我使用以下代码加密和解密asp.net中的密码。加密工作完美,但解密时会引发此错误 Invalid length for a Base-64 char array.
我的密码是123,我使用它来加密:HttpUtility.UrlEncode(CryptorEngine.Encrypt(strpassword, true));
并解密我正在使用它如下:
CryptorEngine.Decrypt(HttpUtility.UrlDecode(strpassword), true));
这是代码:
public class CryptorEngine
{
/// <summary>
/// Encrypt a string using dual encryption method. Return a encrypted cipher Text
/// </summary>
/// <param name="toEncrypt">string to be encrypted</param>
/// <param name="useHashing">use hashing? send to for extra secirity</param>
/// <returns></returns>
public static string Encrypt(string toEncrypt, bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes(toEncrypt);
System.Configuration.AppSettingsReader settingsReader = new AppSettingsReader();
// Get the key from config file
string key = (string)settingsReader.GetValue("SecurityKey", typeof(String));
//System.Windows.Forms.MessageBox.Show(key);
if (useHashing)
{
MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
hashmd5.Clear();
}
else
keyArray = UTF8Encoding.UTF8.GetBytes(key);
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
tdes.Key = keyArray;
tdes.Mode = CipherMode.ECB;
tdes.Padding = PaddingMode.PKCS7;
ICryptoTransform cTransform = tdes.CreateEncryptor();
byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
tdes.Clear();
return Convert.ToBase64String(resultArray, 0, resultArray.Length);
}
/// <summary>
/// DeCrypt a string using dual encryption method. Return a DeCrypted clear string
/// </summary>
/// <param name="cipherString">encrypted string</param>
/// <param name="useHashing">Did you use hashing to encrypt this data? pass true is yes</param>
/// <returns></returns>
public static string Decrypt(string cipherString, bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray = Convert.FromBase64String(cipherString);
System.Configuration.AppSettingsReader settingsReader = new AppSettingsReader();
//Get your key from config file to open the lock!
string key = (string)settingsReader.GetValue("SecurityKey", typeof(String));
if (useHashing)
{
MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
hashmd5.Clear();
}
else
keyArray = UTF8Encoding.UTF8.GetBytes(key);
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
tdes.Key = keyArray;
tdes.Mode = CipherMode.ECB;
tdes.Padding = PaddingMode.PKCS7;
ICryptoTransform cTransform = tdes.CreateDecryptor();
byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
tdes.Clear();
return UTF8Encoding.UTF8.GetString(resultArray);
}
}
答案 0 :(得分:2)
在URL中出现与加密输出冲突的字符,至少在我的代码中,这就是导致问题的原因。所以我使用这两个函数来改变这些字符并避免这种情况。
public static string ChangeSPChart(string sTheInput)
{
StringBuilder sRetMe = new StringBuilder(sTheInput);
sRetMe.Replace('+', '-');
sRetMe.Replace('/', '*');
sRetMe.Replace('=', '!');
return sRetMe.ToString();
}
public static string FixSPChart(string sTheInput)
{
StringBuilder sRetMe = new StringBuilder(sTheInput);
sRetMe.Replace('-', '+');
sRetMe.Replace('*', '/');
sRetMe.Replace('!', '=');
return sRetMe.ToString();
}
,加密/解密代码为:
public static string Encrypt(string toEncrypt, bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes(toEncrypt);
System.Configuration.AppSettingsReader settingsReader = new AppSettingsReader();
// Get the key from config file
string key = (string)settingsReader.GetValue("SecurityKey", typeof(String));
//System.Windows.Forms.MessageBox.Show(key);
if (useHashing)
{
MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
hashmd5.Clear();
}
else
keyArray = UTF8Encoding.UTF8.GetBytes(key);
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
tdes.Key = keyArray;
tdes.Mode = CipherMode.ECB;
tdes.Padding = PaddingMode.PKCS7;
ICryptoTransform cTransform = tdes.CreateEncryptor();
byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
tdes.Clear();
var encrypted = Convert.ToBase64String(resultArray, 0, resultArray.Length);
// here I change it
return ChangeSPChart(encrypted);
}
/// <summary>
/// DeCrypt a string using dual encryption method. Return a DeCrypted clear string
/// </summary>
/// <param name="cipherString">encrypted string</param>
/// <param name="useHashing">Did you use hashing to encrypt this data? pass true is yes</param>
/// <returns></returns>
public static string Decrypt(string cipherString, bool useHashing)
{
cipherString = FixSPChart(cipherString);
byte[] keyArray;
byte[] toEncryptArray = Convert.FromBase64String(cipherString);
System.Configuration.AppSettingsReader settingsReader = new AppSettingsReader();
//Get your key from config file to open the lock!
string key = (string)settingsReader.GetValue("SecurityKey", typeof(String));
if (useHashing)
{
MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
hashmd5.Clear();
}
else
keyArray = UTF8Encoding.UTF8.GetBytes(key);
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
tdes.Key = keyArray;
tdes.Mode = CipherMode.ECB;
tdes.Padding = PaddingMode.PKCS7;
ICryptoTransform cTransform = tdes.CreateDecryptor();
byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
tdes.Clear();
return UTF8Encoding.UTF8.GetString(resultArray);
}
答案 1 :(得分:1)
您提供的代码运行正常。我用这个小程序测试了它:
void Main()
{
var cryptB64 =CryptorEngine.Encrypt("123", true);
var encoded = HttpUtility.UrlEncode(cryptB64);
var decoded = HttpUtility.UrlDecode(encoded);
var decrypted = CryptorEngine.Decrypt(decoded, true);
bool matches = (decrypted=="123");
Console.WriteLine(matches);
}
它按预期返回。
问题可能是您在某个时刻破坏了加密值。我猜它是通过HTTP传输的,我猜这是问题发生的地方。
附加说明:
调用CryptorEngine.Decrypt(HttpUtility.UrlDecode(strpassword), true));时,您需要确保strpassword是加密形式的密码,而不是您要比较的纯文本密码。
答案 2 :(得分:1)
hiii请使用此代码,这样做效果很好
//信用卡的加密方法
public string EncryptTripleDES(string Plaintext, string Key)
{
System.Security.Cryptography.TripleDESCryptoServiceProvider DES =
new System.Security.Cryptography.TripleDESCryptoServiceProvider();
System.Security.Cryptography.MD5CryptoServiceProvider hashMD5 =
new System.Security.Cryptography.MD5CryptoServiceProvider();
DES.Key = hashMD5.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(Key));
DES.Mode = System.Security.Cryptography.CipherMode.ECB;
System.Security.Cryptography.ICryptoTransform DESEncrypt = DES.CreateEncryptor();
Buffer = System.Text.ASCIIEncoding.ASCII.GetBytes(Plaintext);
string TripleDES = Convert.ToBase64String(DESEncrypt.TransformFinalBlock(Buffer, 0, Buffer.Length));
return TripleDES;
}
//Decryption Method
public string DecryptTripleDES(string base64Text, string Key)
{
System.Security.Cryptography.TripleDESCryptoServiceProvider DES =
new System.Security.Cryptography.TripleDESCryptoServiceProvider();
System.Security.Cryptography.MD5CryptoServiceProvider hashMD5 =
new System.Security.Cryptography.MD5CryptoServiceProvider();
DES.Key = hashMD5.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(Key));
DES.Mode = System.Security.Cryptography.CipherMode.ECB;
System.Security.Cryptography.ICryptoTransform DESDecrypt = DES.CreateDecryptor();
Buffer = Convert.FromBase64String(base64Text);
string DecTripleDES = System.Text.ASCIIEncoding.ASCII.GetString(DESDecrypt.TransformFinalBlock(Buffer, 0, Buffer.Length));
return DecTripleDES;
}
答案 3 :(得分:0)
这里有点晚了,但问题可能是别的(这对我来说)。
Request.Querystring已经进行了一些解码。在我的情况下,我基本上解码了两次。添加第二个“HttpUtility.UrlEncode”就可以了(至少在20次不同的测试之后)。
我还没有找到微软关于这种行为的确切文档,旧书被存放起来(我尽量不要离开我的椅子),但这些链接很有帮助:
does Request.Querystring automatically url decode a string?
http://forums.asp.net/t/1354726.aspx?Request+Querystring+without+decoding+possible+