C#AES加密-流模式自动添加IV
[英]C# AES Encryption - Stream mode to automatically prepend IV
问题描述
根据GregS关于“ 此答案”的评论,IV应该放在AES加密数据之前(假设我没看错):
将其放在密码之前。 这样,您就可以在流模式下进行解密。
在我看来,GregS建议使用一种流模式,该模式将自动在加密中使用IV。
这是真的?
我目前正在将IV手动添加到加密数据之前,并在解密之前将密码分别拆分为IV和数据。 有没有一种方法可以自动执行此操作?
以供参考:
这是我现在正在做的事情:
Encrypt方法:
public byte[] Encrypt(byte[] data)
{
// Generate IV
var iv = new byte[BlockSize/8];
new Random().NextBytes(iv);
byte[] cipher = // encryption happens here
// Prepend IV to Cipher
var saltedCipher = new byte[iv.Length + cipher.Length];
Buffer.BlockCopy(iv, 0, saltedCipher, 0, iv.Length);
Buffer.BlockCopy(cipher, 0, saltedCipher, iv.Length, cipher.Length);
return saltedCipher;
}
Decrypt方法:
public byte[] Decrypt(byte[] saltedCipher)
{
// Split saltedCipher into iv and cipher
var iv = new byte[BlockSize/8];
var cipher = new byte[saltedCipher.Length - iv.Length];
Buffer.BlockCopy(buffer, 0, iv, 0, iv.Length);
Buffer.BlockCopy(buffer, iv.Length, cipher, 0, cipher.Length);
byte[] data = // decryption happens here
return data;
}
1 个解决方案
解决方案1
3 已采纳 2014-07-25 19:26:14
仅使用.NET框架中内置的方法,就无法自动添加数据。 有许多第三方库将为您处理此问题,但是System.Security.Cryptography的库默认情况下不提供。
通常,当您对信息进行加密时,您将拥有一个标头,其中包含解密文件之前您需要了解的所有相关信息,根据软件的需求,这些信息的含义千差万别。 对于您的简单示例,标题只是
╔════════════════╦══════════════╦═══════════════════╦═════════════╗ ║ Offset (bytes) ║ Size (bytes) ║ Encryption Status ║ Description ║ ╠════════════════╬══════════════╬═══════════════════╬═════════════╣ ║ 0 ║ BlockSize/8 ║ Unencrypted ║ IV ║ ║ BlockSize/8 ║ Var. ║ Encrypted ║ Data Area ║ ╚════════════════╩══════════════╩═══════════════════╩═════════════╝
这就是您所需要的,因为您(我假设)是固定的块大小,所以您不需要任何额外的信息,例如IV长度或有关该文件的任何元数据。
将该文件与更复杂的文件(例如TrueCrypt容器)进行比较( 原始站点在规范中不再存在,但我发现了此镜像 )
╔════════════════╦══════════════╦════════════════════════════╦══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ ║ Offset (bytes) ║ Size (bytes) ║ Encryption Status ║ Description ║ ╠════════════════╬══════════════╬════════════════════════════╬══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╣ ║ 0 ║ 64 ║ Unencrypted§ ║ Salt ║ ║ 64 ║ 4 ║ Encrypted ║ ASCII string "TRUE" ║ ║ 68 ║ 2 ║ Encrypted ║ Volume header format version (5) ║ ║ 70 ║ 2 ║ Encrypted ║ Minimum program version required to open the volume ║ ║ 72 ║ 4 ║ Encrypted ║ CRC-32 checksum of the (decrypted) bytes 256-511 ║ ║ 76 ║ 16 ║ Encrypted ║ Reserved (must contain zeroes) ║ ║ 92 ║ 8 ║ Encrypted ║ Size of hidden volume (set to zero in non-hidden volumes) ║ ║ 100 ║ 8 ║ Encrypted ║ Size of volume ║ ║ 108 ║ 8 ║ Encrypted ║ Byte offset of the start of the master key scope ║ ║ 116 ║ 8 ║ Encrypted ║ Size of the encrypted area within the master key scope ║ ║ 124 ║ 4 ║ Encrypted ║ Flag bits (bit 0 set: system encryption; bit 1 set: non-system in-place-encrypted/decrypted volume; bits 2–31 are reserved) ║ ║ 128 ║ 4 ║ Encrypted ║ Sector size (in bytes) ║ ║ 132 ║ 120 ║ Encrypted ║ Reserved (must contain zeroes) ║ ║ 252 ║ 4 ║ Encrypted ║ CRC-32 checksum of the (decrypted) bytes 64-251 ║ ║ 256 ║ Var. ║ Encrypted ║ Concatenated primary and secondary master keys** ║ ║ 512 ║ 65024 ║ Encrypted ║ Reserved (for system encryption, this item is omitted‡‡) ║ ║ 65536 ║ 65536 ║ Encrypted / Unencrypted§ ║ Area for hidden volume header (if there is no hidden volume within the volume, this area contains random data††). For system encryption, this item is omitted.‡‡ See bytes 0–65535. ║ ║ 131072 ║ Var. ║ Encrypted ║ Data area (master key scope). For system encryption, offset may be different (depending on offset of system partition). ║ ║ S-131072‡ ║ 65536 ║ Encrypted / Unencrypted§ ║ Backup header (encrypted with a different header key derived using a different salt). For system encryption, this item is omitted.‡‡ See bytes 0–65535. ║ ║ S-65536‡ ║ 65536 ║ Encrypted / Unencrypted§ ║ Backup header for hidden volume (encrypted with a different header key derived using a different salt). If there is no hidden volume within the volume, this area contains random data.†† For system encryption, this item is omitted.‡‡ See bytes 0–65535. ║ ╚════════════════╩══════════════╩════════════════════════════╩══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╝ * Provided that the options Quick Format and Dynamic are disabled and provided that the volume does not contain a filesystem that has been encrypted in place (note that TrueCrypt does not allow the user to create a hidden volume within such a volume). † The encrypted areas of the volume header are encrypted in XTS mode using the primary and secondary header keys. For more information, see the section Encryption Scheme and the section Header Key Derivation, Salt, and Iteration Count. ‡ S denotes the size of the volume host (in bytes). § Note that the salt does not need to be encrypted, as it does not have to be kept secret [7] (salt is a sequence of random values). ** Multiple concatenated master keys are stored here when the volume is encrypted using a cascade of ciphers (secondary master keys are used for XTS mode). †† See above in this section for information on the method used to fill free volume space with random data when the volume is created. ‡‡ Here, the meaning of "system encryption" does not include a hidden volume containing a hidden operating system.
因此,由于标头的需求可能变化很大,.NET框架将其留给开发人员来设计自己的标头。
C# 中的 Aes 加密 使用其他 IV 解密
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.