C# RSACryptoServiceProvider加密解密签名验签和DESCryptoServiceProvider加解密
自己做數(shù)字簽名加密解密這就了,對(duì)這些東西有一點(diǎn)點(diǎn)懂,可能自己整理的有些錯(cuò)誤。
C#在using System.Security.Cryptography下有 DESCryptoServiceProvider RSACryptoServiceProvider
DESCryptoServiceProvider 是用于對(duì)稱加密 RSACryptoServiceProvider是用于非對(duì)稱加密
對(duì)稱加密的意思:有一個(gè)密鑰 相當(dāng)于加密算法,加密用它來(lái)加密,解密也需要用到它。因?yàn)榧用芙饷芏际怯猛粋€(gè)密鑰所以叫對(duì)稱加密。 對(duì)稱加密有一個(gè)壞處只要擁有密鑰的人都可以解密。
非對(duì)稱加密:就是有2個(gè)密鑰,一個(gè)是公鑰,一個(gè)是私鑰,私鑰是自己的,不能隨便給人,公鑰隨便給,無(wú)所謂。一般是別人用你的公鑰加密,然后把密文給你,你用你的私鑰解密,這樣一樣加密和解密不是同一個(gè)密鑰,所以叫非對(duì)稱。 非對(duì)稱的好處是假如沒(méi)有私鑰別人是無(wú)法解密的,就算加密的那個(gè)人他把數(shù)據(jù)加密了他也無(wú)法解密,加密者把密文和公鑰隨便給那個(gè)人都無(wú)法解密。
數(shù)字簽名:數(shù)字簽名的意義就是這些數(shù)據(jù)與原文數(shù)據(jù)比對(duì)是否修改過(guò),這個(gè)解釋有點(diǎn)麻煩,當(dāng)初我也搞了好久才理解!一般是用自己的私鑰對(duì)數(shù)據(jù)進(jìn)行簽名,然后用公鑰去驗(yàn)證這個(gè)數(shù)據(jù)是否修改過(guò)
-
現(xiàn)在該說(shuō)說(shuō)DESCryptoServiceProvider 和RSACryptoServiceProvider 在C#中的具體怎么用:
-
1、用RSACryptoServiceProvider 加密解密
//加密解密用到的公鑰與私鑰
RSACryptoServiceProvider oRSA = new RSACryptoServiceProvider();
string privatekey=oRSA.ToXmlString(true);//私鑰
string publickey=oRSA.ToXmlString(false);//公鑰
//這兩個(gè)密鑰需要保存下來(lái)
byte[] messagebytes = Encoding.UTF8.GetBytes("luo羅"); //需要加密的數(shù)據(jù)
-
//公鑰加密
RSACryptoServiceProvider oRSA1 = new RSACryptoServiceProvider();
oRSA1.FromXmlString(publickey); //加密要用到公鑰所以導(dǎo)入公鑰
byte[] AOutput = oRSA1.Encrypt(messagebytes ,false); //AOutput 加密以后的數(shù)據(jù)
-
//私鑰解密
RSACryptoServiceProvider oRSA2 = new RSACryptoServiceProvider();
oRSA2.FromXmlString(privatekey);
byte[] AInput = oRSA2.Decrypt(AOutput, false);
string reslut=Encoding.ASCII.GetString(AInput)
2、用RSACryptoServiceProvider簽名驗(yàn)簽
byte[] messagebytes = Encoding.UTF8.GetBytes("luo羅");
RSACryptoServiceProvider oRSA = new RSACryptoServiceProvider();
string privatekey = oRSA.ToXmlString(true);
string publickey = oRSA.ToXmlString(false);
//私鑰簽名
RSACryptoServiceProvider oRSA3 = new RSACryptoServiceProvider();
oRSA3.FromXmlString(privatekey);
byte[] AOutput = oRSA3.SignData(messagebytes, "SHA1");
//公鑰驗(yàn)證
RSACryptoServiceProvider oRSA4 = new RSACryptoServiceProvider();
oRSA4.FromXmlString(publickey);
bool bVerify = oRSA4.VerifyData(messagebytes, "SHA1", AOutput);
3、用證書(shū)進(jìn)行簽名
因?yàn)橐话阕C書(shū)的私鑰是不可以導(dǎo)出的所以所以用第2種方法導(dǎo)入私鑰的來(lái)進(jìn)行簽名行不通
byte[] messagebytes = Encoding.UTF8.GetBytes("luo羅");
string Path = @"D:\Certificate\1.P12";
X509Certificate2 x509 = new X509Certificate2(Path, "12345678");
SHA1 sha1 = new SHA1CryptoServiceProvider();
byte[] hashbytes = sha1.ComputeHash(messagebytes); //對(duì)要簽名的數(shù)據(jù)進(jìn)行哈希
RSAPKCS1SignatureFormatter signe = new RSAPKCS1SignatureFormatter();
signe.SetKey(x509.PrivateKey); //設(shè)置簽名用到的私鑰
signe.SetHashAlgorithm("SHA1"); //設(shè)置簽名算法
byte[] reslut = signe.CreateSignature(hashbytes);
驗(yàn)簽:與第2方法相同
RSACryptoServiceProvider oRSA4 = new RSACryptoServiceProvider();
oRSA4.FromXmlString(x509.PublicKey.Key.ToXmlString(false));
bool bVerify = oRSA4.VerifyData(messagebytes, "SHA1", reslut);
4、用證書(shū)加密解密
string Path = @"D:\Certificate\1.P12";
X509Certificate2 x509 = new X509Certificate2(Path, "12345678");
