.Net加密與Java互通
文章目錄
- .Net加密與Java互通
- 前言
- RSA
- 生成私鑰和公鑰
- .net加密出數據傳給Java端
- 采用java方給出的公鑰進行加密
- 采用java方給出的私鑰進行解密
- .net 解密來自Java端的數據
- AES
- 帶有向量的AES加密
- 帶有向量的AES解密
- 無向量AES加密
- 無向量AES解密
- SM2(國密)
- SM2加密
- Sm2解密
- 生成密鑰串
- SM3加密
- MD5加密
- Base64
- Base64加密
- Base64解密
- DES
- DES加密
- DES解密
- SHA1
- 總結
前言
在接口對接過程中我們常常會遇到需要加密和簽名等情況,像經典的RSA,AES,SM2,SM3,各個語言之間的加密都有些小差異,接下來我就總結一下我做.net開發中與java接口對接時發現的差異與解決辦法。
提示:以下是本篇文章正文內容,下面案例可供參考
RSA
這里我們需要引用 Portable.BouncyCastle 包
總所周知RSA加密是對稱加密也就是說在進行加密和解密過程中會用到公鑰和私鑰一般來說,我們都是將私鑰留下,將公鑰送給對方,當對方拿到我們的公鑰之后,他們傳輸給我們數據的時候需要用公鑰進行加密,我方接收到信息之后,再用我們留下的這個私鑰進行解密。大概流程如下
再此次討論中,我們把A方設定為.net后臺,B方設定為java
這里的重點是他們之間的轉換方法
/// <summary>/// Java轉.net格式(公鑰)/// </summary>/// <param name="JavaPublicKey">Java格式公鑰</param>/// <returns></returns>public static string RSAPublicKeyJava2DotNet(string JavaPublicKey){RsaKeyParameters publicKeyParam = (RsaKeyParameters)PublicKeyFactory.CreateKey(Convert.FromBase64String(JavaPublicKey));return string.Format("<RSAKeyValue><Modulus>{0}</Modulus><Exponent>{1}</Exponent></RSAKeyValue>",Convert.ToBase64String(publicKeyParam.Modulus.ToByteArrayUnsigned()),Convert.ToBase64String(publicKeyParam.Exponent.ToByteArrayUnsigned()));}/// <summary>/// .NET格式轉Java格式(公鑰)/// </summary>/// <param name="cPublicKey">c#的.net格式公鑰</param>/// <returns></returns>public static string RSAPublicKeyDotNet2Java(string cPublicKey){XmlDocument doc = new XmlDocument(); doc.LoadXml(cPublicKey);BigInteger m = new Org.BouncyCastle.Math.BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Modulus")[0].InnerText));BigInteger p = new Org.BouncyCastle.Math.BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Exponent")[0].InnerText));RsaKeyParameters pub = new RsaKeyParameters(false, m, p);SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pub);byte[] serializedPublicBytes = publicKeyInfo.ToAsn1Object().GetDerEncoded();return Convert.ToBase64String(serializedPublicBytes);}/// <summary>/// java格式轉c#(私鑰)/// </summary>/// <param name="JavaPrivateKey">.java私鑰</param>/// <returns></returns>public static string RSAPrivateKeyJava2DotNet(string JavaPrivateKey){RsaPrivateCrtKeyParameters privateKeyParam = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(JavaPrivateKey));return string.Format("<RSAKeyValue><Modulus>{0}</Modulus><Exponent>{1}</Exponent><P>{2}</P><Q>{3}</Q><DP>{4}</DP><DQ>{5}</DQ><InverseQ>{6}</InverseQ><D>{7}</D></RSAKeyValue>",Convert.ToBase64String(privateKeyParam.Modulus.ToByteArrayUnsigned()),Convert.ToBase64String(privateKeyParam.PublicExponent.ToByteArrayUnsigned()),Convert.ToBase64String(privateKeyParam.P.ToByteArrayUnsigned()),Convert.ToBase64String(privateKeyParam.Q.ToByteArrayUnsigned()),Convert.ToBase64String(privateKeyParam.DP.ToByteArrayUnsigned()),Convert.ToBase64String(privateKeyParam.DQ.ToByteArrayUnsigned()),Convert.ToBase64String(privateKeyParam.QInv.ToByteArrayUnsigned()),Convert.ToBase64String(privateKeyParam.Exponent.ToByteArrayUnsigned()));}/// <summary>/// .net格式轉Java(私鑰)/// </summary>/// <param name="cPrivateKey">.net私鑰</param>/// <returns></returns>public static string RSAPrivateKeyDotNet2Java(string cPrivateKey){XmlDocument doc = new XmlDocument();doc.LoadXml(cPrivateKey);BigInteger m = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Modulus")[0].InnerText));BigInteger exp = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Exponent")[0].InnerText));BigInteger d = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("D")[0].InnerText));BigInteger p = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("P")[0].InnerText));BigInteger q = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Q")[0].InnerText));BigInteger dp = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("DP")[0].InnerText));BigInteger dq = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("DQ")[0].InnerText));BigInteger qinv = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("InverseQ")[0].InnerText));RsaPrivateCrtKeyParameters privateKeyParam = new RsaPrivateCrtKeyParameters(m, exp, d, p, q, dp, dq, qinv);PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKeyParam);byte[] serializedPrivateBytes = privateKeyInfo.ToAsn1Object().GetEncoded();return Convert.ToBase64String(serializedPrivateBytes);}生成私鑰和公鑰
這里展示的是.net的密鑰生成方法
