DES-非机密数据加密标准,可用于兼容旧系统,新系统不建议使用
3DES-DES的加强版,DES到AES之间的过渡算法
AES-高级加密标准,替代DES
RSA-非对称加密解密算法,多用于签名验证,加密解决速度慢,不建议用于大量数据的加密解密
目前跨系统间的加密数据通讯,一般是RSA与AES两种加密算法结合使用,RSA用于对AES密钥进行加密解密,AES用于对交易数据进行加密解密
算法代码:
public class EncryptHelper
{
//DES算法8位加密key,一般存在数据库或文件中
private static string defaultDesKey = "j5ca9aEn";
//DES算法8位加密向量,一般存在数据库或文件中
private static string defaultDesIv = "GTRSQ96C";
//3DES算法12位加密向量,一般存在数据库或文件中
private static string defaultTripleDesIV = "68Hfwj3kfX=T";
//3DES算法32位加密key,一般存在数据库或文件中
private static string defaultTripleDesKey = "QdpQGoa+8SA9dxhVs6DSXLfUGqw+Ahtd";
/// <summary>
/// Aes加解密钥必须32位,一般存在数据库或文件中
/// </summary>
private static string defaultAesKey = "ZdpQGoa+0SA1dxhVs7DSXLfUGqw-Ahtg";
#region DES加密解密-非机密数据的正式数据加密标准(DES Data Encryption Standard)
//默认密钥向量
//private static readonly byte[] Keys = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };
#region DES加密
/// <summary>
/// 加密数据
/// </summary>
/// <param name="input">需要加密的字符串</param>
/// <param name="sKey">加密秘钥,不传则默认为指定的值</param>
/// <param name="sIv">加密向量,不传则默认为指定的值</param>
/// <returns></returns>
public static string DESEncrypt(string input, string sKey = "", string sIv = "")
{
if (string.IsNullOrEmpty(input))
return String.Empty;
if (string.IsNullOrEmpty(sKey)) sKey = defaultDesKey;
else if (sKey.Length > 8) sKey = sKey.Substring(0, 8);
if (string.IsNullOrEmpty(sIv)) sIv = defaultDesIv;
else if (sIv.Length > 8) sIv = sIv.Substring(0, 8);
var des = new DESCryptoServiceProvider();
MemoryStream ms = null;
CryptoStream encStream = null;
StreamWriter sw = null;
string result;
try
{
var key = Encoding.UTF8.GetBytes(sKey);
var iv = Encoding.UTF8.GetBytes(sIv);
ms = new MemoryStream();
encStream = new CryptoStream(ms, des.CreateEncryptor(key, iv), CryptoStreamMode.Write);
sw = new StreamWriter(encStream);
sw.Write(input);
sw.Flush();
encStream.FlushFinalBlock();
ms.Flush();
result = Convert.ToBase64String(ms.GetBuffer(), 0, Convert.ToInt32(ms.Length, System.Globalization.CultureInfo.InvariantCulture));
}
finally
{
if (sw != null)
sw.Close();
if (encStream != null)
encStream.Close();
if (ms != null)
ms.Close();
}
return result;
}
#endregion
#region DES解密
/// <summary>
/// 解密数据
/// </summary>
/// <param name="input">需要解密的字符串</param>
/// <param name="sKey">加密秘钥,不传则默认为指定的值</param>
/// <param name="sIv">加密向量,不传则默认为指定的值</param>
/// <returns></returns>
public static string DESDecrypt(string input, string sKey = "", string sIv = "")
{
byte[] buffer;
try
{
buffer = Convert.FromBase64String(input);
}
catch (System.ArgumentNullException)
{
return String.Empty;
}
catch (System.FormatException)
{
return String.Empty;
}
var des = new DESCryptoServiceProvider();
MemoryStream ms = null;
CryptoStream encStream = null;
StreamReader sr = null;
var result = String.Empty;
if (string.IsNullOrEmpty(sKey)) sKey = defaultDesKey;
else if (sKey.Length > 8) sKey = sKey.Substring(0, 8);
if (string.IsNullOrEmpty(sIv)) sIv = defaultDesIv;
else if (sIv.Length > 8) sIv = sIv.Substring(0, 8);
try
{
ms = new MemoryStream(buffer);
var key = Encoding.UTF8.GetBytes(sKey);
var iv = Encoding.UTF8.GetBytes(sIv);
encStream = new CryptoStream(ms, des.CreateDecryptor(key, iv), CryptoStreamMode.Read);
sr = new StreamReader(encStream);
result = sr.ReadToEnd();
}
finally
{
if (sr != null)
sr.Close();
if (encStream != null)
encStream.Close();
if (ms != null)
ms.Close();
}
return result;
}
#endregion
#endregion
#region 3DES加密解密-DES增强版
/// <summary>
/// 加密数据-3DES
/// </summary>
/// <param name="input">需要加密的字符串</param>
/// <param name="sKey">加密秘钥,不传则默认为指定的值</param>
/// <param name="sIv">加密向量,不传则默认为指定的值</param>
/// <returns></returns>
public static string TripleDESEncrypt(string input, string sKey = "", string sIv = "")
{
if (string.IsNullOrEmpty(input))
return String.Empty;
if (string.IsNullOrEmpty(sKey)) sKey = defaultTripleDesKey;
else if (sKey.Length > 32) sKey = sKey.Substring(0, 32);
if (string.IsNullOrEmpty(sIv)) sIv = defaultTripleDesIV;
else if (sIv.Length > 12) sIv = sIv.Substring(0, 12);
//创建一个内存流,用于存放密文
MemoryStream MS = new MemoryStream();
//创建一个3DES服务提供者对象
TripleDESCryptoServiceProvider TDES = new TripleDESCryptoServiceProvider();
TDES.Mode = CipherMode.CBC;
TDES.Padding = System.Security.Cryptography.PaddingMode.PKCS7;
MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
var key = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(sKey));//先转换成散列
var iv = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(sIv));//先转换成散列
hashmd5.Dispose();
//创建一个加密流,用于加密操作
CryptoStream CS = new CryptoStream(MS,
TDES.CreateEncryptor(key, iv),
CryptoStreamMode.Write);
//定义输入,执行加密操作
CS.Write(Encoding.UTF8.GetBytes(input), 0, input.Length);
CS.FlushFinalBlock();
TDES.Dispose();
//返回将密文的内存流转换为字节序列
var decodeString = System.Convert.ToBase64String(MS.ToArray());
CS.Close();
return decodeString;
}
/// <summary>
/// 解密数据-3DES
/// </summary>
/// <param name="input">需要加密的字符串</param>
/// <param name="sKey">加密秘钥,不传则默认为指定的值</param>
/// <param name="sIv">加密向量,不传则默认为指定的值</param>
/// <returns></returns>
public static string TripleDESDecrypt(string input, string sKey = "", string sIv = "")
{
if (string.IsNullOrEmpty(input))
return String.Empty;
if (string.IsNullOrEmpty(sKey)) sKey = defaultTripleDesKey;
else if (sKey.Length > 32) sKey = sKey.Substring(0, 32);
if (string.IsNullOrEmpty(sIv)) sIv = defaultTripleDesIV;
else if (sIv.Length > 12) sIv = sIv.Substring(0, 12);
var inputBytes = Convert.FromBase64String(input);
//创建一个内存流,用于存放密文
MemoryStream MS = new MemoryStream(inputBytes);
//创建一个3DES服务提供者对象
TripleDESCryptoServiceProvider TDES = new TripleDESCryptoServiceProvider();
TDES.Mode = CipherMode.CBC;
TDES.Padding = PaddingMode.PKCS7;
MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
var key = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(sKey));//先转换成散列
var iv = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(sIv));//先转换成散列