byte[] data = System.Text.Encoding.UTF8.GetBytes("cheshi羅");
-
//證書(shū)公鑰加密
RSACryptoServiceProvider oRSA1 = new RSACryptoServiceProvider();
oRSA1.FromXmlString(x509.PublicKey.Key.ToXmlString(false));
-
byte[] AOutput = oRSA1.Encrypt(data, false);
-
//證書(shū)私鑰解密
RSACryptoServiceProvider rsa2 = (RSACryptoServiceProvider)x509.PrivateKey;
byte[] plainbytes = rsa2.Decrypt(AOutput, false);
string reslut = Encoding.UTF8.GetString(plainbytes);
5用證書(shū)對(duì)文件加密解密,因?yàn)槲募赡芴貏e大 所以需要用流和buffer的方式來(lái),鄙視把文件全部讀到byte[]里進(jìn)行加密的人,假如文件5G,那全部讀到byte[]里崩潰掉
private void Form1_Load(object sender, EventArgs e)
{
x509=new X509Certificate2(Path, "12345678");
RSACryptoServiceProvider oRSA1 = new RSACryptoServiceProvider();
Encrypt();
Decrypt();
}
private void Decrypt()
{
string FilePath = "2.txt";
string OutFile = "3.txt";
System.IO.FileStream picfs = new System.IO.FileStream(FilePath, System.IO.FileMode.Open);
System.IO.FileStream fs = new System.IO.FileStream(OutFile, System.IO.FileMode.OpenOrCreate);
oRSA1 = (RSACryptoServiceProvider)x509.PrivateKey;
int blocksize = oRSA1.KeySize/8;
-
byte[] buffer, buffer1, encryblock;
bool Closed = true;
while (Closed)
{
buffer = null;
buffer = new byte[blocksize];
int k = picfs.Read(buffer, 0, buffer.Length);
if (k > 0)
{
if (blocksize == k)
{
encryblock = oRSA1.Decrypt(buffer, false);
fs.Write(encryblock, 0, encryblock.Length);
}
else
{
buffer1 = new byte[k];
for (int i = 0; i < k; i++)
{
buffer1[i] = buffer[i];
}
encryblock = oRSA1.Decrypt(buffer1, false);
fs.Write(encryblock, 0, encryblock.Length);
}
}
else
{
picfs.Close();
fs.Close();
Closed = false;
}
}
-
}
private void Encrypt()
{
string FilePath = "1.txt";
string OutFile = "2.txt";
//證書(shū)公鑰加密
-
oRSA1.FromXmlString(x509.PublicKey.Key.ToXmlString(false));
System.IO.FileStream picfs = new System.IO.FileStream(FilePath, System.IO.FileMode.Open);
System.IO.FileStream fs = new System.IO.FileStream(OutFile, System.IO.FileMode.OpenOrCreate);
int blocksize = 0;
if (oRSA1.KeySize == 1024)
{
blocksize = 16;
}
else
{
blocksize = 8;
}
byte[] buffer, buffer1, encryblock;
bool Closed = true;
while (Closed)
{
buffer = null;
buffer = new byte[blocksize];
int k = picfs.Read(buffer, 0, buffer.Length);
if (k > 0)
{
if (blocksize == k)
{
encryblock = oRSA1.Encrypt(buffer, false);
fs.Write(encryblock, 0, encryblock.Length);
}
else
{
buffer1 = new byte[k];
for (int i = 0; i < k; i++)
{
buffer1[i] = buffer[i];
}
encryblock = oRSA1.Encrypt(buffer1, false);
fs.Write(encryblock, 0, encryblock.Length);
}
}
else
{
picfs.Close();
fs.Close();
Closed = false;
}
}
}
6用證書(shū)對(duì)文件進(jìn)行簽名驗(yàn)簽,因?yàn)槲募赡芴貏e大 所以需要用流和buffer的方式來(lái)
private void Form1_Load(object sender, EventArgs e)
{
x509 = new X509Certificate2(Path, "12345678");
SignFile("1.txt", "11.txt");
VerifyFile("1.txt", "11.txt");
}
private bool VerifyFile(string FileName, string SignedFileName)
{
bool reslut = true;
System.IO.StreamReader objread = new System.IO.StreamReader(FileName);
System.IO.StreamReader objreadSigned = new System.IO.StreamReader(SignedFileName);
RSACryptoServiceProvider VeryRsa = new RSACryptoServiceProvider();
VeryRsa.FromXmlString(x509.PublicKey.Key.ToXmlString(false));
int Inblocksize = 0;
int Signedblocksize = 0;
if (VeryRsa.KeySize == 1024)
{
Inblocksize = 16;
}
else
{
Inblocksize = 8;
}
Signedblocksize = VeryRsa.KeySize / 8;
bool Closed = true;
byte[] Buffer; //原文緩存區(qū)
byte[] InBuffer;//原文緩存區(qū)
byte[] Buffer1;//簽名文件緩存區(qū)
while (Closed)
{
Buffer = null;
Buffer = new byte[Inblocksize];
int k = objread.BaseStream.Read(Buffer, 0, Buffer.Length);
if (k > 0)
{
if (Inblocksize == k) //讀出來(lái)的長(zhǎng)度和緩存區(qū)一樣大
{
Buffer1 = new byte[Signedblocksize];
objreadSigned.BaseStream.Read(Buffer1, 0, Buffer1.Length);
reslut = VeryRsa.VerifyData(Buffer,"SHA1",Buffer1);
if (!reslut)
{
Closed = false;
}
}
else
{ //意思是Buffer沒(méi)滿,只有k個(gè)字節(jié),k字節(jié)后面全是空所以不需要驗(yàn)簽
InBuffer = new byte[k];
for (int i = 0; i < k; i++)
{
InBuffer[i] = Buffer[i];
}
Buffer1 = new byte[Signedblocksize];
objreadSigned.BaseStream.Read(Buffer1, 0, Buffer1.Length);
reslut = VeryRsa.VerifyData(InBuffer, "SHA1", Buffer1);
if (!reslut)
{
Closed = false;
}
}
}
else
{
//這里的意思是原文已經(jīng)讀完畢了,并且已經(jīng)和簽名文件對(duì)應(yīng)驗(yàn)簽成功,那么
//簽名文件也必須讀完畢了。
if (objreadSigned.BaseStream.Position!= objreadSigned.BaseStream.Length)
{
reslut = false;
}
objreadSigned.Close();
objread.Close();
Closed = false;
}
}
return reslut;
}
private void SignFile(string InFileName,string OutFileName)
{
RSACryptoServiceProvider SignRsa = (RSACryptoServiceProvider)x509.PrivateKey;
System.IO.StreamReader objread = new System.IO.StreamReader(InFileName);
System.IO.StreamWriter objwrite = new System.IO.StreamWriter(OutFileName, false);
int blocksize = 0;
if (SignRsa.KeySize == 1024)
{
blocksize = 16;
}
else
{
blocksize = 8;
}
bool Closed = true;
byte[] Buffer = new byte[blocksize];
byte[] buffer1, SignBytes;
while (Closed)
{
int k = objread.BaseStream.Read(Buffer, 0, Buffer.Length);
if (k > 0)
{
if (k == blocksize)
{
SignBytes = SignRsa.SignData(Buffer, "SHA1");
objwrite.BaseStream.Write(SignBytes, 0, SignBytes.Length);
}
else
{
buffer1 = new byte[k];
for (int i = 0; i < k; i++)
{
buffer1[i] = Buffer[i];
}
SignBytes = SignRsa.SignData(buffer1, "SHA1");
objwrite.BaseStream.Write(SignBytes, 0, SignBytes.Length);
}
}
else
{
Closed = false;
objread.Close();
objwrite.Close();
}
}
}
-
7、用DESCryptoServiceProvider 進(jìn)行對(duì)稱加密
byte[] messagebytes = Encoding.UTF8.GetBytes("LUO羅");
//需要用的對(duì)稱密鑰
DESCryptoServiceProvider Des = new DESCryptoServiceProvider();
byte[] key = Des.Key;
//加密
DESCryptoServiceProvider tdesProvider = new DESCryptoServiceProvider();
tdesProvider.Key = key;
tdesProvider.Mode = CipherMode.ECB;
byte[] encrypted = tdesProvider.CreateEncryptor().TransformFinalBlock(messagebytes, 0, messagebytes.Length);
//解密
DESCryptoServiceProvider tdesProvider2 = new DESCryptoServiceProvider();
tdesProvider.Key = key1;
tdesProvider.Mode = CipherMode.ECB;
byte[] outputdata = tdesProvider.CreateDecryptor().TransformFinalBlock(encrypted, 0, encrypted.Length);
string reslut = Encoding.UTF8.GetString(outputdata);
7用DESCryptoServiceProvider 加解密 流
CryptoStream csDecrypt = new CryptoStream(Stream, Des.CreateEncryptor(), CryptoStreamMode.Write);
CryptoStream csDecrypt = new CryptoStream(Stream, Des.CreateDecryptor(), CryptoStreamMode.Write);