cTransform.TransformFinalBlock总是返回空字符串吗?

时间:2019-03-03 22:23:58

标签: asp.net encryption

我有一个简单的加密/解密例程,它在Windows窗体应用程序中像超级按钮一样工作,但似乎总是在asp.net应用程序中返回空字符串。

用于加密和解密的代码如下:

   /// <summary>
/// Encrypt a string using dual encryption method. Return a encrypted cipher Text
/// </summary>
/// <param name="toEncrypt">string to be encrypted</param>
/// <param name="useHashing">use hashing? send to for extra secirity</param>
/// <returns></returns>
public static string Encrypt(string toEncrypt, bool useHashing)
{
    byte[] keyArray;
    byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes(toEncrypt);

    System.Configuration.AppSettingsReader settingsReader = new AppSettingsReader();
    // Get the key from config file
    string key = (string)settingsReader.GetValue("SecurityKey", typeof(String));
    //System.Windows.Forms.MessageBox.Show(key);
    if(useHashing)
    {
        MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
        keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
        hashmd5.Clear();
    }
    else
        keyArray = UTF8Encoding.UTF8.GetBytes(key);

    TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider
    {
        Key = keyArray,
        Mode = CipherMode.ECB,
        Padding = PaddingMode.PKCS7
    };

    ICryptoTransform cTransform = tdes.CreateEncryptor();
    byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
    tdes.Clear();
    return Convert.ToBase64String(resultArray, 0, resultArray.Length);
}

/// <summary>
/// DeCrypt a string using dual encryption method. Return a DeCrypted clear string
/// </summary>
/// <param name="cipherString">encrypted string</param>
/// <param name="useHashing">Did you use hashing to encrypt this data? pass true is yes</param>
/// <returns></returns>
public static string Decrypt(string cipherString, bool useHashing)
{
    byte[] keyArray;
    byte[] toEncryptArray = Convert.FromBase64String(cipherString);

    System.Configuration.AppSettingsReader settingsReader = new AppSettingsReader();
    //Get your key from config file to open the lock!
    string key = (string)settingsReader.GetValue("SecurityKey", typeof(String));

    if(useHashing)
    {
        MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
        keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
        hashmd5.Clear();
    }
    else
        keyArray = UTF8Encoding.UTF8.GetBytes(key);

    TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider
    {
        Key = keyArray,
        Mode = CipherMode.ECB,
        Padding = PaddingMode.PKCS7
    };

    ICryptoTransform cTransform = tdes.CreateDecryptor();
    byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);

    tdes.Clear();
    return UTF8Encoding.UTF8.GetString(resultArray);
}

我已经执行了解密代码,一切似乎都很好,直到我上线为止:

byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);

toEncryptArray包含8个字节的值,但是当将其转换为resultArray时,它始终以零字节数组结尾吗?

我的课程顶部有以下用途:

using System.Security.Cryptography;
using System.Text;
using System.Configuration;

在我的Web.config中,我在appSettings部分中显示以下行:

<add key="SecurityKey" value="SomeRandomTextToMakeAKey" />

谁能看到我所缺少的东西?

Graham Sivill

1 个答案:

答案 0 :(得分:0)

您仅加密了零字节。通过填充模式(PKCS#7)可以将其扩展为八个字节,就像PKCS#7总是填充一样。否则,它将无法区分以01结尾且具有7字节明文和填充字节的解密明文。

因此,如果在解密过程中将填充设置为无填充(PaddingMode.None),则可能会取回8个(填充)字节,其值为08。请注意,您需要将其视为十六进制,因为这些字节表示ASCII中的Backspace。