hashmd5.Dispose();
//创建解密流
CryptoStream CS = new CryptoStream(MS,
TDES.CreateDecryptor(key, iv),
CryptoStreamMode.Read);
//创建一个用于存放明文的容器(字节序列)
byte[] DecrypeBytes = new byte[input.Length];
//执行解密
CS.Read(DecrypeBytes, 0, input.Length);
CS.Close();
TDES.Dispose();
//返回解密后的明文字符串
return Encoding.UTF8.GetString(DecrypeBytes);
}
#endregion
#region AES加密解密-高级加密标准(Advanced Encryption Standard),新加密标准,用来替代DES
/// <summary>
/// 获取Aes32位密钥
/// </summary>
/// <param name="key">Aes密钥字符串</param>
/// <returns>Aes32位密钥</returns>
public static byte[] GetAesKey(string key)
{
if (string.IsNullOrEmpty(key))
{
throw new ArgumentNullException("key", "Aes密钥不能为空");
}
if (key.Length < 32)
{
// 不足32补全
key = key.PadRight(32, '0');
}
if (key.Length > 32)
{
key = key.Substring(0, 32);
}
return Encoding.UTF8.GetBytes(key);
}
/// <summary>
/// Aes加密(Advanced Encryption Standard)
/// </summary>
/// <param name="source">源字符串</param>
/// <param name="key">aes密钥,长度必须32位</param>
/// <returns>加密后的字符串</returns>
public static string AesEncrypt(string source, string key = "")
{
if (string.IsNullOrEmpty(key)) key = defaultAesKey;
using (AesCryptoServiceProvider aesProvider = new AesCryptoServiceProvider())
{
aesProvider.Key = GetAesKey(key);
aesProvider.Mode = CipherMode.ECB;
aesProvider.Padding = PaddingMode.PKCS7;
using (ICryptoTransform cryptoTransform = aesProvider.CreateEncryptor())
{
byte[] inputBuffers = Encoding.UTF8.GetBytes(source);
byte[] results = cryptoTransform.TransformFinalBlock(inputBuffers, 0, inputBuffers.Length);
aesProvider.Clear();
aesProvider.Dispose();
return Convert.ToBase64String(results, 0, results.Length);
}
}
}
/// <summary>
/// Aes解密(Advanced Encryption Standard)
/// </summary>
/// <param name="source">源字符串</param>
/// <param name="key">aes密钥,长度必须32位</param>
/// <returns>解密后的字符串</returns>
public static string AesDecrypt(string source, string key = "")
{
if (string.IsNullOrEmpty(key)) key = defaultAesKey;
using (AesCryptoServiceProvider aesProvider = new AesCryptoServiceProvider())
{
aesProvider.Key = GetAesKey(key);
aesProvider.Mode = CipherMode.ECB;
aesProvider.Padding = PaddingMode.PKCS7;
using (ICryptoTransform cryptoTransform = aesProvider.CreateDecryptor())
{
byte[] inputBuffers = Convert.FromBase64String(source);
byte[] results = cryptoTransform.TransformFinalBlock(inputBuffers, 0, inputBuffers.Length);
aesProvider.Clear();
return Encoding.UTF8.GetString(results);
}
}
}
#endregion
#region RSA加密解密、签名验证算法(对数据加密解密速度相对慢)
/// <summary>
/// 生成公钥、私钥对
/// </summary>
public static void GenerateRSAKeys()
{
System.Security.Cryptography.RSACryptoServiceProvider myrsa = new RSACryptoServiceProvider();
//得到私钥主要保存了RSAParameters中的8各参数
var privateKey = myrsa.ToXmlString(true);
//得到公钥保存了RSAParameters中2个参数
var publicKey = myrsa.ToXmlString(false);
}
/// <summary>
/// Rsa加密
/// </summary>
/// <param name="source">源字符串</param>
