c# – 如果丢弃,PasswordDeriveBytes(System.Security.Cryptogra
在使用块中使用PasswordDeriveBytes类(因为它实现了IDisposable,它会处理它)会在第二次使用该类时产生问题.这是代码:
public class AES { protected static CryptoData localCryptoData; static AES() { localCryptoData = new CryptoData(); } public static string Encrypt(CryptoData cryptoData) { using (PasswordDeriveBytes pass = new PasswordDeriveBytes(cryptoData.Password,cryptoData.Salt,"SHA1",2)) using (RijndaelManaged symmetricKey = new RijndaelManaged()) { byte[] keyBytes = pass.GetBytes(cryptoData.KeySize / 8); symmetricKey.Padding = PaddingMode.PKCS7; symmetricKey.Mode = CipherMode.CBC; using (ICryptoTransform encryptor = symmetricKey.CreateEncryptor(keyBytes,cryptoData.InitVector)) using (MemoryStream memoryStream = new MemoryStream()) using (CryptoStream cryptoStream = new CryptoStream(memoryStream,encryptor,CryptoStreamMode.Write)) { cryptoStream.Write(cryptoData.ByteText,cryptoData.ByteText.Length); cryptoStream.FlushFinalBlock(); return Convert.ToBase64String(memoryStream.ToArray()); } } } public static string Decrypt(CryptoData cryptoData) { using (PasswordDeriveBytes pass = new PasswordDeriveBytes(cryptoData.Password,2)) using (RijndaelManaged symmetricKey = new RijndaelManaged()) { byte[] cipherTextBytes = Convert.FromBase64String(cryptoData.Text); byte[] keyBytes = pass.GetBytes(cryptoData.KeySize / 8); symmetricKey.Padding = PaddingMode.PKCS7; symmetricKey.Mode = CipherMode.CBC; using (ICryptoTransform decryptor = symmetricKey.CreateDecryptor(keyBytes,cryptoData.InitVector)) using (MemoryStream memoryStream = new MemoryStream(cipherTextBytes)) using (CryptoStream cryptoStream = new CryptoStream(memoryStream,decryptor,CryptoStreamMode.Read)) { byte[] textBytes = new byte[cipherTextBytes.Length]; int count = cryptoStream.Read(textBytes,textBytes.Length); //throws CryptographicException - Padding is invalid and cannot be removed. return Encoding.UTF8.GetString(textBytes,count); } } } 如果以这种方式使用此类: AES.Encrypt(cryptoData); 首次使用会为您提供正确的AES加密字符串,但如果在尝试解密相同的字符串时失败并出现异常.问题在于,当通过字节数组给出此密码时,从PasswordDeriveBytes类中分配第一个参数(用于从中派生密钥的密码).如果它是一个字符串(由于过载),它可以正常工作. 助手CryptoData类: public class CryptoData { private string text; public string Text { get { return text; } set { text = value; if (value != null) { ByteText = Encoding.ASCII.GetBytes(value); } else { ByteText = null; } } } public byte[] ByteText { get; private set; } public byte[] Password { get; set; } public int KeySize { get; set; } public byte[] InitVector { get; set; } public byte[] Salt { get; set; } } 如果您只是在方法中更改此行: using (PasswordDeriveBytes pass = new PasswordDeriveBytes(cryptoData.Password,2)) 成 using (PasswordDeriveBytes pass = new PasswordDeriveBytes("somePassword",2)) 一切正常.问题是,由于using语句,PasswordDeriveBytes的实例在第二次使用时没有得到密码的字节数组.如果传递了一个字符串,而不是一个字节数组,它就可以工作. 编辑:仔细检查后,似乎密码参数的默认属性设置器中存在问题.它获取数组的指针,这就是它处理它的原因.它应该创建数组的value.clone(),就像salt数组的情况一样.这是一个明确的错误. 我是对的,还是我做错了什么? 编辑: *使用此更改AES.Encrypt()和AES.Decrypt方法中的第一行,它可以工作:* using (PasswordDeriveBytes pass = new PasswordDeriveBytes( (byte[])cryptoData.Password.Clone(),2)) 解决方法
这当然是反直觉和无证的行为,尽管它是否是一个bug可能会被辩论.基本上,当您将密码字节数组传递给构造函数时,PasswordDeriveBytes实例将获得该数组的所有权.这类似于StreamReader获取传递给它的Stream的所有权的方式,并且当它被Disposed时将它Dispose它(此行为也是
criticized,基于类似的理由,这导致在StreamReader构造函数中添加一个布尔参数.NET 4.0,可以防止底层流被处置).
在传递之前克隆字节数组可能是您的最佳选择. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |