0

出于某种原因,我从使用相同加密密钥的 OracleDMBS_CRYPTO和 .NET 实现中得到了不同的编码结果。DESCryptoServiceProvider

对于我正在使用DBMS_CRYPTO.ENCRYPT具有以下加密类型的函数的数据库:

   encryption_type    PLS_INTEGER := DBMS_CRYPTO.ENCRYPT_DES
                                + DBMS_CRYPTO.CHAIN_CBC
                                +DBMS_CRYPTO.PAD_PKCS5;

数据库功能

 FUNCTION encrypt (p_plainText VARCHAR2) RETURN RAW DETERMINISTIC
 IS
    encrypted_raw      RAW (2000);
 BEGIN
    encrypted_raw := DBMS_CRYPTO.ENCRYPT
    (
       src => UTL_RAW.CAST_TO_RAW (p_plainText),
       typ => encryption_type,
       key => encryption_key
    );
   RETURN encrypted_raw;
 END encrypt;

这是 C# 部分:

            DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider();
        MemoryStream memoryStream = new MemoryStream();
        CryptoStream cryptoStream = new CryptoStream(memoryStream,
            cryptoProvider.CreateEncryptor(bytes, bytes), CryptoStreamMode.Write);
        StreamWriter writer = new StreamWriter(cryptoStream);
        writer.Write(originalString);
        writer.Flush();
        cryptoStream.FlushFinalBlock();
        writer.Flush();
        return Convert.ToBase64String(memoryStream.GetBuffer(), 0, (int)memoryStream.Length);

产生不同加密结果的原因可能是什么?

4

3 回答 3

2

.NET 和 Oracle 加密之间存在基本区别。

例如,Oracle 的十六进制默认初始化值 (IV) 是“0123456789ABCDEF”。.NET 的十六进制默认初始化值 (IV) 是“C992C3154997E0FB”。此外,.NET 中有几个填充模式选项:ANSIX923、Zeros、ISO10126、PKCS7 和 None。

在下面的示例代码中,您应该可以不使用用于自定义填充的两行代码,并将填充模式指定为 ANSIX923。我们不得不接受 DBA 的失误,他们决定用波浪号“~”字符填充字符串,所以我包含了代码作为示例,它可以帮助处于类似情况的其他人。

下面是一组适用于我们解决方案的简单方法:

    private static string EncryptForOracle(string message, string key)
    {

        string iv = "0123456789ABCDEF";

        int lengthOfPaddedString;
        message = PadMessageWithCustomChar(message, out lengthOfPaddedString);

        byte[] textBytes = new byte[lengthOfPaddedString];
        textBytes = ASCIIEncoding.ASCII.GetBytes(message);

        byte[] keyBytes = new byte[key.Length];
        keyBytes = ASCIIEncoding.ASCII.GetBytes(key);

        byte[] ivBytes = new byte[iv.Length];
        ivBytes = StringUtilities.HexStringToByteArray(iv);
        byte[] encrptedBytes = Encrypt(textBytes, keyBytes, ivBytes);

        return StringUtilities.ByteArrayToHexString(encrptedBytes);
    }

    /// <summary>
    // On the Oracle side, our DBAs wrapped the call to the toolkit encrytion function to pad with a ~, I don't recommend
    // doing down this path, it is prone to error.
    // we are working with blocks of size 8 bytes, this method pads the last block with ~ characters.
    /// </summary>
    /// <param name="message"></param>
    /// <param name="lengthOfPaddedString"></param>
    /// <returns></returns>
    private static string PadMessageWithCustomChar(string message, out int lengthOfPaddedString)
    {
        int lengthOfData = message.Length;
        int units;
        if ((lengthOfData % 8) != 0)
        {
            units = (lengthOfData / 8) + 1;
        }
        else
        {
            units = lengthOfData / 8;
        }

        lengthOfPaddedString = units * 8;

        message = message.PadRight(lengthOfPaddedString, '~');
        return message;
    }


    public static byte[] Encrypt(byte[] clearData, byte[] Key, byte[] IV)
    {
        MemoryStream ms = new MemoryStream();
        // Create a symmetric algorithm.
        TripleDES alg = TripleDES.Create();
        alg.Padding = PaddingMode.None;
        // You should be able to specify ANSIX923 in a normal implementation 
        // We have to use none because of the DBA's wrapper
        //alg.Padding = PaddingMode.ANSIX923;

        alg.Key = Key;
        alg.IV = IV;