/// <summary>/// 生成密鑰/// <param name="privateKey">私鑰</param>/// <param name="publicKey">公鑰</param>/// <param name="keySize">密鑰長度:512,1024,2048,4096,8192</param>/// </summary>public static void Generator(out string privateKey, out string publicKey, int keySize = 1024){RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(keySize);privateKey = rsa.ToXmlString(true); //將RSA算法的私鑰導出到字符串PrivateKey中 參數為true表示導出私鑰 true 表示同時包含 RSA 公鑰和私鑰;false 表示僅包含公鑰。publicKey = rsa.ToXmlString(false); //將RSA算法的公鑰導出到字符串PublicKey中 參數為false表示不導出私鑰 true 表示同時包含 RSA 公鑰和私鑰;false 表示僅包含公鑰。}.net加密出數據傳給Java端
采用java方給出的公鑰進行加密
public static string RSAEncryptByJavaPublicKey(string javaPublicKey, string data){string xml = Pem2XmlPublic(javaPublicKey);RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();rsa.FromXmlString(xml);// 加密using (SHA1CryptoServiceProvider sha1 = new SHA1CryptoServiceProvider()){byte[] dataToEncrypt = Encoding.UTF8.GetBytes(data);byte[] digest = sha1.ComputeHash(dataToEncrypt);// 使用RSA的OAEP填充進行加密return Convert.ToBase64String(rsa.Encrypt(digest, false));}}/// <summary>/// RSA公鑰格式轉換,java->.net/// </summary>/// <param name="keyInfoData">java生成的公鑰</param>/// <returns>.net公鑰</returns>private static string RSAPublicKeyJava2DotNet(byte[] keyInfoData){RsaKeyParameters publicKeyParam = (RsaKeyParameters)PublicKeyFactory.CreateKey(keyInfoData);return string.Format("<RSAKeyValue><Modulus>{0}</Modulus><Exponent>{1}</Exponent></RSAKeyValue>",Convert.ToBase64String(publicKeyParam.Modulus.ToByteArrayUnsigned()),Convert.ToBase64String(publicKeyParam.Exponent.ToByteArrayUnsigned()));}private static string Pem2XmlPublic(string pemFileConent){pemFileConent = pemFileConent.Replace("-----BEGIN PUBLIC KEY-----", "").Replace("-----END PUBLIC KEY-----", "").Replace("\n", "").Replace("\r", "");var data = Convert.FromBase64String(pemFileConent);return RSAPublicKeyJava2DotNet(data);}采用java方給出的私鑰進行解密
/// <summary> /// RSA解密 載入私鑰,解密數據 /// </summary> /// <param name="privateKey">私鑰</param> /// <param name="decryptstring">待解密的字符串</param> public static string RsaDecrypt(string privateKey, string decryptstring){using (var rsaProvider = new RSACryptoServiceProvider()){string key = RSAPrivateKeyJava2DotNet(privateKey);rsaProvider.FromXmlString(key); //載入私鑰 var encryptedBytes = Convert.FromBase64String(decryptstring); //將傳入的字符串轉化為字節流 //var outputStream = new MemoryStream(encryptedBytes);var bufferSize = rsaProvider.KeySize / 8;var buffer = new byte[bufferSize];using (MemoryStream inputStream = new MemoryStream(encryptedBytes), outputStream = new MemoryStream()){while (true){int readSize = inputStream.Read(buffer, 0, bufferSize);if (readSize <= 0){break;}var temp = new byte[readSize];Array.Copy(buffer, 0, temp, 0, readSize);var decryptedBytes = rsaProvider.Decrypt(temp, false);outputStream.Write(decryptedBytes, 0, decryptedBytes.Length);}return Encoding.UTF8.GetString(outputStream.ToArray()); //轉化為字符串 }}}/// <summary>/// .java格式私鑰轉c#使用的.net格式密鑰/// </summary>/// <param name="JavaPrivateKey">.java密鑰</param>/// <returns></returns>public static string RSAPrivateKeyJava2DotNet(string JavaPrivateKey){RsaPrivateCrtKeyParameters privateKeyParam = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(JavaPrivateKey));return string.Format("<RSAKeyValue><Modulus>{0}</Modulus><Exponent>{1}</Exponent><P>{2}</P><Q>{3}</Q><DP>{4}</DP><DQ>{5}</DQ><InverseQ>{6}</InverseQ><D>{7}</D></RSAKeyValue>",Convert.ToBase64String(privateKeyParam.Modulus.ToByteArrayUnsigned()),Convert.ToBase64String(privateKeyParam.PublicExponent.ToByteArrayUnsigned()),Convert.ToBase64String(privateKeyParam.P.ToByteArrayUnsigned()),Convert.ToBase64String(privateKeyParam.Q.ToByteArrayUnsigned()),Convert.ToBase64String(privateKeyParam.DP.ToByteArrayUnsigned()),Convert.ToBase64String(privateKeyParam.DQ.ToByteArrayUnsigned()),Convert.ToBase64String(privateKeyParam.QInv.ToByteArrayUnsigned()),Convert.ToBase64String(privateKeyParam.Exponent.ToByteArrayUnsigned()));}
.net 解密來自Java端的數據
注意這里解密的數據是java端采用.net提供的公鑰進行加密后的數據。
//將之前生成的Base64字符串轉為Xml格式private static string ToXmlPrivateKey(string privateKey){RsaPrivateCrtKeyParameters privateKeyParams =PrivateKeyFactory.CreateKey(Convert.FromBase64String(privateKey)) as RsaPrivateCrtKeyParameters;using(RSACryptoServiceProvider rsa = new RSACryptoServiceProvider()){RSAParameters rsaParams = new RSAParameters(){Modulus = privateKeyParams.Modulus.ToByteArrayUnsigned(),Exponent = privateKeyParams.PublicExponent.ToByteArrayUnsigned(),D = privateKeyParams.Exponent.ToByteArrayUnsigned(),DP = privateKeyParams.DP.ToByteArrayUnsigned(),DQ = privateKeyParams.DQ.ToByteArrayUnsigned(),P = privateKeyParams.P.ToByteArrayUnsigned(),Q = privateKeyParams.Q.ToByteArrayUnsigned(),InverseQ = privateKeyParams.QInv.ToByteArrayUnsigned()};rsa.ImportParameters(rsaParams);return rsa.ToXmlString(true);}}public string RSADecrypt(string PrivateKey, string decryptString) { try { string xmlPrivateKey=ToXmlPrivateKey(PrivateKey);byte[] PlainTextBArray; byte[] DypherTextBArray; string Result; System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(xmlPrivateKey); PlainTextBArray = Convert.FromBase64String(decryptString); DypherTextBArray = rsa.Decrypt(PlainTextBArray, false); Result = (new UnicodeEncoding()).GetString(DypherTextBArray); return Result; } catch (Exception ex) { throw ex; } }