/// <param name="publicKey">RSA公钥</param>
/// <returns>加密后的字符串</returns>
public static string RsaEncrypt(string source, string publicKey)
{
//同一数据每次加密后的结果可能不同
if (string.IsNullOrEmpty(source)) return string.Empty;
System.Security.Cryptography.RSACryptoServiceProvider myrsa = new RSACryptoServiceProvider();
//得到公钥
myrsa.FromXmlString(publicKey);
//把你要加密的内容转换成byte[]
var PlainTextBArray = (new UnicodeEncoding()).GetBytes(source);
//使用.NET中的Encrypt方法加密
var CypherTextBArray = myrsa.Encrypt(PlainTextBArray, false);
//最后吧加密后的byte[]转换成Base64String,这里就是加密后的内容了
var res = Convert.ToBase64String(CypherTextBArray);
return res;
}
/// <summary>
/// Rsa加解密
/// </summary>
/// <param name="encodeStr">源字符串</param>
/// <param name="privateKey">RSA私钥</param>
/// <returns>解密后的字符串</returns>
public static string RsaDecrypt(string encodeStr, string privateKey)
{
if (string.IsNullOrEmpty(encodeStr)) return string.Empty;
System.Security.Cryptography.RSACryptoServiceProvider myrsa = new RSACryptoServiceProvider();
//得到私钥
myrsa.FromXmlString(privateKey);
//把原来加密后的String转换成byte[]
var PlainTextBArray = Convert.FromBase64String(encodeStr);
//使用.NET中的Decrypt方法解密
var DypherTextBArray = myrsa.Decrypt(PlainTextBArray, false);
//转换解密后的byte[],这就得到了我们原来的加密前的内容了
var res = (new UnicodeEncoding()).GetString(DypherTextBArray);
return res;
}
private static byte[] getMD5Hash(string strSource)
{
System.Security.Cryptography.HashAlgorithm MD5 = System.Security.Cryptography.HashAlgorithm.Create("MD5");
var buffer = Encoding.UTF8.GetBytes(strSource);// System.Text.Encoding.GetEncoding("GB2312").GetBytes(strSource);
var hashData = MD5.ComputeHash(buffer);
return hashData;
}
public static string RsaSignCreate(string source, string privateKey)
{
//同一数据每次加密后的结果相同
System.Security.Cryptography.RSACryptoServiceProvider MYRSA = new System.Security.Cryptography.RSACryptoServiceProvider();
//得到私钥
MYRSA.FromXmlString(privateKey);
//使用.NET中提供的RSA签名,生成刚才我们的MYRSA私钥的签名对象RSAFormatter
System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(MYRSA);
//设置签名的算法为MD5
RSAFormatter.SetHashAlgorithm("MD5");
//执行签名EncryptedSignatureData就是签名后的数据
var EncryptedSignatureData = RSAFormatter.CreateSignature(getMD5Hash(source));
var res = Convert.ToBase64String(EncryptedSignatureData);
return res;
}
public static bool RsaSignValidate(string sourceToValidate,string signedData, string publicKey)
{
try
{
System.Security.Cryptography.RSACryptoServiceProvider rsaServiceProvider = new System.Security.Cryptography.RSACryptoServiceProvider();
//得到公钥
rsaServiceProvider.FromXmlString(publicKey);
//使用.NET中提供的RSA签名,生成刚才我们的MYRSA公钥的验证签名对象RSADeformatter
System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(rsaServiceProvider);
//指定解密的时候HASH算法为MD5
RSADeformatter.SetHashAlgorithm("MD5");
//验证签名
var signedDataBytes = Convert.FromBase64String(signedData);
bool res = RSADeformatter.VerifySignature(getMD5Hash(sourceToValidate), signedDataBytes);
return res;
}