        CryptoStream cs = new CryptoStream(ms, alg.CreateEncryptor(), CryptoStreamMode.Write);
        cs.Write(clearData, 0, clearData.Length);
        cs.Close();

        byte[] encryptedData = ms.ToArray();
        return encryptedData;
    }

将这些方法放在静态 StringUtilities 类中:

    /// <summary>
    /// Method to convert a string of hexadecimal character pairs
    /// to a byte array.
    /// </summary>
    /// <param name="hexValue">Hexadecimal character pair string.</param>
    /// <returns>A byte array </returns>
    /// <exception cref="System.ArgumentNullException">Thrown when argument is null.</exception>
    /// <exception cref="System.ArgumentException">Thrown when argument contains an odd number of characters.</exception>
    /// <exception cref="System.FormatException">Thrown when argument contains non-hexadecimal characters.</exception>
    public static byte[] HexStringToByteArray(string hexValue)
    {
        ArgumentValidation.CheckNullReference(hexValue, "hexValue");

        if (hexValue.Length % 2 == 1)
            throw new ArgumentException("ERROR: String must have an even number of characters.", "hexValue");

        byte[] values = new byte[hexValue.Length / 2];

        for (int i = 0; i < values.Length; i++)
            values[i] = byte.Parse(hexValue.Substring(i * 2, 2), System.Globalization.NumberStyles.HexNumber);

        return values;
    }   // HexStringToByteArray()


    /// <summary>
    /// Method to convert a byte array to a hexadecimal string.
    /// </summary>
    /// <param name="values">Byte array.</param>
    /// <returns>A hexadecimal string.</returns>
    /// <exception cref="System.ArgumentNullException">Thrown when argument is null.</exception>
    public static string ByteArrayToHexString(byte[] values)
    {
        ArgumentValidation.CheckNullReference(values, "values");

        StringBuilder hexValue = new StringBuilder();

        foreach (byte value in values)
        {
            hexValue.Append(value.ToString("X2"));
        }

        return hexValue.ToString();
    }   // ByteArrayToHexString()

    public static byte[] GetStringToBytes(string value)
    {
        SoapHexBinary shb = SoapHexBinary.Parse(value);
        return shb.Value;
    }

    public static string GetBytesToString(byte[] value)
    {
        SoapHexBinary shb = new SoapHexBinary(value);
        return shb.ToString();
    } 

如果您从 .NET 端使用 ANSIX923 填充模式,您的 PL/SQL 代码将如下所示,因为您必须读取最后两个字节以确定填充了多少字节并将它们从字符串中删除,因此您返回原始字符串。

create or replace FUNCTION DecryptPassword(EncryptedText IN VARCHAR2,EncKey IN VARCHAR2) RETURN VARCHAR2
IS
encdata RAW(2000);
numpad NUMBER;
result VARCHAR2(100);
BEGIN
  encdata:=dbms_obfuscation_toolkit.DES3Decrypt(input=&amp;gt;hextoraw(EncryptedText),key=&amp;gt;UTL_RAW.CAST_TO_RAW(EncKey));

  result :=rawtohex(encdata);
  numpad:=substr(result,length(result)-1);
  result:= substr(result,1,length(result)-(numpad*2));
  result := hextoraw(result);
  result := utl_raw.cast_to_varchar2(result);
  return result;

END DecryptPassword;
于 2012-11-16T11:29:55.860 回答
1

根据MSDN 文档,您的 C# 代码使用 PKCS7 的默认填充,而您的 Oracle 代码使用 PKCS5。那可能是一个很好的起点。当您使用它时,您可能也应该明确设置您的块链接模式。

编辑:对不起,PKCS5 和 PKCS7 应该用相同的字节填充明文到相同的长度。可能不是这样。Vincent Malgrat 建议尝试使用纯文本的原始字节来消除编码问题,这听起来像是一个不错的起点。C# 代码会将您的字符串视为 unicode。我认为,在 Oracle 中,它将使用数据库设置的任何编码。

于 2012-10-02T16:01:41.293 回答
0

问题可能与您使用的密钥的填充有关。检查不同的密钥/不同的填充

于 2012-10-02T15:53:59.407 回答