AES
帶有向量的AES加密
/// <summary>/// AES加密/// </summary>/// <param name="text">明文字符串</param>/// <param name="key">秘鑰</param>/// <param name="iv">加密輔助向量</param>/// <returns>密文</returns>public static string AESEncrypt(string text, string key, string iv){RijndaelManaged rijndaelCipher = new RijndaelManaged();rijndaelCipher.Mode = CipherMode.CBC;rijndaelCipher.Padding = PaddingMode.PKCS7;rijndaelCipher.KeySize = 128;rijndaelCipher.BlockSize = 128;byte[] pwdBytes = System.Text.Encoding.UTF8.GetBytes(key);byte[] keyBytes = new byte[16];int len = pwdBytes.Length;if (len > keyBytes.Length) len = keyBytes.Length;System.Array.Copy(pwdBytes, keyBytes, len);rijndaelCipher.Key = keyBytes;byte[] ivBytes = System.Text.Encoding.UTF8.GetBytes(iv);rijndaelCipher.IV = ivBytes;ICryptoTransform transform = rijndaelCipher.CreateEncryptor();byte[] plainText = Encoding.UTF8.GetBytes(text);byte[] cipherBytes = transform.TransformFinalBlock(plainText, 0, plainText.Length);return Convert.ToBase64String(cipherBytes);}
帶有向量的AES解密
/// <summary>
/// AES解密
/// </summary>
/// <param name="text">加密字符串</param>
/// <param name="key">秘鑰</param>
/// <param name="iv">加密輔助向量</param>
/// <returns>明文</returns>
public static string AESDecrypt(string text, string key, string iv)
{try{///空格替換為+ 否則解密會失敗byte[] EncryptedBytes = Convert.FromBase64String(text.Replace(" ", "+"));//Setup the AES provider for decrypting. AesCryptoServiceProvider aesProvider = new AesCryptoServiceProvider();aesProvider.Key = System.Text.Encoding.UTF8.GetBytes(key);aesProvider.IV = System.Text.Encoding.UTF8.GetBytes(iv);aesProvider.Padding = PaddingMode.None;aesProvider.Mode = CipherMode.CBC;ICryptoTransform cryptoTransform = aesProvider.CreateDecryptor(aesProvider.Key, aesProvider.IV);byte[] DecryptedBytes = cryptoTransform.TransformFinalBlock(EncryptedBytes, 0, EncryptedBytes.Length);string result = System.Text.Encoding.UTF8.GetString(DecryptedBytes).Replace("\0", "");return result;}catch(Exception ex){return ex.Message;}
}
無向量AES加密
/// <summary>/// AES加密(無向量)/// </summary>/// <param name="plainBytes">被加密的明文</param>/// <param name="key">密鑰</param>/// <returns>密文</returns>public static string AESEncrypt(string Data, string Key,int KeySize=128){MemoryStream mStream = new MemoryStream();RijndaelManaged aes = new RijndaelManaged();byte[] plainBytes = Encoding.UTF8.GetBytes(Data);Byte[] bKey = new Byte[32];Array.Copy(Encoding.UTF8.GetBytes(Key.PadRight(bKey.Length)), bKey, bKey.Length);aes.Mode = CipherMode.ECB;aes.Padding = PaddingMode.PKCS7;aes.KeySize = KeySize;//aes.Key = _key;aes.Key = bKey;//aes.IV = _iV;CryptoStream cryptoStream = new CryptoStream(mStream, aes.CreateEncryptor(), CryptoStreamMode.Write);try{cryptoStream.Write(plainBytes, 0, plainBytes.Length);cryptoStream.FlushFinalBlock();return Convert.ToBase64String(mStream.ToArray());}finally{cryptoStream.Close();mStream.Close();aes.Clear();}}
無向量AES解密
/// <summary>/// AES解密(無向量)/// </summary>/// <param name="encryptedBytes">被加密的明文</param>/// <param name="key">密鑰</param>/// <returns>明文</returns>public static string AESDecrypt(string Data, string Key){Byte[] encryptedBytes = Convert.FromBase64String(Data);Byte[] bKey = new Byte[32];Array.Copy(Encoding.UTF8.GetBytes(Key.PadRight(bKey.Length)), bKey, bKey.Length);MemoryStream mStream = new MemoryStream(encryptedBytes);//mStream.Write( encryptedBytes, 0, encryptedBytes.Length );//mStream.Seek( 0, SeekOrigin.Begin );RijndaelManaged aes = new RijndaelManaged();aes.Mode = CipherMode.ECB;aes.Padding = PaddingMode.PKCS7;aes.KeySize = 128;aes.Key = bKey;//aes.IV = _iV;CryptoStream cryptoStream = new CryptoStream(mStream, aes.CreateDecryptor(), CryptoStreamMode.Read);try{byte[] tmp = new byte[encryptedBytes.Length + 32];int len = cryptoStream.Read(tmp, 0, encryptedBytes.Length + 32);byte[] ret = new byte[len];Array.Copy(tmp, 0, ret, 0, len);return Encoding.UTF8.GetString(ret);}finally{cryptoStream.Close();mStream.Close();aes.Clear();}}
