如何在 C# 中使用公钥和私钥加密技术

Posted

技术标签:

【中文标题】如何在 C# 中使用公钥和私钥加密技术【英文标题】:How to use public and private key encryption technique in C# 【发布时间】:2013-08-31 09:32:34 【问题描述】:

我想使用公钥/私钥技术加密数据。我的意思是,用接收者的公钥加密,接收者可以用自己的私钥解密。

我该怎么做?您有什么建议或示例代码吗?

【问题讨论】:

What have you tried? 【参考方案1】:

代码示例:

private static string _privateKey;
private static string _publicKey;
private static UnicodeEncoding _encoder = new UnicodeEncoding();

private static void RSA()

  var rsa = new RSACryptoServiceProvider();
  _privateKey = rsa.ToXmlString(true);
  _publicKey = rsa.ToXmlString(false);

  var text = "Test1";
  Console.WriteLine("RSA // Text to encrypt: " + text);
  var enc = Encrypt(text);
  Console.WriteLine("RSA // Encrypted Text: " + enc);
  var dec = Decrypt(enc);
  Console.WriteLine("RSA // Decrypted Text: " + dec);


public static string Decrypt(string data)

  var rsa = new RSACryptoServiceProvider();
  var dataArray = data.Split(new char[]  ',' );
  byte[] dataByte = new byte[dataArray.Length];
  for (int i = 0; i < dataArray.Length; i++)
  
    dataByte[i] = Convert.ToByte(dataArray[i]);
  

  rsa.FromXmlString(_privateKey);
  var decryptedByte = rsa.Decrypt(dataByte, false);
  return _encoder.GetString(decryptedByte);


public static string Encrypt(string data)

  var rsa = new RSACryptoServiceProvider();
  rsa.FromXmlString(_publicKey);
  var dataToEncrypt = _encoder.GetBytes(data);
  var encryptedByteArray = rsa.Encrypt(dataToEncrypt, false).ToArray();
  var length = encryptedByteArray.Count();
  var item = 0;
  var sb = new StringBuilder();
  foreach (var x in encryptedByteArray)
  
    item++;
    sb.Append(x);

    if (item < length)
      sb.Append(",");
  

  return sb.ToString();

【讨论】:

RSACryptoServiceProvider 不用于加密随机数据块(数据大小仅限于密钥大小)。此外,一般而言,您应该使用 OAEP 填充而不是显式地将其切换为 PCKS1v1.5 以帮助防止选择的密文攻击。任何人都不应使用此示例代码。 @jbtule :那么告诉我们用私钥和公钥概念加密解密大数据最好的方法是什么? @Mou 根据我收集到的信息,您生成了一个对称密钥,然后使用接收者的公钥对其进行加密传输。然后接收者用他们的私钥解密它,然后你用共享的对称密钥对你的大数据进行加密。您可以每 n 次传输更新对称密钥。我认为这就是 SSL 的工作原理(我确信这是一个非常简化的描述) 您可能想查看docs.microsoft.com/en-us/dotnet/standard/security/… 以获得一个很好的例子。【参考方案2】:

这个例子:https://docs.microsoft.com/en-us/dotnet/standard/security/walkthrough-creating-a-cryptographic-application

#NKCSS 发现的非常好。我用它构建了一个测试应用程序,通过了安全人员的代码审查。

只需复制示例中的相关部分,以防链接发生变化:

// Declare global objects
//
// Declare CspParmeters and RsaCryptoServiceProvider
// objects with global scope of your Form class.
readonly CspParameters _cspp = new CspParameters();
RSACryptoServiceProvider _rsa;

// Path variables for source, encryption, and
// decryption folders. Must end with a backslash.
const string EncrFolder = @"c:\Encrypt\";
const string DecrFolder = @"c:\Decrypt\";
const string SrcFolder = @"c:\docs\";

// Public key file
const string PubKeyFile = @"c:\encrypt\rsaPublicKey.txt";

// Key container name for
// private/public key value pair.
const string KeyName = "Key01";

private void buttonCreateAsmKeys_Click(object sender, EventArgs e)

    // Stores a key pair in the key container.
    _cspp.KeyContainerName = KeyName;
    _rsa = new RSACryptoServiceProvider(_cspp)
    
        PersistKeyInCsp = true
    ;

    label1.Text = _rsa.PublicOnly
        ? $"Key: _cspp.KeyContainerName - Public Only"
        : $"Key: _cspp.KeyContainerName - Full Key Pair";

private void buttonEncryptFile_Click(object sender, EventArgs e)

    if (_rsa is null)
    
        MessageBox.Show("Key not set.");
    
    else
    
        // Display a dialog box to select a file to encrypt.
        _encryptOpenFileDialog.InitialDirectory = SrcFolder;
        if (_encryptOpenFileDialog.ShowDialog() == DialogResult.OK)
        
            string fName = _encryptOpenFileDialog.FileName;
            if (fName != null)
            
                // Pass the file name without the path.
                EncryptFile(new FileInfo(fName));
            
        
    


// Add the following EncryptFile method to the form.

private void EncryptFile(FileInfo file)

    // Create instance of Aes for
    // symmetric encryption of the data.
    Aes aes = Aes.Create();
    ICryptoTransform transform = aes.CreateEncryptor();

    // Use RSACryptoServiceProvider to
    // encrypt the AES key.
    // rsa is previously instantiated:
    //    rsa = new RSACryptoServiceProvider(cspp);
    byte[] keyEncrypted = _rsa.Encrypt(aes.Key, false);

    // Create byte arrays to contain
    // the length values of the key and IV.
    int lKey = keyEncrypted.Length;
    byte[] LenK = BitConverter.GetBytes(lKey);
    int lIV = aes.IV.Length;
    byte[] LenIV = BitConverter.GetBytes(lIV);

    // Write the following to the FileStream
    // for the encrypted file (outFs):
    // - length of the key
    // - length of the IV
    // - ecrypted key
    // - the IV
    // - the encrypted cipher content

    // Change the file's extension to ".enc"
    string outFile = 
        Path.Combine(EncrFolder, Path.ChangeExtension(file.Name, ".enc"));

    using (var outFs = new FileStream(outFile, FileMode.Create))
    
        outFs.Write(LenK, 0, 4);
        outFs.Write(LenIV, 0, 4);
        outFs.Write(keyEncrypted, 0, lKey);
        outFs.Write(aes.IV, 0, lIV);

        // Now write the cipher text using
        // a CryptoStream for encrypting.
        using (var outStreamEncrypted = 
            new CryptoStream(outFs, transform, CryptoStreamMode.Write))
        
            // By encrypting a chunk at
            // a time, you can save memory
            // and accommodate large files.
            int count = 0;
            int offset = 0;

            // blockSizeBytes can be any arbitrary size.
            int blockSizeBytes = aes.BlockSize / 8;
            byte[] data = new byte[blockSizeBytes];
            int bytesRead = 0;

            using (var inFs = new FileStream(file.FullName, FileMode.Open))
            
                do
                
                    count = inFs.Read(data, 0, blockSizeBytes);
                    offset += count;
                    outStreamEncrypted.Write(data, 0, count);
                    bytesRead += blockSizeBytes;
                 while (count > 0);
            
            outStreamEncrypted.FlushFinalBlock();
        
    


// Then to Decrypt a file -
private void buttonDecryptFile_Click(object sender, EventArgs e)

    if (_rsa is null)
    
        MessageBox.Show("Key not set.");
    
    else
    
        // Display a dialog box to select the encrypted file.
        _decryptOpeFileDialog.InitialDirectory = EncrFolder;
        if (_decryptOpeFileDialog.ShowDialog() == DialogResult.OK)
        
            string fName = _decryptOpeFileDialog.FileName;
            if (fName != null)
            
                DecryptFile(new FileInfo(fName));
            
        
    


// And -
private void DecryptFile(FileInfo file)

    // Create instance of Aes for
    // symmetric decryption of the data.
    Aes aes = Aes.Create();

    // Create byte arrays to get the length of
    // the encrypted key and IV.
    // These values were stored as 4 bytes each
    // at the beginning of the encrypted package.
    byte[] LenK = new byte[4];
    byte[] LenIV = new byte[4];

    // Construct the file name for the decrypted file.
    string outFile =
        Path.ChangeExtension(file.FullName.Replace("Encrypt", "Decrypt"), ".txt");

    // Use FileStream objects to read the encrypted
    // file (inFs) and save the decrypted file (outFs).
    using (var inFs = new FileStream(file.FullName, FileMode.Open))
    
        inFs.Seek(0, SeekOrigin.Begin);
        inFs.Read(LenK, 0, 3);
        inFs.Seek(4, SeekOrigin.Begin);
        inFs.Read(LenIV, 0, 3);

