【问题标题】:Rijndael Encryption KeysRijndael 加密密钥
【发布时间】:2014-01-11 02:44:23
【问题描述】:

我试图理解为什么下面的代码也不需要您生成 IV 密钥?代码来自:

http://msdn.microsoft.com/en-us/library/sb7w85t6(v=vs.85).aspx

Dim key As RijndaelManaged = Nothing

Try
    ' Create a new Rijndael key.
    key = New RijndaelManaged()

我看到了这个示例代码,但需要您手动生成两个密钥?

代码来自:

http://msdn.microsoft.com/en-us/library/System.Security.Cryptography.RijndaelManaged(v=vs.110).aspx

  Class RijndaelExample

    Public Shared Sub Main()
        Try 

            Dim original As String = "Here is some data to encrypt!" 

            ' Create a new instance of the RijndaelManaged 
            ' class.  This generates a new key and initialization  
            ' vector (IV). 
            Using myRijndael As New RijndaelManaged()

                myRijndael.GenerateKey()
                myRijndael.GenerateIV()

我还计划将密钥硬编码到源代码中(我知道这不是最安全的)......我如何实际存储这些......看起来每次应用程序打开时它都会生成一个新密钥。

【问题讨论】:

    标签: vb.net key store rijndael


    【解决方案1】:

    你是对的,因为它会在你每次运行时创建一个新的密钥和 IV。相反,您应该自己创建一个哈希(用于加密数据,并从您的密码和“盐”派生 - 请参阅http://en.wikipedia.org/wiki/Salt_(cryptography)

    例如,

        SymmetricAlgorithm m_encryption;
        RSACryptoServiceProvider m_rsa;
        Rfc2898DeriveBytes m_hash;
    
        string password = "Pa55w0rd";
        string salt = "this is my salt. There are many like it, but this one is mine.";
    
        public void SetupEncryption()
        {
    
    
            m_encryption = new RijndaelManaged();
            m_hash = new Rfc2898DeriveBytes(password, Encoding.ASCII.GetBytes(salt));
    
            m_encryption.Key = m_hash.GetBytes(m_encryption.KeySize / 8);
            m_encryption.IV = m_hash.GetBytes(m_encryption.BlockSize / 8);
    
        }
    

    正如您所指出的,存储您的盐和密码是非常糟糕的形式!这只是一个展示如何开始的例子。仔细阅读维基百科和其他文章,直到您完全理解其中的原理!

    【讨论】:

      猜你喜欢
      • 2016-05-26
      • 2012-07-20
      • 1970-01-01
      • 2017-08-02
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多