C#AES加密-流模式自动添加IV
[英]C# AES Encryption - Stream mode to automatically prepend IV
问题描述
According to a comment on This Answer from GregS, the IV should be prepended to AES encrypted data (Assuming I'm reading it right): 
根据GregS关于“ 此答案”的评论,IV应该放在AES加密数据之前(假设我没看错):
Put it before the cipher.
It sounds to me like GregS is suggesting there's a streaming mode that will automatically prepend/parse the IV used in encryption. 在我看来,GregS建议使用一种流模式,该模式将自动在加密中使用IV。
Is this true? 这是真的?
I am currently manually prepending my IV to encrypted data and manually splitting ciphers into IV and data before decrypting. 我目前正在将IV手动添加到加密数据之前,并在解密之前将密码分别拆分为IV和数据。 Is there a method to do this automatically? 有没有一种方法可以自动执行此操作?
For Reference: 以供参考:
Here's what I'm doing right now: 这是我现在正在做的事情:
The Encrypt Method: Encrypt方法:
public byte[] Encrypt(byte[] data)
{
// Generate IV
var iv = new byte[BlockSize/8];
new Random().NextBytes(iv);
byte[] cipher = // encryption happens here
// Prepend IV to Cipher
var saltedCipher = new byte[iv.Length + cipher.Length];
Buffer.BlockCopy(iv, 0, saltedCipher, 0, iv.Length);
Buffer.BlockCopy(cipher, 0, saltedCipher, iv.Length, cipher.Length);
return saltedCipher;
}
The Decrypt Method: Decrypt方法:
public byte[] Decrypt(byte[] saltedCipher)
{
// Split saltedCipher into iv and cipher
var iv = new byte[BlockSize/8];
var cipher = new byte[saltedCipher.Length - iv.Length];
Buffer.BlockCopy(buffer, 0, iv, 0, iv.Length);
Buffer.BlockCopy(buffer, iv.Length, cipher, 0, cipher.Length);
byte[] data = // decryption happens here
return data;
}
1 个解决方案
解决方案1
3 已采纳 2014-07-25 19:26:14
Using only the methods built in to the .NET framework, there is no way I know of that automatically prepends the data. 仅使用.NET框架中内置的方法,就无法自动添加数据。 There are many 3rd party libraries that will handle this for you, but the libraries in the System.Security.Cryptography do not by default. 有许多第三方库将为您处理此问题,但是System.Security.Cryptography的库默认情况下不提供。
Often when you are encrypting information you will have a header that contains all of the relevant information you need to know about the file before you decrypt it, what that information is varies wildly based on the needs of the software. 通常,当您对信息进行加密时,您将拥有一个标头,其中包含解密文件之前您需要了解的所有相关信息,根据软件的需求,这些信息的含义千差万别。 For your simple example your header is just 对于您的简单示例,标题只是
╔════════════════╦══════════════╦═══════════════════╦═════════════╗ ║ Offset (bytes) ║ Size (bytes) ║ Encryption Status ║ Description ║ ╠════════════════╬══════════════╬═══════════════════╬═════════════╣ ║ 0 ║ BlockSize/8 ║ Unencrypted ║ IV ║ ║ BlockSize/8 ║ Var. ║ Encrypted ║ Data Area ║ ╚════════════════╩══════════════╩═══════════════════╩═════════════╝
And that is all you need, because you are (I am assuming) a fixed block size you don't need any extra information like the IV length, or any metadata about the file. 这就是您所需要的,因为您(我假设)是固定的块大小,所以您不需要任何额外的信息,例如IV长度或有关该文件的任何元数据。
Compare that to a more complicated file, like a TrueCrypt container ( The original site does not exist anymore with the spec, but I found this mirror ) 将该文件与更复杂的文件(例如TrueCrypt容器)进行比较( 原始站点在规范中不再存在,但我发现了此镜像 )