        // Convert the lengths to integer values.
        int lenK = BitConverter.ToInt32(LenK, 0);
        int lenIV = BitConverter.ToInt32(LenIV, 0);

        // Determine the start postition of
        // the ciphter text (startC)
        // and its length(lenC).
        int startC = lenK + lenIV + 8;
        int lenC = (int)inFs.Length - startC;

        // Create the byte arrays for
        // the encrypted Aes key,
        // the IV, and the cipher text.
        byte[] KeyEncrypted = new byte[lenK];
        byte[] IV = new byte[lenIV];

        // Extract the key and IV
        // starting from index 8
        // after the length values.
        inFs.Seek(8, SeekOrigin.Begin);
        inFs.Read(KeyEncrypted, 0, lenK);
        inFs.Seek(8 + lenK, SeekOrigin.Begin);
        inFs.Read(IV, 0, lenIV);

        Directory.CreateDirectory(DecrFolder);
        // Use RSACryptoServiceProvider
        // to decrypt the AES key.
        byte[] KeyDecrypted = _rsa.Decrypt(KeyEncrypted, false);

        // Decrypt the key.
        ICryptoTransform transform = aes.CreateDecryptor(KeyDecrypted, IV);

        // Decrypt the cipher text from
        // from the FileSteam of the encrypted
        // file (inFs) into the FileStream
        // for the decrypted file (outFs).
        using (var outFs = new FileStream(outFile, FileMode.Create))
        
            int count = 0;
            int offset = 0;

            // blockSizeBytes can be any arbitrary size.
            int blockSizeBytes = aes.BlockSize / 8;
            byte[] data = new byte[blockSizeBytes];

            // By decrypting a chunk a time,
            // you can save memory and
            // accommodate large files.

            // Start at the beginning
            // of the cipher text.
            inFs.Seek(startC, SeekOrigin.Begin);
            using (var outStreamDecrypted =
                new CryptoStream(outFs, transform, CryptoStreamMode.Write))
            
                do
                
                    count = inFs.Read(data, 0, blockSizeBytes);
                    offset += count;
                    outStreamDecrypted.Write(data, 0, count);
                 while (count > 0);

                outStreamDecrypted.FlushFinalBlock();
            
        
    


// you can also try to Export a public key:

void buttonExportPublicKey_Click(object sender, EventArgs e)

    // Save the public key created by the RSA
    // to a file. Caution, persisting the
    // key to a file is a security risk.
    Directory.CreateDirectory(EncrFolder);
    using (var sw = new StreamWriter(PubKeyFile, false))
    
        sw.Write(_rsa.ToXmlString(false));
    


// or Import a public key
void buttonImportPublicKey_Click(object sender, EventArgs e)

    using (var sr = new StreamReader(PubKeyFile))
    
        _cspp.KeyContainerName = KeyName;
        _rsa = new RSACryptoServiceProvider(_cspp);

        string keytxt = sr.ReadToEnd();
        _rsa.FromXmlString(keytxt);
        _rsa.PersistKeyInCsp = true;

        label1.Text = _rsa.PublicOnly
            ? $"Key: _cspp.KeyContainerName - Public Only"
            : $"Key: _cspp.KeyContainerName - Full Key Pair";
    


// (Get a private key)
private void buttonGetPrivateKey_Click(object sender, EventArgs e)

    _cspp.KeyContainerName = KeyName;
    _rsa = new RSACryptoServiceProvider(_cspp)
    
        PersistKeyInCsp = true
    ;

    label1.Text = _rsa.PublicOnly
        ? $"Key: _cspp.KeyContainerName - Public Only"
        : $"Key: _cspp.KeyContainerName - Full Key Pair";


请注意,您可能希望不再使用 Aes,因为这只是一个代码示例(由 Microsoft 提供),并且还可以考虑替换使用 Rijndael 类进行加密。

【讨论】:

以上是关于如何在 C# 中使用公钥和私钥加密技术的主要内容,如果未能解决你的问题,请参考以下文章

java中RSA用私钥加密公钥解密问题

关于RSA中公钥和私钥的具体使用情况区分

什么是公钥和私钥?

四、公钥和私钥,加密和数字签名

理解两种加密方式中私钥和公钥的概念

公钥算法原理