Question

enter image description here 场景：一个对称密钥，每个用户都有自己的IV，文档存储在NVARCHAR（MAX）字段中。当我尝试解密文件时，我得到：
输入数据不是完整的阻止。

// Create symmetric key
public static byte[] CreateKey()
{
    AesCryptoServiceProvider aesCrypto = (AesCryptoServiceProvider)AesCryptoServiceProvider.Create();
    byte[] key = aesCrypto.Key;
    return key;
}

//Get key (stored in a database)
public static Byte[] GetAppKey()
{
    return db.Encryptors.Where(x => x.EncryptorID == 1).Single().EncryptionKey.ToArray();
}

// Get application IV (stored in database)
public static Byte[] GetAppIV()
{
    return db.Encryptors.Where(x => x.EncryptorID == 1).Single().IV.ToArray();
}

// Encrypt document (this will be stored in a VARBINARY(MAX) field
public static byte[] EncryptBinaryToBytes(Binary document, byte[] iv)
{
    byte[] key = GetAppKey();
    byte[] encrypted;

    using (AesCryptoServiceProvider aesCsp = new AesCryptoServiceProvider())
    {
        aesCsp.Key = key;
        aesCsp.IV = iv;

        ICryptoTransform encryptor = aesCsp.CreateEncryptor(aesCsp.Key, aesCsp.IV);

        using (MemoryStream msEncrypt = new MemoryStream())
        {
            using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
            {
                using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
                {
                    swEncrypt.Write(document);
                }
                encrypted = msEncrypt.ToArray();
            }
        }
    }
    // return the encrypted document
    return encrypted;
}

// Decrypt document
public static byte[] DecryptBytesToBytes(byte[] document, byte[] iv) 
{
    byte[] key = GetAppKey();

    using (AesCryptoServiceProvider aesCsp = new AesCryptoServiceProvider())
    {
        aesCsp.Key = key;
        aesCsp.IV = iv;

        ICryptoTransform decryptor = aesCsp.CreateDecryptor(aesCsp.Key, aesCsp.IV);

        using (MemoryStream msDecrypt = new MemoryStream())
        {
            using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Write))
            {
                using (StreamWriter swDecrypt = new StreamWriter(csDecrypt))
                {
                    swDecrypt.Write(document);
                }
                byte[] decrypted = msDecrypt.ToArray();
                // return the unencrypted document
                return decrypted;
            }
        }
    }
}

提前致谢。

存储文件

    byte[] fileByte = fluUploadFile.FileBytes;
    Binary document = new Binary(fileByte);

    byte[] appIv = AES.GetAppIV();
    byte[] encryptedDocument = AES.EncryptBinaryToBytes(document, appIv);
    byte[] decryptedDocument = AES.DecryptBytesToBytes(encryptedDocument, appIv);
    Document d = new Document()
    {
        OriginalName = originalName,
        DocSize = fileSize,
        BinaryDocument = encryptedDocument,
        UploadedName = uploadedFileName,
        MimeType = MIMEType,
        DocExtension = extension
    };
    db.Documents.InsertOnSubmit(d);
    db.SubmitChanges();

Answer 1

将数据库字段的数据类型更改为VARBINARY(MAX)非常重要，这样可以避免出现无法解释为合法字符的字符编码和字节组合问题。

另外，我认为问题在于，在加密和解密例程中ToArray()上调用MemoryStream方法之前，您没有关闭流。在Close()中调用CryptoStream以便调用FlushFinalBlock()并且加密过程将最后一个块写入流中非常重要。

尝试将调用移至MemoryStream.ToArray()到外using块，即using CryptoStream块之外，以便调用Dispose()在CryptoStream上，并在此之前致电MemoryStream.Close()。

您的代码的另一个问题是，您使用CryptoStream包裹StreamWriter，该Write将您传递的对象的 text 表示写入{{1} } 方法。您应该直接写入CryptoStream以避免任何字节到字符串的转换。

输入数据不是完整的块

1 个答案: