我有一个用于加密文本数据的类。我正在尝试尽可能重用 ICryptoTransform 对象。但是,我第二次尝试使用同一个对象时,我得到了部分错误解密的数据。我认为第一个块是错误的,但其余部分似乎还可以(用较长的文本对其进行了测试)。
我将课程精简为以下内容:
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
namespace Sample.Crypto
{
public class EncryptedStreamResolver : IDisposable
{
private AesCryptoServiceProvider _cryptoProvider;
private ICryptoTransform _encryptorTransform;
private ICryptoTransform _decryptorTransform;
private ICryptoTransform EncryptorTransform
{
get
{
if (null == _encryptorTransform || !_encryptorTransform.CanReuseTransform)
{
_encryptorTransform?.Dispose();
_encryptorTransform = _cryptoProvider.CreateEncryptor();
}
return _encryptorTransform;
}
}
private ICryptoTransform DecryptorTransform
{
get
{
if (null == _decryptorTransform || !_decryptorTransform.CanReuseTransform)
{
_decryptorTransform?.Dispose();
_decryptorTransform = _cryptoProvider.CreateDecryptor();
}
return _decryptorTransform;
}
}
public EncryptedStreamResolver()
{
GenerateCryptoProvider();
}
public Stream OpenRead(string rawPath)
{
return new CryptoStream(File.OpenRead(rawPath + ".crypto"), DecryptorTransform, CryptoStreamMode.Read);
}
public Stream OpenWrite(string rawPath)
{
return new CryptoStream(File.OpenWrite(rawPath + ".crypto"), EncryptorTransform, CryptoStreamMode.Write);
}
private void GenerateCryptoProvider(string password = "totallysafepassword")
{
_cryptoProvider = new AesCryptoServiceProvider();
_cryptoProvider.BlockSize = _cryptoProvider.LegalBlockSizes.Select(ks => ks.MaxSize).Max();
_cryptoProvider.KeySize = _cryptoProvider.LegalKeySizes.Select(ks => ks.MaxSize).Max();
_cryptoProvider.IV = new byte[_cryptoProvider.BlockSize / 8];
_cryptoProvider.Key = new byte[_cryptoProvider.KeySize / 8];
var pwBytes = Encoding.UTF8.GetBytes(password);
for (var i = 0; i < _cryptoProvider.IV.Length; i++)
_cryptoProvider.IV[i] = pwBytes[i % pwBytes.Length];
for (var i = 0; i < _cryptoProvider.Key.Length; i++)
_cryptoProvider.Key[i] = pwBytes[i % pwBytes.Length];
}
public void Dispose()
{
_encryptorTransform?.Dispose();
_decryptorTransform?.Dispose();
_cryptoProvider?.Dispose();
}
}
}
我写了一个示例使用测试来演示这个问题:
public void Can_reuse_encryptor()
{
const string message = "Secret corporate information here.";
const string testFilePath1 = "Foo1.xml";
const string testFilePath2 = "Foo2.xml";
var sr = new EncryptedStreamResolver();
// Write secret data to file
using (var writer = new StreamWriter(sr.OpenWrite(testFilePath1)))
writer.Write(message);
// Read it back and compare with original message
using (var reader = new StreamReader(sr.OpenRead(testFilePath1)))
if (!message.Equals(reader.ReadToEnd()))
throw new Exception("This should never happend :(");
// Write the same data again to a different file
using (var writer = new StreamWriter(sr.OpenWrite(testFilePath2)))
writer.Write(message);
// Read that back and compare
using (var reader = new StreamReader(sr.OpenRead(testFilePath2)))
if (!message.Equals(reader.ReadToEnd()))
throw new Exception("This should never happend :(");
}
我错过了什么?文档表明这些对象是可重用的,但我不明白如何。有人能帮助我吗?
编辑:
正如@bartonjs 指出的那样,如果我将包含上述代码的项目重新定位到.NET 4.6(或更高版本),我可以像这样使用System.AppContext.TryGetSwitch:
var reuseTransform = false;
if (null == _decryptorTransform ||
!(AppContext.TryGetSwitch("Switch.System.Security.Cryptography.AesCryptoServiceProvider.DontCorrectlyResetDecryptor", out reuseTransform) && reuseTransform && _decryptorTransform.CanReuseTransform))
{
_decryptorTransform?.Dispose();
_decryptorTransform = _cryptoProvider.Createdecryptor();
}
然后我可以在主应用程序的 app.config 中设置这个开关,就像@bartonjs 的回答一样。