SM2(國密)
這里我要分享的也是java和.net之間互相傳遞過程中的細節問題
這里要用到:BouncyCastle.Crypto包
下載地址:https://www.bouncycastle.org/download/bouncy-castle-c/
以下是相關幫助類:
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.GM;
using Org.BouncyCastle.Asn1.X9;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Digests;
using Org.BouncyCastle.Crypto.Engines;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Utilities;
using Org.BouncyCastle.Utilities.Encoders;
using Org.BouncyCastle.X509;
using System;
using System.Collections.Generic;
using System.IO;namespace CommonUtils
{/*** 用BC的注意點:* 這個版本的BC對SM3withSM2的結果為asn1格式的r和s,如果需要直接拼接的r||s需要自己轉換。下面rsAsn1ToPlainByteArray、rsPlainByteArrayToAsn1就在干這事。* 這個版本的BC對SM2的結果為C1||C2||C3,據說為舊標準,新標準為C1||C3||C2,用新標準的需要自己轉換。下面(被注釋掉的)changeC1C2C3ToC1C3C2、changeC1C3C2ToC1C2C3就在干這事。java版的高版本有加上C1C3C2,csharp版沒準以后也會加,但目前還沒有,java版的目前可以初始化時“ SM2Engine sm2Engine = new SM2Engine(SM2Engine.Mode.C1C3C2);”。* * 按要求國密算法僅允許使用加密機,本demo國密算法僅供學習使用,請不要用于生產用途。*/public class GmUtil{//private static readonly ILog log = LogManager.GetLogger(typeof(GmUtil));private static X9ECParameters x9ECParameters = GMNamedCurves.GetByName("sm2p256v1");private static ECDomainParameters ecDomainParameters = new ECDomainParameters(x9ECParameters.Curve, x9ECParameters.G, x9ECParameters.N);/**** @param msg* @param userId* @param privateKey* @return r||s,直接拼接byte數組的rs*/public static byte[] SignSm3WithSm2(byte[] msg, byte[] userId, AsymmetricKeyParameter privateKey){return RsAsn1ToPlainByteArray(SignSm3WithSm2Asn1Rs(msg, userId, privateKey));}/*** @param msg* @param userId* @param privateKey* @return rs in <b>asn1 format</b>*/public static byte[] SignSm3WithSm2Asn1Rs(byte[] msg, byte[] userId, AsymmetricKeyParameter privateKey){try{ISigner signer = SignerUtilities.GetSigner("SM3withSM2");signer.Init(true, new ParametersWithID(privateKey, userId));signer.BlockUpdate(msg, 0, msg.Length);byte[] sig = signer.GenerateSignature();return sig;}catch (Exception e){//log.Error("SignSm3WithSm2Asn1Rs error: " + e.Message, e);return null;}}/**** @param msg* @param userId* @param rs r||s,直接拼接byte數組的rs* @param publicKey* @return*/public static bool VerifySm3WithSm2(byte[] msg, byte[] userId, byte[] rs, AsymmetricKeyParameter publicKey){if (rs == null || msg == null || userId == null) return false;if (rs.Length != RS_LEN * 2) return false;return VerifySm3WithSm2Asn1Rs(msg, userId, RsPlainByteArrayToAsn1(rs), publicKey);}/**** @param msg* @param userId* @param rs in <b>asn1 format</b>* @param publicKey* @return*/public static bool VerifySm3WithSm2Asn1Rs(byte[] msg, byte[] userId, byte[] sign, AsymmetricKeyParameter publicKey){try{ISigner signer = SignerUtilities.GetSigner("SM3withSM2");signer.Init(false, new ParametersWithID(publicKey, userId));signer.BlockUpdate(msg, 0, msg.Length);return signer.VerifySignature(sign);}catch (Exception e){//log.Error("VerifySm3WithSm2Asn1Rs error: " + e.Message, e);return false;}}/*** bc加解密使用舊標c1||c2||c3,此方法在加密后調用,將結果轉化為c1||c3||c2* @param c1c2c3* @return*/private static byte[] ChangeC1C2C3ToC1C3C2(byte[] c1c2c3){int c1Len = (x9ECParameters.Curve.FieldSize + 7) / 8 * 2 + 1; //sm2p256v1的這個固定65。可看GMNamedCurves、ECCurve代碼。const int c3Len = 32; //new SM3Digest().getDigestSize();byte[] result = new byte[c1c2c3.Length];Buffer.BlockCopy(c1c2c3, 0, result, 0, c1Len); //c1Buffer.BlockCopy(c1c2c3, c1c2c3.Length - c3Len, result, c1Len, c3Len); //c3Buffer.BlockCopy(c1c2c3, c1Len, result, c1Len + c3Len, c1c2c3.Length - c1Len - c3Len); //c2return result;}/*** bc加解密使用舊標c1||c3||c2,此方法在解密前調用,將密文轉化為c1||c2||c3再去解密* @param c1c3c2* @return*/private static byte[] ChangeC1C3C2ToC1C2C3(byte[] c1c3c2){int c1Len = (x9ECParameters.Curve.FieldSize + 7) / 8 * 2 + 1; //sm2p256v1的這個固定65。可看GMNamedCurves、ECCurve代碼。const int c3Len = 32; //new SM3Digest().GetDigestSize();byte[] result = new byte[c1c3c2.Length];Buffer.BlockCopy(c1c3c2, 0, result, 0, c1Len); //c1: 0->65Buffer.BlockCopy(c1c3c2, c1Len + c3Len, result, c1Len, c1c3c2.Length - c1Len - c3Len); //c2Buffer.BlockCopy(c1c3c2, c1Len, result, c1c3c2.Length - c3Len, c3Len); //c3return result;}/*** c1||c3||c2* @param data* @param key* @return*/public static byte[] Sm2Decrypt(byte[] data, AsymmetricKeyParameter key){return Sm2DecryptOld(ChangeC1C3C2ToC1C2C3(data), key);}/*** c1||c3||c2* @param data* @param key* @return*/public static byte[] Sm2Encrypt(byte[] data, AsymmetricKeyParameter key){return ChangeC1C2C3ToC1C3C2(Sm2EncryptOld(data, key));}/*** c1||c2||c3* @param data* @param key* @return*/public static byte[] Sm2EncryptOld(byte[] data, AsymmetricKeyParameter pubkey){try{SM2Engine sm2Engine = new SM2Engine();sm2Engine.Init(true, new ParametersWithRandom(pubkey, new SecureRandom()));return sm2Engine.ProcessBlock(data, 0, data.Length);}catch (Exception e){//log.Error("Sm2EncryptOld error: " + e.Message, e);return null;}}/*** c1||c2||c3* @param data* @param key* @return*/public static byte[] Sm2DecryptOld(byte[] data, AsymmetricKeyParameter key){try{SM2Engine sm2Engine = new SM2Engine();sm2Engine.Init(false, key);return sm2Engine.ProcessBlock(data, 0, data.Length);}catch (Exception e){//log.Error("Sm2DecryptOld error: " + e.Message, e);return null;}}/*** @param bytes* @return*/public static byte[] Sm3(byte[] bytes){try{SM3Digest digest = new SM3Digest();digest.BlockUpdate(bytes, 0, bytes.Length);byte[] result = DigestUtilities.DoFinal(digest);return result;}catch (Exception e){//log.Error("Sm3 error: " + e.Message, e);return null;}}private const int RS_LEN = 32;private static byte[] BigIntToFixexLengthBytes(BigInteger rOrS){// for sm2p256v1, n is 00fffffffeffffffffffffffffffffffff7203df6b21c6052b53bbf40939d54123,// r and s are the result of mod n, so they should be less than n and have length<=32byte[] rs = rOrS.ToByteArray();if (rs.Length == RS_LEN) return rs;else if (rs.Length == RS_LEN + 1 && rs[0] == 0) return Arrays.CopyOfRange(rs, 1, RS_LEN + 1);else if (rs.Length < RS_LEN){byte[] result = new byte[RS_LEN];Arrays.Fill(result, (byte)0);Buffer.BlockCopy(rs, 0, result, RS_LEN - rs.Length, rs.Length);return result;}else{throw new ArgumentException("err rs: " + Hex.ToHexString(rs));}}/*** BC的SM3withSM2簽名得到的結果的rs是asn1格式的,這個方法轉化成直接拼接r||s* @param rsDer rs in asn1 format* @return sign result in plain byte array*/private static byte[] RsAsn1ToPlainByteArray(byte[] rsDer){Asn1Sequence seq = Asn1Sequence.GetInstance(rsDer);byte[] r = BigIntToFixexLengthBytes(DerInteger.GetInstance(seq[0]).Value);byte[] s = BigIntToFixexLengthBytes(DerInteger.GetInstance(seq[1]).Value);byte[] result = new byte[RS_LEN * 2];Buffer.BlockCopy(r, 0, result, 0, r.Length);Buffer.BlockCopy(s, 0, result, RS_LEN, s.Length);return result;}/*** BC的SM3withSM2驗簽需要的rs是asn1格式的,這個方法將直接拼接r||s的字節數組轉化成asn1格式* @param sign in plain byte array* @return rs result in asn1 format*/private static byte[] RsPlainByteArrayToAsn1(byte[] sign){if (sign.Length != RS_LEN * 2) throw new ArgumentException("err rs. ");BigInteger r = new BigInteger(1, Arrays.CopyOfRange(sign, 0, RS_LEN));BigInteger s = new BigInteger(1, Arrays.CopyOfRange(sign, RS_LEN, RS_LEN * 2));Asn1EncodableVector v = new Asn1EncodableVector();v.Add(new DerInteger(r));v.Add(new DerInteger(s));try{return new DerSequence(v).GetEncoded("DER");}catch (IOException e){//log.Error("RsPlainByteArrayToAsn1 error: " + e.Message, e);return null;}}public static AsymmetricCipherKeyPair GenerateKeyPair(){try{ECKeyPairGenerator kpGen = new ECKeyPairGenerator();kpGen.Init(new ECKeyGenerationParameters(ecDomainParameters, new SecureRandom()));return kpGen.GenerateKeyPair();}catch (Exception e){//log.Error("generateKeyPair error: " + e.Message, e);return null;}}public static ECPrivateKeyParameters GetPrivatekeyFromD(BigInteger d){return new ECPrivateKeyParameters(d, ecDomainParameters);}public static ECPublicKeyParameters GetPublickeyFromXY(BigInteger x, BigInteger y){return new ECPublicKeyParameters(x9ECParameters.Curve.CreatePoint(x, y), ecDomainParameters);}public static AsymmetricKeyParameter GetPublickeyFromX509File(FileInfo file){FileStream fileStream = null;try{//file.DirectoryName + "\\" + file.NamefileStream = new FileStream(file.FullName, FileMode.Open, FileAccess.Read);X509Certificate certificate = new X509CertificateParser().ReadCertificate(fileStream);return certificate.GetPublicKey();}catch (Exception e){//log.Error(file.Name + "讀取失敗,異常:" + e);}finally{if (fileStream != null)fileStream.Close();}return null;}public class Sm2Cert{public AsymmetricKeyParameter privateKey;public AsymmetricKeyParameter publicKey;public String certId;}private static byte[] ToByteArray(int i){byte[] byteArray = new byte[4];byteArray[0] = (byte)(i >> 24);byteArray[1] = (byte)((i & 0xFFFFFF) >> 16);byteArray[2] = (byte)((i & 0xFFFF) >> 8);byteArray[3] = (byte)(i & 0xFF);return byteArray;}/*** 字節數組拼接** @param params* @return*/private static byte[] Join(params byte[][] byteArrays){List<byte> byteSource = new List<byte>();for (int i = 0; i < byteArrays.Length; i++){byteSource.AddRange(byteArrays[i]);}byte[] data = byteSource.ToArray();return data;}/*** 密鑰派生函數** @param Z* @param klen* 生成klen字節數長度的密鑰* @return*/private static byte[] KDF(byte[] Z, int klen){int ct = 1;int end = (int)Math.Ceiling(klen * 1.0 / 32);List<byte> byteSource = new List<byte>();try{for (int i = 1; i < end; i++){byteSource.AddRange(GmUtil.Sm3(Join(Z, ToByteArray(ct))));ct++;}byte[] last = GmUtil.Sm3(Join(Z, ToByteArray(ct)));if (klen % 32 == 0){byteSource.AddRange(last);}elsebyteSource.AddRange(Arrays.CopyOfRange(last, 0, klen % 32));return byteSource.ToArray();}catch (Exception e){//log.Error("KDF error: " + e.Message, e);}return null;}public static byte[] Sm4DecryptCBC(byte[] keyBytes, byte[] cipher, byte[] iv, String algo){if (keyBytes.Length != 16) throw new ArgumentException("err key length");if (cipher.Length % 16 != 0 && algo.Contains("NoPadding")) throw new ArgumentException("err data length");try{KeyParameter key = ParameterUtilities.CreateKeyParameter("SM4", keyBytes);IBufferedCipher c = CipherUtilities.GetCipher(algo);if (iv == null) iv = ZeroIv(algo);c.Init(false, new ParametersWithIV(key, iv));return c.DoFinal(cipher);}catch (Exception e){//log.Error("Sm4DecryptCBC error: " + e.Message, e);return null;}}public static byte[] Sm4EncryptCBC(byte[] keyBytes, byte[] plain, byte[] iv, String algo){if (keyBytes.Length != 16) throw new ArgumentException("err key length");if (plain.Length % 16 != 0 && algo.Contains("NoPadding")) throw new ArgumentException("err data length");try{KeyParameter key = ParameterUtilities.CreateKeyParameter("SM4", keyBytes);IBufferedCipher c = CipherUtilities.GetCipher(algo);if (iv == null) iv = ZeroIv(algo);c.Init(true, new ParametersWithIV(key, iv));return c.DoFinal(plain);}catch (Exception e){//log.Error("Sm4EncryptCBC error: " + e.Message, e);return null;}}public static byte[] Sm4EncryptECB(byte[] keyBytes, byte[] plain, string algo){if (keyBytes.Length != 16) throw new ArgumentException("err key length");//NoPadding 的情況下需要校驗數據長度是16的倍數.if (plain.Length % 16 != 0 && algo.Contains("NoPadding")) throw new ArgumentException("err data length");try{KeyParameter key = ParameterUtilities.CreateKeyParameter("SM4", keyBytes);IBufferedCipher c = CipherUtilities.GetCipher(algo);c.Init(true, key);return c.DoFinal(plain);}catch (Exception e){//log.Error("Sm4EncryptECB error: " + e.Message, e);return null;}}public static byte[] Sm4DecryptECB(byte[] keyBytes, byte[] cipher, string algo){if (keyBytes.Length != 16) throw new ArgumentException("err key length");if (cipher.Length % 16 != 0 && algo.Contains("NoPadding")) throw new ArgumentException("err data length");try{KeyParameter key = ParameterUtilities.CreateKeyParameter("SM4", keyBytes);IBufferedCipher c = CipherUtilities.GetCipher(algo);c.Init(false, key);return c.DoFinal(cipher);}catch (Exception e){//log.Error("Sm4DecryptECB error: " + e.Message, e);return null;}}public const String SM4_ECB_NOPADDING = "SM4/ECB/NoPadding";public const String SM4_CBC_NOPADDING = "SM4/CBC/NoPadding";public const String SM4_CBC_PKCS7PADDING = "SM4/CBC/PKCS7Padding";/*** cfca官網CSP沙箱導出的sm2文件* @param pem 二進制原文* @param pwd 密碼* @return*/public static Sm2Cert readSm2File(byte[] pem, String pwd){Sm2Cert sm2Cert = new Sm2Cert();try{Asn1Sequence asn1Sequence = (Asn1Sequence)Asn1Object.FromByteArray(pem);// ASN1Integer asn1Integer = (ASN1Integer) asn1Sequence.getObjectAt(0); //version=1Asn1Sequence priSeq = (Asn1Sequence)asn1Sequence[1];//private keyAsn1Sequence pubSeq = (Asn1Sequence)asn1Sequence[2];//public key and x509 cert// ASN1ObjectIdentifier sm2DataOid = (ASN1ObjectIdentifier) priSeq.getObjectAt(0);// ASN1ObjectIdentifier sm4AlgOid = (ASN1ObjectIdentifier) priSeq.getObjectAt(1);Asn1OctetString priKeyAsn1 = (Asn1OctetString)priSeq[2];byte[] key = KDF(System.Text.Encoding.UTF8.GetBytes(pwd), 32);byte[] priKeyD = Sm4DecryptCBC(Arrays.CopyOfRange(key, 16, 32),priKeyAsn1.GetOctets(),Arrays.CopyOfRange(key, 0, 16), SM4_CBC_PKCS7PADDING);sm2Cert.privateKey = GetPrivatekeyFromD(new BigInteger(1, priKeyD));// log.Info(Hex.toHexString(priKeyD));// ASN1ObjectIdentifier sm2DataOidPub = (ASN1ObjectIdentifier) pubSeq.getObjectAt(0);Asn1OctetString pubKeyX509 = (Asn1OctetString)pubSeq[1];X509Certificate x509 = (X509Certificate)new X509CertificateParser().ReadCertificate(pubKeyX509.GetOctets());sm2Cert.publicKey = x509.GetPublicKey();sm2Cert.certId = x509.SerialNumber.ToString(10); //這里轉10進賬,有啥其他進制要求的自己改改return sm2Cert;}catch (Exception e){//log.Error("readSm2File error: " + e.Message, e);return null;}}/**** @param cert* @return*/public static Sm2Cert ReadSm2X509Cert(byte[] cert){Sm2Cert sm2Cert = new Sm2Cert();try{X509Certificate x509 = new X509CertificateParser().ReadCertificate(cert);sm2Cert.publicKey = x509.GetPublicKey();sm2Cert.certId = x509.SerialNumber.ToString(10); //這里轉10進賬,有啥其他進制要求的自己改改return sm2Cert;}catch (Exception e){//log.Error("ReadSm2X509Cert error: " + e.Message, e);return null;}}public static byte[] ZeroIv(String algo){try{IBufferedCipher cipher = CipherUtilities.GetCipher(algo);int blockSize = cipher.GetBlockSize();byte[] iv = new byte[blockSize];Arrays.Fill(iv, (byte)0);return iv;}catch (Exception e){//log.Error("ZeroIv error: " + e.Message, e);return null;}}}
}
SM2加密
注意:publicKey是一個全局變量,是java方提供給.net方的公鑰
格式如下:
/// <summary>/// SM2加密/// </summary>/// <param name="publicKey"></param>/// <param name="message"></param>/// <returns></returns>public string Encrypt(string message){if (publicKey.Length == 130){publicKey = publicKey.Substring(2, 128);}//公鑰X,前64位String x = publicKey.Substring(0, 64);//公鑰Y,后64位String y = publicKey.Substring(64);//獲取公鑰對象AsymmetricKeyParameter publicKey1 = GmUtil.GetPublickeyFromXY(new BigInteger(x, 16), new BigInteger(y, 16));byte[] digestByte = GmUtil.Sm2Encrypt(Encoding.UTF8.GetBytes(message), publicKey1);//如果對方要的是16進制字符串的話需要轉換之后去除04之后直接返回newCipherText 就可以了。//string newCipherText = Hex.ToHexString(digestByte);//if (newCipherText.StartsWith("04"))//{// newCipherText = newCipherText.Substring(2);//}//如果對方要的是base64字符串的話可以直接轉換string newCipherText = Convert.ToBase64String(digestByte);return newCipherText; }
Sm2解密
這里的privateKey也是一個全局變量,是.net這邊自己生成的一對密鑰串(私鑰和公鑰一對一)中的私鑰。
格式如下:
/// <summary>/// SM2解密/// </summary>/// <param name="privateKey"></param>/// <param name="message"></param>/// <returns></returns>public string Decrypt(string message){BigInteger d = new BigInteger(privateKey, 16);AsymmetricKeyParameter bcecPrivateKey = CommonUtils.GmUtil.GetPrivatekeyFromD(d);string datastr = Base64ToHexString(message);if (!datastr.StartsWith("04")){datastr = "04" + datastr;}byte[] byToDecrypt = Hex.Decode(datastr);byte[] byDecrypted = GmUtil.Sm2Decrypt(byToDecrypt, bcecPrivateKey);if (byDecrypted != null && byDecrypted.Length > 0){string strDecrypted = Encoding.UTF8.GetString(byDecrypted);return strDecrypted;}else{return "解密失敗!";}}
生成密鑰串
- 第一種方式:
這里是采用我上面貼出來的幫助類中的方法生成的公鑰和私鑰
AsymmetricCipherKeyPair kp2 = GmUtil.GenerateKeyPair();AsymmetricKeyParameter publicKey2 = kp2.Public;AsymmetricKeyParameter privateKey2 = kp2.Private;
當然還有其他方法可以生成
- 第二種方式:
/// <summary>/// 密鑰生成/// </summary>/// <returns></returns>public static (string, string) GenerateKeyPair(){X9ECParameters sm2Params = GMNamedCurves.GetByName("sm2p256v1");ECDomainParameters domainParams = new ECDomainParameters(sm2Params.Curve, sm2Params.G, sm2Params.N, sm2Params.H);ECKeyPairGenerator keyGen = new ECKeyPairGenerator();SecureRandom random = new SecureRandom();ECKeyGenerationParameters keyGenParam = new ECKeyGenerationParameters(domainParams, random);keyGen.Init(keyGenParam);AsymmetricCipherKeyPair keyPair = keyGen.GenerateKeyPair();ECPrivateKeyParameters privateKeyParams = (ECPrivateKeyParameters)keyPair.Private;ECPublicKeyParameters publicKeyParams = (ECPublicKeyParameters)keyPair.Public;string privateKeyHex = privateKeyParams.D.ToString(16);string publicKeyHex = Hex.ToHexString(publicKeyParams.Q.GetEncoded());return (privateKeyHex, publicKeyHex);}
SM3加密
/// <summary>/// SM3生成加密/// </summary>/// <param name="input"></param>/// <returns></returns>public static string SM3Encrypt(string input){byte[] dataBytes = Encoding.GetEncoding("UTF-8").GetBytes(input);SM3Digest sm3Digest = new SM3Digest();sm3Digest.BlockUpdate(dataBytes, 0, dataBytes.Length);byte[] ret = new byte[sm3Digest.GetDigestSize()];sm3Digest.DoFinal(ret, 0);return Hex.ToHexString(ret);}
MD5加密
public string MD5Encrypt(string input){if (string.IsNullOrEmpty(input)) input= "";MD5 md5Hash = MD5.Create();byte[] data = md5Hash.ComputeHash(Encoding.UTF8.GetBytes(input)); StringBuilder sBuilder = new StringBuilder(); for (int i = 0; i < data.Length; i++){sBuilder.Append(data[i].ToString("x2"));} return sBuilder.ToString(); }
Base64
Base64加密
/// <summary>/// Base64加密,采用utf8編碼方式加密/// </summary>/// <param name="source">待加密的明文</param>/// <returns>加密后的字符串</returns>public static string Base64Encode(string source){return Base64Encode(Encoding.UTF8, source);}/// <summary>/// Base64加密/// </summary>/// <param name="encodeType">加密采用的編碼方式</param>/// <param name="source">待加密的明文</param>/// <returns></returns>public static string Base64Encode(Encoding encodeType, string source){string encode = string.Empty;byte[] bytes = encodeType.GetBytes(source);try{encode = Convert.ToBase64String(bytes);}catch{encode = source;}return encode;}
Base64解密
/// <summary>/// Base64解密,采用utf8編碼方式解密/// </summary>/// <param name="result">待解密的密文</param>/// <returns>解密后的字符串</returns>public static string Base64Decode(string result){return Base64Decode(Encoding.UTF8, result);}/// <summary>/// Base64解密/// </summary>/// <param name="encodeType">解密采用的編碼方式,注意和加密時采用的方式一致</param>/// <param name="result">待解密的密文</param>/// <returns>解密后的字符串</returns>public static string Base64Decode(Encoding encodeType, string result){string decode = string.Empty;byte[] bytes = Convert.FromBase64String(result);try{decode = encodeType.GetString(bytes);}catch{decode = result;}return decode;}
DES
//默認密鑰向量private static byte[] Keys = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };private static string DESKey = "CQYRZHXG";
DES加密
/// <summary>/// <summary>/// 加密【可逆】/// </summary>/// <param name="Text">需要加密的字符串</param>/// <param name="DESKey">加密密鑰,要求為8位</param>/// <returns></returns>public static string Encrypt(string Text){return EncryptDES(Text, DESKey);}/// <summary> /// 加密數據/// </summary> /// <param name="Text"></param> /// <param name="sKey"></param> /// <returns></returns> /// DES加密字符串/// </summary>/// <param name="encryptString">待加密的字符串</param>/// <param name="encryptKey">加密密鑰,要求為8位</param>/// <returns>加密成功返回加密后的字符串,失敗返回源串</returns>public static string EncryptDES(string encryptString, string encryptKey){try{byte[] rgbKey = Encoding.UTF8.GetBytes(encryptKey.Substring(0, 8));byte[] rgbIV = Keys;byte[] inputByteArray = Encoding.UTF8.GetBytes(encryptString);DESCryptoServiceProvider dCSP = new DESCryptoServiceProvider();MemoryStream mStream = new MemoryStream();CryptoStream cStream = new CryptoStream(mStream, dCSP.CreateEncryptor(rgbKey, rgbIV), CryptoStreamMode.Write);cStream.Write(inputByteArray, 0, inputByteArray.Length);cStream.FlushFinalBlock();return Convert.ToBase64String(mStream.ToArray());}catch{return encryptString;}}
DES解密
/// <summary>/// 解密/// </summary>/// <param name="Text">需要解密的字符串</param>/// <returns></returns>public static string Decrypt(string Text){if (!string.IsNullOrEmpty(Text)){return DecryptDES(Text, DESKey);}else{return "";}}/// <summary>/// DES解密字符串/// </summary>/// <param name="decryptString">待解密的字符串</param>/// <param name="decryptKey">解密密鑰,要求為8位,和加密密鑰相同</param>/// <returns>解密成功返回解密后的字符串,失敗返源串</returns>public static string DecryptDES(string decryptString, string decryptKey){try{byte[] rgbKey = Encoding.UTF8.GetBytes(decryptKey);byte[] rgbIV = Keys;byte[] inputByteArray = Convert.FromBase64String(decryptString);DESCryptoServiceProvider DCSP = new DESCryptoServiceProvider();MemoryStream mStream = new MemoryStream();CryptoStream cStream = new CryptoStream(mStream, DCSP.CreateDecryptor(rgbKey, rgbIV), CryptoStreamMode.Write);cStream.Write(inputByteArray, 0, inputByteArray.Length);cStream.FlushFinalBlock();return Encoding.UTF8.GetString(mStream.ToArray());}catch{return decryptString;}}
SHA1
- 第一種方法:
/// <summary>/// SHA1 加密,返回大寫字符串/// </summary>/// <param name="content">需要加密字符串</param>/// <returns>返回40位UTF8 大寫</returns>public static string SHA1(string content){return SHA1(content, Encoding.UTF8);}/// <summary>/// SHA1 加密,返回大寫字符串/// </summary>/// <param name="content">需要加密字符串</param>/// <param name="encode">指定加密編碼</param>/// <returns>返回40位大寫字符串</returns>private static string SHA1(string content, Encoding encode){try{SHA1 sha1 = new SHA1CryptoServiceProvider();byte[] bytes_in = encode.GetBytes(content);byte[] bytes_out = sha1.ComputeHash(bytes_in);sha1.Dispose();string result = BitConverter.ToString(bytes_out);result = result.Replace("-", "");return result;}catch (Exception ex){throw new Exception("SHA1加密出錯:" + ex.Message);}}
- 第二種方法:
public string SHA1Encrypt(string Source_String){byte[] StrRes = Encoding.Default.GetBytes(Source_String);HashAlgorithm iSHA = new SHA1CryptoServiceProvider();StrRes = iSHA.ComputeHash(StrRes);StringBuilder EnText = new StringBuilder();foreach (byte iByte in StrRes){EnText.AppendFormat("{0:x2}", iByte);}return EnText.ToString();}
總結
以上就是常用的加密和解密方式。希望對大家有所幫助,對于加密和解密不用過多在意他們的計算公式和原理。咱們只管開發就好,過于追求真理只會延遲開發進度。
)
詳解——自動裝配——手動裝配與自動裝配的區別)
和 TCB(任務控制塊))
)