╔════════════════╦══════════════╦════════════════════════════╦══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Offset (bytes) ║ Size (bytes) ║ Encryption Status ║ Description ║ ╠════════════════╬══════════════╬════════════════════════════╬══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╣ ║ 0 ║ 64 ║ Unencrypted§ ║ Salt ║ ║ 64 ║ 4 ║ Encrypted ║ ASCII string "TRUE" ║ ║ 68 ║ 2 ║ Encrypted ║ Volume header format version (5) ║ ║ 70 ║ 2 ║ Encrypted ║ Minimum program version required to open the volume ║ ║ 72 ║ 4 ║ Encrypted ║ CRC-32 checksum of the (decrypted) bytes 256-511 ║ ║ 76 ║ 16 ║ Encrypted ║ Reserved (must contain zeroes) ║ ║ 92 ║ 8 ║ Encrypted ║ Size of hidden volume (set to zero in non-hidden volumes) ║ ║ 100 ║ 8 ║ Encrypted ║ Size of volume ║ ║ 108 ║ 8 ║ Encrypted ║ Byte offset of the start of the master key scope ║ ║ 116 ║ 8 ║ Encrypted ║ Size of the encrypted area within the master key scope ║ ║ 124 ║ 4 ║ Encrypted ║ Flag bits (bit 0 set: system encryption; bit 1 set: non-system in-place-encrypted/decrypted volume; bits 2–31 are reserved) ║ ║ 128 ║ 4 ║ Encrypted ║ Sector size (in bytes) ║ ║ 132 ║ 120 ║ Encrypted ║ Reserved (must contain zeroes) ║ ║ 252 ║ 4 ║ Encrypted ║ CRC-32 checksum of the (decrypted) bytes 64-251 ║ ║ 256 ║ Var. ║ Encrypted ║ Concatenated primary and secondary master keys** ║ ║ 512 ║ 65024 ║ Encrypted ║ Reserved (for system encryption, this item is omitted‡‡) ║ ║ 65536 ║ 65536 ║ Encrypted / Unencrypted§ ║ Area for hidden volume header (if there is no hidden volume within the volume, this area contains random data††). For system encryption, this item is omitted.‡‡ See bytes 0–65535. ║ ║ 131072 ║ Var. ║ Encrypted ║ Data area (master key scope). For system encryption, offset may be different (depending on offset of system partition). ║ ║ S-131072‡ ║ 65536 ║ Encrypted / Unencrypted§ ║ Backup header (encrypted with a different header key derived using a different salt). For system encryption, this item is omitted.‡‡ See bytes 0–65535. ║ ║ S-65536‡ ║ 65536 ║ Encrypted / Unencrypted§ ║ Backup header for hidden volume (encrypted with a different header key derived using a different salt). If there is no hidden volume within the volume, this area contains random data.†† For system encryption, this item is omitted.‡‡ See bytes 0–65535. ║ ╚════════════════╩══════════════╩════════════════════════════╩══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ * Provided that the options Quick Format and Dynamic are disabled and provided that the volume does not contain a filesystem that has been encrypted in place (note that TrueCrypt does not allow the user to create a hidden volume within such a volume). † The encrypted areas of the volume header are encrypted in XTS mode using the primary and secondary header keys. For more information, see the section Encryption Scheme and the section Header Key Derivation, Salt, and Iteration Count. ‡ S denotes the size of the volume host (in bytes). § Note that the salt does not need to be encrypted, as it does not have to be kept secret [7] (salt is a sequence of random values). ** Multiple concatenated master keys are stored here when the volume is encrypted using a cascade of ciphers (secondary master keys are used for XTS mode). †† See above in this section for information on the method used to fill free volume space with random data when the volume is created. ‡‡ Here, the meaning of "system encryption" does not include a hidden volume containing a hidden operating system.
So because the needs of a header can vary so much the .NET framework leaves it to the developer to design their own. 因此,由于标头的需求可能变化很大,.NET框架将其留给开发人员来设计自己的标头。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.