【.Net Core】RSA算法前端及后端加密实现

前言

非对称加密算法的优缺点就不赘述了,目前使用最广泛的就是RSA算法,而在Web项目中一些关键信息肯定是不能明文传输的,最简单的就是用户密码。
而.NET下的RSA类所生成的密钥为Xml格式,而其他语言比如java一般使用pkcs8格式的密钥,前端JavaScript一般使用pkcs1格式。格式不同导致后端密钥无法被前端使用,我们就得想办法统一key进行加解密,下面是我总结的解决方案(我只是一个总结者,下面内容来源于博客园多个前辈,只是当时没有记录来源,写文时没法贴上链接)

正文

后端

使用类库:“BouncyCastle.NetCore”(.Net FrameWork使用“BouncyCastle”)

using System;
using System.IO;
using System.Text;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Encodings;
using Org.BouncyCastle.Crypto.Engines;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Security;

namespace Utility
{
    /// <summary>
    /// RAS非对称算法
    /// </summary>
    public class RSAUtility
    {
        /// <summary>
        /// 生成PEM格式的公钥和密钥
        /// </summary>
        /// <param name="strength">长度</param>
        /// <returns>Item1:公钥;Item2:私钥;</returns>
        public static (string, string) CreateKeyPair(int strength = 1024)
        {
            RsaKeyPairGenerator r = new RsaKeyPairGenerator();
            r.Init(new KeyGenerationParameters(new SecureRandom(), strength));
            AsymmetricCipherKeyPair keys = r.GenerateKeyPair();

            TextWriter privateTextWriter = new StringWriter();
            PemWriter privatePemWriter = new PemWriter(privateTextWriter);
            privatePemWriter.WriteObject(keys.Private);
            privatePemWriter.Writer.Flush();


            TextWriter publicTextWriter = new StringWriter();
            PemWriter publicPemWriter = new PemWriter(publicTextWriter);
            publicPemWriter.WriteObject(keys.Public);
            publicPemWriter.Writer.Flush();


            return (publicTextWriter.ToString(), privateTextWriter.ToString());
        }

        /// <summary>
        /// RSA解密
        /// </summary>
        /// <param name="privateKey">私钥</param>
        /// <param name="decryptstring">待解密的字符串(Base64)</param>
        /// <returns>解密后的字符串</returns>
        public static string Decrypt(string privateKey, string decryptstring)
        {
            using (TextReader reader = new StringReader(privateKey))
            {
                dynamic key = new PemReader(reader).ReadObject();
                var rsaDecrypt = new Pkcs1Encoding(new RsaEngine());
                if (key is AsymmetricKeyParameter)
                {
                    key = (AsymmetricKeyParameter)key;
                }
                else if (key is AsymmetricCipherKeyPair)
                {
                    key = ((AsymmetricCipherKeyPair)key).Private;
                }
                rsaDecrypt.Init(false, key);  //这里加密是true;解密是false  

                byte[] entData = Convert.FromBase64String(decryptstring);
                entData = rsaDecrypt.ProcessBlock(entData, 0, entData.Length);
                return Encoding.UTF8.GetString(entData);
            }
        }/// <summary>

         /// 加密
         /// </summary>
         /// <param name="publicKey">公钥</param>
         /// <param name="encryptstring">待加密的字符串</param>
         /// <returns>加密后的Base64</returns>
        public static string Encrypt(string publicKey, string encryptstring)
        {
            using (TextReader reader = new StringReader(publicKey))
            {
                AsymmetricKeyParameter key = new PemReader(reader).ReadObject() as AsymmetricKeyParameter;
                Pkcs1Encoding pkcs1 = new Pkcs1Encoding(new RsaEngine());
                pkcs1.Init(true, key);//加密是true;解密是false;
                byte[] entData = Encoding.UTF8.GetBytes(encryptstring);
                entData = pkcs1.ProcessBlock(entData, 0, entData.Length);
                return Convert.ToBase64String(entData);
            }
        }
    }
}

如果想私钥加密,公钥解密可以引用类库:“BouncyCastle.Crypto”,参考地址如下:
https://www.cnblogs.com/dj258/p/6049786.html

前端

前端引用jsencrypt.js

/*
 * RSA算法加密
 * key:公钥
 * encryptstring:待加密信息
 */
function RSAEncryption(key, encryptstring) {
            //rsa加密随机密钥
            var rsa = new JSEncrypt();
            //设置后端接口传回的公钥(无需对公钥字符串做任何处理)
            rsa.setPublicKey(key);

            //注意:RSA加解密有大小限制(最多117 bytes)
            var rsaEncrypted = rsa.encrypt(encryptstring);

            //已加密的字符串(Base64)
            return rsaEncrypted;
        }

PEM格式存在换行,因此建议把公钥放在隐藏域中:

<input id="encryption" name="encryption" type="hidden" value="@ViewData["publicKey"]">
上一篇:17、ansible配置管理


下一篇:Java到Python RSA