catch (FormatException ex)
{
return false;
}
}
#endregion
}算法测试:
public static void test()
{
string originalKey = "Pwd123$abcfghljkjkasjaskdjf";
Console.WriteLine("DES:");
var desEncode = EncryptHelper.DESEncrypt(originalKey, string.Empty, "GTRSQ96F");
Console.WriteLine("原始密码:" + originalKey);
Console.WriteLine("加密后:" + desEncode);
var desDecode = EncryptHelper.DESDecrypt(desEncode, string.Empty, "GTRSQ96F");
Console.WriteLine("解密后:" + desDecode);
Console.WriteLine("3DES:");
var tripleDesEncode = EncryptHelper.TripleDESEncrypt(originalKey);
Console.WriteLine("加密后:" + tripleDesEncode);
var tripleDesDecode = EncryptHelper.TripleDESDecrypt(tripleDesEncode);
Console.WriteLine("解密后:" + tripleDesDecode);
Console.WriteLine("AES:");
var aesEncode = EncryptHelper.AesEncrypt(originalKey);
Console.WriteLine("加密后:" + aesEncode);
var aesDecode = EncryptHelper.AesDecrypt(aesEncode);
Console.WriteLine("解密后:" + aesDecode);
//自己先生成RSA公钥私钥存起来,参考:EncryptHelper.GenerateRSAKeys()
var privateKey = "<RSAKeyValue><Modulus>pS7yEj3NBDAF/ZhVKK07zJzcpjKvsioGtIQdHrPHXYrJB8AdnpcaFxUbxlQb6JD73EOoJ4iRYLaxyIIt6bgvKzOWmW/WMMxcBBODpQJNPPPCL9mcQlyQy91qVTQ2qHBA7GlDcjaAw+6ZgSbXar0/qTw2z6cq/Z5rwYMjOq3Bzmk=</Modulus><Exponent>AQAB</Exponent><P>y7C0WJxCnIPPWo7c1FxYMwgSVsaCfeZhWNCTPhBF0seAlGX6JTv5xoNWtbzHs3OfWHmggFIn41Kas/kLP4OJOw==</P><Q>z5qq26OpEPntgtUpmERb6/hkMJp95Crujzzke10m4mx7DQ+po3TvcMxzIKzz50q8c2JcecUUnmtmeB/5sv0sqw==</Q><DP>O2AnMi1avYUuzJcYiE7i5v1TWzhCkbC2b81dHppfwDGnqZqQcIorJVLj09ZT4Fuz93Z88ur/9aP+tLfEL5+IQQ==</DP><DQ>DE6B5GVOR2hZcREL1y/uNw3ReqQd5GG7JJiafsml3XRK0xpjlwH+k7Q6+uvlxYdDpp9lFf7d2wpI18QlfDvP4w==</DQ><InverseQ>aSKFOP8jgKQoX8jP+RSMlPxgBnzcvF5xwA2n/0aenC3jujeFEIOLv7gEtMBC3E5FqNN6yqd1nSYRgGxoQvsa6w==</InverseQ><D>VqfrLHCpdjHvYpugyUcgIPaFttbOX0w22kqYsDumMkeVsPAzWbhxYnybZo9HWNl+l44S0DKP+cm+OK86gOs0KsEPbgxGiBpqh7c4HUzuB5Z9zsf5+GH+sTwGLNa2bRRy9HoNWOc47MfM71NNR1x1svdnXjCYNW3jJQ1EeO20d7U=</D></RSAKeyValue>";
var publicKey = "<RSAKeyValue><Modulus>pS7yEj3NBDAF/ZhVKK07zJzcpjKvsioGtIQdHrPHXYrJB8AdnpcaFxUbxlQb6JD73EOoJ4iRYLaxyIIt6bgvKzOWmW/WMMxcBBODpQJNPPPCL9mcQlyQy91qVTQ2qHBA7GlDcjaAw+6ZgSbXar0/qTw2z6cq/Z5rwYMjOq3Bzmk=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>";
Console.WriteLine("RSA加密解密:");
var rsaEncode = EncryptHelper.RsaEncrypt(originalKey, publicKey);
Console.WriteLine("加密后:" + rsaEncode);
var rsaDecode = EncryptHelper.RsaDecrypt(rsaEncode, privateKey);
Console.WriteLine("解密后:" + rsaDecode);
Console.WriteLine("RSA签名、验证:");
var rsaSignedData = EncryptHelper.RsaSignCreate(originalKey, privateKey);
Console.WriteLine("签名数据:" + rsaSignedData);
var rsaResult = EncryptHelper.RsaSignValidate(originalKey, rsaSignedData, publicKey);
Console.WriteLine(originalKey+" 验证结果:" + rsaResult);
var originalKey2 = "abc123456";
var rsaResult2 = EncryptHelper.RsaSignValidate(originalKey2,rsaSignedData, publicKey);
Console.WriteLine(originalKey2 + " 验证结果:" + rsaResult2);
Console.ReadKey();
}效果:
评论列表: