第二部分 密鑰加密
In the Part 1 we learnt the basics of Cryptography and related .NET Framework classes. In this article we are going to see how to work with Secret Key Encryption using Triple-DES algorithm.
在命名空間System.Security.Cryptography 中包含了一個叫TripleDESCryptoServiceProvider的類提供了3-DES加密數據的方法.DES的含義是數據加密標準這三個英文單詞的首字母,單詞Triple的使用實際是說這種加密方式將原始數據加密了3次.
密鑰加密有倆個必備條件:
- A secret key 密鑰
- An initialization vector 初始化向量
這種加密算法使用了一種"鏈"的技術加密數據.使用這種技術時,一個完整的數據是被分成了若干小塊分別進行加密的.前一個加密過的塊又被用來加密當前的塊,如此反覆到最後一塊,就像一條鏈一樣,一環一環相扣!
初始化向量是作爲一個加密和解密第一個塊字節的種子使用的.這將會保證兩個數據塊不會產生相同的加密塊的文本.
在使用TripleDESCryptoServiceProvider類加密時要注意:密鑰必須是24字節的bytes數據類型,初始化向量必須是8字節的bytes型.
Example of using TripleDESCryptoServiceProvider class
在這個例子中我們首行創建一個叫做SecurityHelper的類,這個類將爲我們加密和解密字符串數據.下面是這個類的代碼:
Let's examine the code step by step:
現在我們來一步一步的解釋這段代碼
- We create a class called SecurityHelper with two functions Encrypt() and Decrypt(). The former accepts the string to be encrypted and returns encrypted form of the string as a byte array. The later accepts the encrypted data in the form of a byte array and returns decrypted data as a string.
首先我們創建了一個叫做SecurityHelper的類,它有兩個方法,一個是加密,一個是解密.加密方法接收要被加密的字符串並將加密過的數據作爲一個字節數組返回.解密方法則正好相反,他是接收被加密數據的字節數組,返回的是解密過的字符串.
- The class has two public variables of byte array type. They are used to assign the secret key and initialization vector.
這個類有兩個公共的字節數組變量.他們分別被賦值給了密鑰和初始化向量.
- In the Encrypt() function we first convert the string to be encrypted into a byte array using GetBytes() method.
在加密方法中我們首先把要被加密的字符串轉換成字節數組類型.我們使用的是GetBytes()方法做轉換的
- We then create an instance of TripleDESCryptoServiceProvider class
然後我們創建TripleDESCryptoServiceProvider類的實例.
- The key and initialization vector can be supplied externally by you or TripleDESCryptoServiceProvider class can generate one automatically for you. If user has not supplied key and IV we call GenerateKey() and GenerateIV() methods respectively. These methods create a random key and IV automatically for you. We assign the generated key and IV to public variables Key and IV.
密鑰和初始化向量可以由你自己從外部提供,也可以由TripleDESCryptoServiceProvider 類自動爲你生成.如果用戶沒用提供密鑰和初始化向量,我們就分別調用GenerateKey() 和GenerateIV() 方法自動生成.這兩個方法將爲你隨機生成密鑰和初始化向量.然後我們再把它們分別賦值給公共變量Key 和 IV.
- Then we call CreateEncryptor() method of TripleDESCryptoServiceProvider class and collect its return value in a variable of type ICryptoTransform. The ICryptoTransform interface defines the basic operations of cryptographic transformations.
然後我們調用 TripleDESCryptoServiceProvider類的 CreateEncryptor() 方法,並以ICryptoTransform作爲返回值類型得到.ICryptoTransform 接口定義了加密轉換的一些基本操作.
- We then create a memory stream. The encrypted data will be put inside this stream.
然後我們創建一個內存流.把被加密的數據放入這個流中.
- We also create a CryptoStream and pass the memory stream and the encryptor created above.
我們也創建一個CryptoStream 流,並連同上一步創建的流一起傳遞.
- Next, we write the data to be encrypted to the CryptoStream object. The CryptoStream object stores the encrypted version of the data in the supplied memory stream.
接着,我們把加密過的數據寫入CryptoStream對象.CryptoStream對象存放着內存流中加密數據的加密版本.
- Finally, we read the memory stream for encrypted data. Put that data in an array of bytes and return it to the caller.
最後,我們從內存流中讀取加密數據,並把這些數據放入一個字節數組中返回給他的調用者.
Decryption process is similar but follows reverse path. The only major difference between encryption and decryption code is that in case of decryption we call CreateDecryptor() method of TripleDESCryptoServiceProvider class.
解密過程是類似的,只是把這個過程反過來.在加密和解密代碼中的主要不同是:在解密過程中我們使用TripleDESCryptoServiceProvider 類的CreateDecryptor() 方法.
