-1

下面是一个有效的 c# 密码学代码。

包含的命名空间参考

using System.Web.Script.Serialization;
using System.Security.Cryptography;
using System.Text;

用于编码 json 格式用户数据的 C# 代码

// Encode the data into a JSON object     
JavaScriptSerializer s = new JavaScriptSerializer();
string json_data = s.Serialize(user_data);

string site_key = "84129";
string api_key = "0d2c15da-b36f-4a9c-8f44-93eb95811e2e-05e1fb36-54aa-44fc-888e-45d2669c3013";
byte[] bIV = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };

//Using byte arrays now instead of strings
byte[] encrypted = null;
byte[] data = Encoding.ASCII.GetBytes(json_data);

//Use the AesManaged object to do the encryption
using (AesManaged aesAlg = new AesManaged())
{
    aesAlg.IV = bIV;
    aesAlg.KeySize = 16 * 8;

    // Create the 16-byte salted hash     
    SHA1 sha1 = SHA1.Create();
    byte[] saltedHash = sha1.ComputeHash(Encoding.ASCII.GetBytes(api_key + site_key), 0, (api_key + site_key).Length);
    Array.Resize(ref saltedHash, 16);
    aesAlg.Key = saltedHash;

    // Encrypt using the AES Managed object  
    ICryptoTransform encryptor = aesAlg.CreateEncryptor();
    using (MemoryStream msEncrypt = new MemoryStream())
    {
        using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
        {
            csEncrypt.Write(data, 0, data.Length);
            csEncrypt.FlushFinalBlock();
        }
        encrypted = msEncrypt.ToArray();
    }
}

// the Base64-encoded encrypted data       
 string encodedData= Convert.ToBase64String(encrypted, Base64FormattingOptions.None)
              .TrimEnd("=".ToCharArray()) // Remove trailing equal (=) characters       
              .Replace("+", "-")   // Change any plus (+) characters to dashes (-)     
              .Replace("/", "_");  // Change any slashes (/) characters to underscores (_)

注意:json_data 字符串就像..

{"email":"chandresh@domainname.com","name":"chandresh","expires":"2013-07-05T11:47:32"}

我尝试编写与上述 C# 工作代码等效的 CryptoJS 代码。

不知何故,完成的加密/编码不是有效的编码数据。请帮忙

var json_data = '{"email":"chandresh@domainname.com","name":"chandresh","expires":"2013-07-05T11:47:32"}';
var site_key = "84129";
var api_key = "0d2c15da-b36f-4a9c-8f44-93eb95811e2e-05e1fb36-54aa-44fc-888e-45d2669c3013";
var _iv = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];

var options = { mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7, iv: _iv, keySize: 128/8 };

// Create the 16-byte salted hash     
var saltedHash = CryptoJS.SHA1(api_key + site_key);
saltedHash.sigBytes = 16;

saltedHash = CryptoJS.enc.Base64.stringify(saltedHash);
var encrypted = CryptoJS.AES.encrypt(json_data,saltedHash, options);

// the Base64-encoded encrypted data
var encodedData  =  encrypted.ciphertext.toString(CryptoJS.enc.Base64);
encodedData = encodedData.trimEnd("=");          // Remove trailing equal (=) characters       
encodedData = encodedData.replace(/\+/gi, "-");  // Change any plus (+) characters to dashes (-)
encodedData = encodedData.replace(/\//gi, "_");  // Change any slashes (/) characters to underscores (_)
4

1 回答 1

1

您正在对 JavaScript 版本中的密钥进行 Base64 编码。只需传入saltedHash变量而不进行编码,它应该可以工作。

不过,这个加密系统还有其他问题。静态 IV 几乎总是一个安全问题。密钥推导在这里也很可疑。

于 2013-06-06T13:05:54.450 回答