堆栈内存溢出
  简体   繁体   English

在envenedCms 中使用aes256gcm 算法加密/解密文件的问题。 我的选择是什么?

[英]Problem with encrypt/decrypting files using aes256gcm algorithm in envelopedCms. What are mine options?

 原文  2020-08-29 09:41:18       java/ c#/ encryption/ aes-gcm

问题描述

I'm trying to replicate example from Java in c# with partial success我正在尝试在 c# 中从 Java 复制示例并取得部分成功

    CMSEnvelopedDataStreamGenerator gen = new CMSEnvelopedDataStreamGenerator();

    // NOTE: Uses the RECEIVER's PUBLIC encryption key
    gen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(remoteEncryptionCert, rsaesOaepIdentifier()));

    OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES256_GCM).setProvider(BC).build();

    try (FileOutputStream fileStream = new FileOutputStream(OUTPUT_FILE); OutputStream encryptingOutputStream = gen.open(fileStream, encryptor)) {
                
                //
                // write file
                //
 
                encryptingOutputStream.flush();
            }

I've tried so far到目前为止我已经尝试过

Using System.Security.Cryptography.Pkcs使用 System.Security.Cryptography.Pkcs

public byte[] Encrypt(byte[] plainBytes, X509Certificate2 recipientCert)
{
    // create ContentInfo
    ContentInfo plainContent = new ContentInfo(plainBytes);

    // EnvelopedCms represents encrypted data
    Oid encryptAlgoOid = new Oid("2.16.840.1.101.3.4.1.46"); // AES-256-GCM, 
    //Oid encryptAlgoOid = new Oid("2.16.840.1.101.3.4.1.42"); // AES-256-CBC
    EnvelopedCms encryptedData = new EnvelopedCms(plainContent, new AlgorithmIdentifier(encryptAlgoOid));

    // add a recipient
    CmsRecipient recipient = new CmsRecipient(recipientCert);

    // encrypt data with public key of recipient
    encryptedData.Encrypt(recipient); //Throws "Unknown cryptographic algorithm."

    // create PKCS #7 byte array
    byte[] encryptedBytes = encryptedData.Encode();

    // return encrypted data
    return encryptedBytes;
}

error stack trace错误堆栈跟踪

Unknown cryptographic algorithm.
   at Internal.Cryptography.Pal.Windows.PkcsPalWindows.EncodeHelpers.CreateCryptMsgHandleToEncode(CmsRecipientCollection recipients, Oid innerContentType, AlgorithmIdentifier contentEncryptionAlgorithm, X509Certificate2Collection originatorCerts, CryptographicAttributeObjectCollection unprotectedAttributes)
   at Internal.Cryptography.Pal.Windows.PkcsPalWindows.Encrypt(CmsRecipientCollection recipients, ContentInfo contentInfo, AlgorithmIdentifier contentEncryptionAlgorithm, X509Certificate2Collection originatorCerts, CryptographicAttributeObjectCollection unprotectedAttributes)
   at System.Security.Cryptography.Pkcs.EnvelopedCms.Encrypt(CmsRecipientCollection recipients)
   at System.Security.Cryptography.Pkcs.EnvelopedCms.Encrypt(CmsRecipient recipient)
   at ConsoleApp1.Program.Encrypt() in Program.cs:line 91

Using Org.BouncyCastle.Cms使用 Org.BouncyCastle.Cms

public byte[] Encrypt(X509Certificate2 recipientCert)
{
    // file stream
    FileStream fileEncrypted = new FileStream(pathToFile)

    CmsEnvelopedDataStreamGenerator gen = new CmsEnvelopedDataStreamGenerator();
    gen.AddKeyTransRecipient(recipientCert);

    var outEncryptedStream = gen.Open(fileEncrypted, "2.16.840.1.101.3.4.1.46"); 
    // Throws "KeyGenerator 2.16.840.1.101.3.4.1.46 not recognised." CmsEnvelopedDataGenerator doesn't 
    // have named constant for aes256gcm 

    return outEncryptedStream
}

error stack trace错误堆栈跟踪

KeyGenerator 2.16.840.1.101.3.4.1.46 not recognised.
   at Org.BouncyCastle.Security.GeneratorUtilities.GetKeyGenerator(String algorithm)
   at Org.BouncyCastle.Cms.CmsEnvelopedDataStreamGenerator.Open(Stream outStream, String encryptionOid)
   at ConsoleApp1.Program.Encrypt() in Program.cs:line 128

I have to make it work in a way so i can encrypt files with c# code and decrypt with java and vice versa.我必须让它以某种方式工作,以便我可以使用 c# 代码加密文件并使用 java 解密,反之亦然。

What i noticed that i if i encrypt file in c# using Aes256CBC i can decrypt it in java, hows that possible?我注意到,如果我使用 Aes256CBC 在 C# 中加密文件,我可以在 Java 中解密它,这怎么可能? Does that mean that i implemented encryption wrong?这是否意味着我实施了错误的加密?

So what are mine options to make this work?那么我有哪些选择可以使这项工作发挥作用?

2 个解决方案

解决方案1
 1  2020-08-30 17:06:06

I'm sorry, as per https://github.com/bcgit/bc-csharp/blob/5bd4c8c70f80f1e7ead8e3c73459b78eb93d0ef7/crypto/src/security/GeneratorUtilities.cs it seems to be that AES-256-GCM mode is not available even in actual C# Bouncy Castle:对不起,根据https://github.com/bcgit/bc-csharp/blob/5bd4c8c70f80f1e7ead8e3c73459b78eb93d0ef7/crypto/src/security/GeneratorUtilities.cs似乎 AES-256-GCM 模式甚至不可用实际的 C# 充气城堡:

static GeneratorUtilities()
...
AddKgAlgorithm("AES256",
  "2.16.840.1.101.3.4.42",
  NistObjectIdentifiers.IdAes256Cbc,
  NistObjectIdentifiers.IdAes256Cfb,
  NistObjectIdentifiers.IdAes256Ecb,
  NistObjectIdentifiers.IdAes256Ofb,
  NistObjectIdentifiers.IdAes256Wrap);
...

解决方案2
 0  2022-01-04 12:16:28

根据Michael Fehr 的评论,AES-256-GCM 模块在 C# Bouncy Castle 中不可用,因此我们制作了 Java Api 并从我们的代码库中调用

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Bouncycastle解密AES-256-CBC - Decrypting aes-256-cbc using bouncycastle 使用 Java 中的 co_aes256_algorithm_pem 解密 SAP 中加密的数据 - Decrypting data encrypted in SAP using co_aes256_algorithm_pem in Java 如何通过使用AES算法在android中存储用于加密文件的密钥 - How to store the key used to encrypt files in android by using AES algorithm 在节点 js 中通过 AES/GCM/NoPadding 算法使用密钥和 iv 加密有效负载并在 java 中解密 - Encrypt payload using a key and iv by AES/GCM/NoPadding algorithm in node js and decrypt in java 如何在c#中使用AES256算法加密字符串并在java中解密 - How to Encrypt the string using AES256 algorithm in c# and decrypt the same in java 使用 AES 256 在 Scala/Java 中加密文件 - Encrypt a file in Scala/Java using AES 256 使用 AES-256 算法加密 Java 中的电子邮件文本以在 NodeJS 中解密 - Encrypt e-mail text in Java to Decrypt in NodeJS using AES-256 algorithm 错误解密在Android中使用AES / GCM / NoPadding加密的消息 - Error decrypting message encrypted using AES/GCM/NoPadding in Android Java AES解密问题 - Java AES Decrypting problem 如何使用 aes 算法加密 sqlite 文件? - How to encrypt sqlite file using aes algorithm?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM