sStr, $sKey) {
       $decrypted= mcrypt_decrypt(
          MCRYPT_RIJNDAEL_128,
          $sKey, 
          base64_decode($sStr), 
          MCRYPT_MODE_ECB
       );
       $dec_s = strlen($decrypted); 
       $padding = ord($decrypted[$dec_s-1]); 
       $decrypted = substr($decrypted, 0, -$padding);
       return $decrypted;
   }

   echo "Input: " . $_REQUEST["inp"] . "<br>Decrypt: ". decrypt($_REQUEST["inp"], 'mysecretkey12345')."<br>";
   ?>

当我尝试使用c#(例如“greatscott”)加密短字符串时,我得到以下结果:dSk7z0F4JYsc0zhl95 + yMw ==

然后使用php代码解密ok。

但是,当我尝试使用c#代码加密更长的字符串时,例如“这是一个非常长的字符串”,我得到以下结果:xcL4arrFD8Fie73evfHjvUjNEmZrA9h6SmO0ZRE82Hw =

这不解密。如果我尝试通过php加密函数加密相同的字符串“这是一个非常长的字符串”我得到xcL4arrFD8Fie73evfHjva6yJyeUOrB8IudISDhQk24 =

所以加密字符串的前半部分是相同的,但后半部分不是。这让我觉得我的填充不正确或者什么。

任何建议都将受到赞赏。

由于

1 个答案:

答案 0 :(得分:0)

感谢Luke和James的建议。

我现在在PHP中使用openssl进行加密和解密,我正在生成一个随机IV并在系统之间往前传递以进行解密。

这是我现在使用的代码:

C#

public static string BCEncrypt(string input, out string iv_base64)
{
    byte[] inputBytes = Encoding.UTF8.GetBytes(input);
    SecureRandom random = new SecureRandom();
    byte[] iv = new byte[16];
    random.NextBytes(iv);
    iv_base64 = Convert.ToBase64String(iv);
    string keyString = "mysecretkey12345";
    string keyStringBase64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(keyString));

    //Set up
    AesEngine engine = new AesEngine();
    CbcBlockCipher blockCipher = new CbcBlockCipher(engine); //CBC
    PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CbcBlockCipher(engine), new Pkcs7Padding());
    KeyParameter keyParam = new KeyParameter(Convert.FromBase64String(keyStringBase64));
    ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, iv, 0, 16);

    // Encrypt
    cipher.Init(true, keyParamWithIV);
    byte[] outputBytes = new byte[cipher.GetOutputSize(inputBytes.Length)];
    int length = cipher.ProcessBytes(inputBytes, outputBytes, 0);
    cipher.DoFinal(outputBytes, length); //Do the final block
    return Convert.ToBase64String(outputBytes);
}

public static string BCDecrypt(string input, string iv_base64)
{
    string keyString = "mysecretkey12345";
    string keyStringBase64 = Convert.ToBase64String(Encoding.UTF8.GetBytes(keyString));
    byte[] inputBytes = Encoding.UTF8.GetBytes(input);
    byte[] iv = Convert.FromBase64String(iv_base64);
    //Set up
    AesEngine engine = new AesEngine();
    CbcBlockCipher blockCipher = new CbcBlockCipher(engine); //CBC
    PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CbcBlockCipher(engine), new Pkcs7Padding());
    KeyParameter keyParam = new KeyParameter(Convert.FromBase64String(keyStringBase64));
    ParametersWithIV keyParamWithIV = new ParametersWithIV(keyParam, iv, 0, 16);

    //Decrypt            
    byte[] outputBytes = Convert.FromBase64String(input);
    cipher.Init(false, keyParamWithIV);
    byte[] comparisonBytes = new byte[cipher.GetOutputSize(outputBytes.Length)];
    int length = cipher.ProcessBytes(outputBytes, comparisonBytes, 0);
    cipher.DoFinal(comparisonBytes, length); //Do the final block
    return Encoding.UTF8.GetString(comparisonBytes, 0, comparisonBytes.Length);
}

PHP方面看起来像这样:

$iv = base64_decode($iv_base64);
$method = "aes-128-cbc";
$password = "mysecretkey12345";
$decrypted = openssl_decrypt($data, $method, $password,0, $iv);

要生成iv并加密PHP中的字符串我正在使用:

$iv = openssl_random_pseudo_bytes(16)
$encrypted = openssl_encrypt("something interesting", $method, $password,0,$iv);

所以我现在能够在C#或PHP中加密并在C#或PHP中解密。

我使用https在两个系统之间传递base 64编码的iv和加密字符串。

对此解决方案有何评论? (安全还是其他?)