简体繁体 English

AES计数器模式C＃等效

[英]AES Counter mode C# equivalent

原文 2011-03-24 00:41:08 3 3 c#/ javascript/ aes

I use the following javascript to encrypt some data : http://www.movable-type.co.uk/scripts/aes.html 我使用以下javascript来加密一些数据： http ： //www.movable-type.co.uk/scripts/aes.html

I have to decrypt it with C#. 我必须用C＃解密它。 Anyone knows how to decrypt that with the Rijndael manager ? 有人知道如何用Rijndael经理解密吗？

I want to avoid to port the code ;-) 我想避免移植代码;-)

Thanks in advance 提前致谢

3 个解决方案

Alas, CTR mode is not implemented as a "mode" in the builtin AES class in the System.Security.Cryptography namespace. 唉， CTR模式未在System.Security.Cryptography命名空间中的内置AES类中实现为“模式” 。

But, there is a solution. 但是，有一个解决方案。 CTR mode is not too difficult to implement using the builtin AES class operating in ECB mode, an IV of all zeros, no padding, and a few tweaks. 使用在ECB模式下运行的内置AES类，全零的IV，无填充和一些调整，CTR模式并不太难实现。 Basically, for each block, CTR mode encrypts the counter, then XORs the result of that encryption with the plaintext to get the ciphertext. 基本上，对于每个块，CTR模式对计数器进行加密，然后使用明文对该加密的结果进行异或，以获得密文。 That's for encryption. 那是加密。 You'd do the converse for decryption. 你可以进行解密。 Since the transform operation is XOR, it's reflexive, so decryption is really the same as encryption. 由于转换操作是异或，它是自反的，因此解密与加密真的相同。

Start with the counter at zero for the first block of 16-bytes (the block size for AES); 对于第一个16字节的块（AES的块大小），从零开始计数器; increment the counter for each subsequent block. 递增每个后续块的计数器。

Honestly, the trickiest part about the whole affair is segmenting the data to be encrypted, into blocks of 16 bytes. 老实说，关于整个事件最棘手的部分是将要加密的数据分割成16个字节的块。 If the app asks to encrypt 10 bytes, you can't encrypt. 如果应用程序要求加密10个字节，则无法加密。 You need to wait til you get a full 16 bytes before you do the transform. 在进行转换之前，您需要等待直到获得完整的16个字节。 So you need to manage a buffer. 所以你需要管理一个缓冲区。

I don't have a working code demo for you, but given this description it shouldn't be too hard to construct a CTR mode suitable for you. 我没有适合您的工作代码演示，但鉴于此描述，构建适合您的CTR模式应该不会太难。 You can see an example of CTR mode encryption based on the builtin AES class in the WinZipAes.cs module , part of the open-source DotNetZip library. 您可以在WinZipAes.cs模块中看到基于内置AES类的CTR模式加密示例，该模块是开源DotNetZip库的一部分。 This code does work but isn't ready to be used outside of DotNetZip. 此代码确实有效，但尚未准备好在DotNetZip之外使用。 You'd need to repackage it to make it clean. 您需要重新包装它以使其清洁。

On the other hand, if you just want to get Javascript and C# to interoperate with AES, and you are not particularly wedded to CTR mode, then you could use ECB mode, very easily. 另一方面，如果您只是想让Javascript和C＃与AES互操作，并且您并不特别坚持CTR模式，那么您可以非常轻松地使用ECB模式。 This question shows you how to get SlowAES and .NET's Aes class to work together, and it includes links to working code (Javascript, C#, and VB). 这个问题向您展示了如何让SlowAES和.NET的Aes类一起工作，它包含指向工作代码（Javascript，C＃和VB）的链接。 But be careful about ECB mode . 但要注意ECB模式。

This is a different Javascript library than the one you selected; 这是一个与您选择的Javascript库不同的Javascript库; I prefer slowAES because it made more sense to me. 我更喜欢slowAES，因为它对我来说更有意义。 also, in that answer I provide supporting classes like the RFC2898 password-based key derivation. 另外，在那个答案中，我提供了支持类，如RFC2898基于密码的密钥派生。

Good luck. 祝好运。

I don't have enough points to reply to Cheeso's answer, but I do not believe this is accurate, "If the app asks to encrypt 10 bytes, you can't encrypt." 我没有足够的积分回答Cheeso的答案，但我不相信这是准确的，“如果应用程序要求加密10个字节，则无法加密。”

Since CTR mode encrypts the nonce, and then XORs the result with clearText, you can encrypt blocks of any size. 由于CTR模式对nonce进行加密，然后使用clearText对结果进行异或，因此可以加密任意大小的块。 That's actually one of the primary benefits of CTR mode, along with parallel encryption. 这实际上是CTR模式的主要优点之一，以及并行加密。

You may also want to ensure that your input to the AES ECB block is a combination of a random IV and a byte offset. 您可能还希望确保您对AES ECB块的输入是随机IV和字节偏移的组合。 For example, the upper 92 bits is the random IV (different for each file) and the lower 32 bits is your byte offset. 例如，高92位是随机IV（每个文件不同），低32位是您的字节偏移。

Using an IV of 0 for every file encryption is dangerous. 对每个文件加密使用IV为0是危险的。 (check out "Writing Secure Code", pg. 285, 2nd edition). （请参阅“编写安全代码”，第285页，第2版）。 Vary the key and IV for each encrypt operation. 改变每个加密操作的密钥和IV。