数据加密总结进阶（3）

已经学习了运用3-DES加密算法进行密钥加密.和公钥加密数据经常与密钥加密数据一同使用.这样将加一个额外的安全层来保护数据的传输.在第1部分的学习中我们已经知道公钥加密是由两部分组成:公钥和私钥.被公钥加密过的数据只能由对对应的私钥进行解密.最受欢迎的加解密算法之一的是RSA算法.RSA分别是 Rivest, Shamir, Adelman三个单词首字母的缩写.NET框架中提供一个 RSACryptoServiceProvider类封装了这个算法.在这讲中我们将学习如何用这个类加密数据.  

 

很多开发者都不想进入Cryptography空间内部.他们仅仅需要一个简单的容易的方法来保证数据安全.所以我们打算开发一个可重用的类,这个类将做加密和解密的工作.

我们将创建一个叫PublicKeySecurityHelper的类,这个类有俩个方法:一个加密,一个解密.另外,我们还要创建一个叫MyRSAInfo类.这个类只是简单的存储一些数据片断,就像公钥和私钥.

Here, is the complete code of the class. 下面是类的代码:

Imports System.Security.Cryptography
Imports System.IO
Imports System.Text

Public Class PublicKeySecurityHelper
    Public Function Encrypt(ByVal strData As String) As MyRSAInfo
        Dim myrsa As New MyRSAInfo
        Dim p As CspParameters = New CspParameters
        p.Flags = CspProviderFlags.UseMachineKeyStore
        myrsa.Parameters = p
        Dim rsa As RSACryptoServiceProvider = 
	New RSACryptoServiceProvider(p)
        Dim data() As Byte = 
	rsa.Encrypt(Encoding.Unicode.GetBytes(strData), False)
        myrsa.PublicKey = rsa.ToXmlString(False)
        myrsa.PrivateKey = rsa.ToXmlString(True)
        myrsa.Data = data
        Return myrsa
    End Function

    Public Function Decrypt(ByVal myrsa As MyRSAInfo) As Byte()
        Dim rsa As RSACryptoServiceProvider = 
	New RSACryptoServiceProvider(myrsa.Parameters)
        rsa.FromXmlString(myrsa.PublicKey)
        Dim data() As Byte = rsa.Decrypt(myrsa.Data, False)
        Return data
    End Function
End Class

Public Class MyRSAInfo
    Public PublicKey As String
    Public PrivateKey As String
    Public Parameters As CspParameters
    Public Data() As Byte
End Class

Let's dissect the code step by step: 下面让我们一步步解密这些代吗吧:

Encrypting data  加密数据

• First we import the required namespaces. Especially System.Security.Cryptography is important one because it contains our core class RSACryptoServiceProvider

        首先,我们导入命名空间.System.Security.Cryptography 是必须的,他包含了我们要用的RSACryptoServiceProvider类.

• We create a method called Encrypt() that accepts the string to be encrypted and returns an instance of a class called MyRSAInfo

        我们创建一个叫做Encrypt() 的方法来接收要被加密的数据.并且返回一个MyRSAInfo类的实例.

• MyRSAInfo is our custom class defined at the bottom of the code. It consists of four public members - PublicKey, PrivateKey, Parameters and Data

        MyRSAInfo是我们自定义的一个类.它由四个公共成员变量组成:PublicKey, PrivateKey, Parameters ,Data

• The PublicKey and PrivateKey members store the generated public key and private key respectively.

         PublicKey 和 PrivateKey变量分别存储被产生的公钥和私钥.

• The Parameters variable is of type CspParameters. This is used to automatically generate public and private keys and reuse them later on.

        Parameters 是CspParameters类型的变量,它被用来自动生成公钥和私钥,并且在后面还会重用它们.

• The Data is an array of bytes and stores the encrypted version of the data

        Data变量是一个字节数组,存储被加过密的数据.

• Inside the Encrypt() method we create an instance of CspParameters class and set its Flag property to CspProviderFlags.UseMachineKeyStore. This enumerated value specifies from where the key information should be picked up i.e. from default key container or from machine level key store.

        在Encrypt() 方法中我们创建了CspParameters类的实例,并且设置了CspParameters类的属性Flag 到CspProviderFlags.UseMachineKeyStore.这个枚举值指明了应该被提取的关键信息.

• Then we create new instance of RSACryptoServiceProvider class passing the CspParameters instance.

        然后我们创建一个新的RSACryptoServiceProvider类来传递CspParameters 类的实例.

• We then call Encrypt() method of RSACryptoServiceProvider class and pass data to be encrypted. Since this parameter is byte array we convert our string into byte array using GetBytes() method. The second parameter of the method indicates whether to use OAEP padding (true) or PKCS#1 v1.5 padding (false). The former can be used only on Windows XP machines and hence we pass False. The Encrypt() method of RSACryptoServiceProvider class returns a byte array that contains encrypted version of the data.

        然后我们调用RSACryptoServiceProvider 类的方法Encrypt()加密数据.因为参数是字节数组型,我们就要用GetBytes() 方法把要加密的数据转换成字节数组.Encrypt()方法的第2个参数指出是使用OAEP paddingg 还是PKCS#1 v1.5 padding.OAEP paddingg 只能在Windows XP的系统上使用,所以我们用后者,传False.Encrypt()方法将返回一个加密过的数据的字节数组.

• Finally, we fill all the members of MyRSAInfo class and return to the caller. Note how we call ToXmlString() method first passing False and then passing True to get public and private keys respectively.

       最后,我们为所有的MyRSAInfo 类的成员赋值并返回给调用者.注意,我们首先传一个False到ToXmlString()方法得到公钥,再传一个True得到私钥.

Decrypting data 解密数据(译注:以下差不多的,自己看吧!)

• In order to decrypt the data we create a method called Decrypt() that accepts an instance of MyRSAInfo class. This instance must be the one returned by the Encrypt() method explained earlier.
• Inside Decrypt() method we create an instance of RSACryptoServiceProvider class again passing the same CspParameters.
• We then call FromXmlString() method of the RSACryptoServiceProvider class and pass the public key generated before.
• Finally, we call Decrypt() method of RSACryptoServiceProvider class and pass the encrypted data. The second parameter of Decrypt method has the same significance as that of the corresponding parameter of Encrypt() method