已經學習了運用3-DES加密算法進行密鑰加密.和公鑰加密數據經常與密鑰加密數據一同使用.這樣將加一個額外的安全層來保護數據的傳輸.在第1部分的學習中我們已經知道公鑰加密是由兩部分組成:公鑰和私鑰.被公鑰加密過的數據只能由對對應的私鑰進行解密.最受歡迎的加解密算法之一的是RSA算法.RSA分別是 Rivest, Shamir, Adelman三個單詞首字母的縮寫.NET框架中提供一個 RSACryptoServiceProvider類封裝了這個算法.在這講中我們將學習如何用這個類加密數據.
很多開發者都不想進入Cryptography空間內部.他們僅僅需要一個簡單的容易的方法來保證數據安全.所以我們打算開發一個可重用的類,這個類將做加密和解密的工作.
我們將創建一個叫PublicKeySecurityHelper的類,這個類有倆個方法:一個加密,一個解密.另外,我們還要創建一個叫MyRSAInfo類.這個類只是簡單的存儲一些數據片斷,就像公鑰和私鑰.
Here, is the complete code of the class. 下面是類的代碼:
Let's dissect the code step by step: 下面讓我們一步步解密這些代嗎吧:
Encrypting data 加密數據
- First we import the required namespaces. Especially System.Security.Cryptography is important one because it contains our core class RSACryptoServiceProvider
首先,我們導入命名空間.System.Security.Cryptography 是必須的,他包含了我們要用的RSACryptoServiceProvider類.
- We create a method called Encrypt() that accepts the string to be encrypted and returns an instance of a class called MyRSAInfo
我們創建一個叫做Encrypt() 的方法來接收要被加密的數據.並且返回一個MyRSAInfo類的實例.
- MyRSAInfo is our custom class defined at the bottom of the code. It consists of four public members - PublicKey, PrivateKey, Parameters and Data
MyRSAInfo是我們自定義的一個類.它由四個公共成員變量組成:PublicKey, PrivateKey, Parameters ,Data
- The PublicKey and PrivateKey members store the generated public key and private key respectively.
PublicKey 和 PrivateKey變量分別存儲被產生的公鑰和私鑰.
- The Parameters variable is of type CspParameters. This is used to automatically generate public and private keys and reuse them later on.
Parameters 是CspParameters類型的變量,它被用來自動生成公鑰和私鑰,並且在後面還會重用它們.
- The Data is an array of bytes and stores the encrypted version of the data
Data變量是一個字節數組,存儲被加過密的數據.
- Inside the Encrypt() method we create an instance of CspParameters class and set its Flag property to CspProviderFlags.UseMachineKeyStore. This enumerated value specifies from where the key information should be picked up i.e. from default key container or from machine level key store.
在Encrypt() 方法中我們創建了CspParameters類的實例,並且設置了CspParameters類的屬性Flag 到CspProviderFlags.UseMachineKeyStore.這個枚舉值指明瞭應該被提取的關鍵信息.
- Then we create new instance of RSACryptoServiceProvider class passing the CspParameters instance.
然後我們創建一個新的RSACryptoServiceProvider類來傳遞CspParameters 類的實例.
- We then call Encrypt() method of RSACryptoServiceProvider class and pass data to be encrypted. Since this parameter is byte array we convert our string into byte array using GetBytes() method. The second parameter of the method indicates whether to use OAEP padding (true) or PKCS#1 v1.5 padding (false). The former can be used only on Windows XP machines and hence we pass False. The Encrypt() method of RSACryptoServiceProvider class returns a byte array that contains encrypted version of the data.
然後我們調用RSACryptoServiceProvider 類的方法Encrypt()加密數據.因爲參數是字節數組型,我們就要用GetBytes() 方法把要加密的數據轉換成字節數組.Encrypt()方法的第2個參數指出是使用OAEP paddingg 還是PKCS#1 v1.5 padding.OAEP paddingg 只能在Windows XP的系統上使用,所以我們用後者,傳False.Encrypt()方法將返回一個加密過的數據的字節數組.
- Finally, we fill all the members of MyRSAInfo class and return to the caller. Note how we call ToXmlString() method first passing False and then passing True to get public and private keys respectively.
最後,我們爲所有的MyRSAInfo 類的成員賦值並返回給調用者.注意,我們首先傳一個False到ToXmlString()方法得到公鑰,再傳一個True得到私鑰.
Decrypting data 解密數據(譯註:以下差不多的,自己看吧!)
- In order to decrypt the data we create a method called Decrypt() that accepts an instance of MyRSAInfo class. This instance must be the one returned by the Encrypt() method explained earlier.
- Inside Decrypt() method we create an instance of RSACryptoServiceProvider class again passing the same CspParameters.
- We then call FromXmlString() method of the RSACryptoServiceProvider class and pass the public key generated before.
- Finally, we call Decrypt() method of RSACryptoServiceProvider class and pass the encrypted data. The second parameter of Decrypt method has the same significance as that of the corresponding parameter of Encrypt() method