一,思路
对称加密含有一个被称为密钥的东西,在消息发送前使用密钥对消息进行加密,得到密文并发送,接收方收到密文后,使用相同的密钥进行解密,获得原消息。
PS:使用密钥对消息进行加密的过程,由加密算法来完成的,加密算法通常也是公开的。
二,对称加密的流程
1,发送方和接收方持有相同的密钥,并严格保密
2,发送方使用密钥对消息进行加密,然后发送消息
3,接收方收到消息后,使用相同的密钥对消息进行解密
PS:在这一过程中,第三方可能截获消息,但得到的知识一堆乱码
三,Demo
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Security.Cryptography; //注意引入此命名空间 using System.IO; namespace 对称加密与解密 { class Program { static void Main(string[] args) { string key = "secret key"; //密钥 string plainText = "hello,world"; //明文 string encryptedText = SymmetricCryPtoHelper.Encrypt(plainText, key); //加密 Console.WriteLine(encryptedText); string clearText = SymmetricCryPtoHelper.Decrypt(encryptedText, key); //解密 Console.WriteLine(clearText); Console.ReadKey(); } } /// <summary> /// 对称加密帮助类 /// </summary> /// <remarks>Editor:v-liuhch CreateTime:2015/5/15 22:05:41</remarks> public class SymmetricCryPtoHelper { //对称加密算法提供器 private ICryptoTransform encryptor;//加密器对象 private ICryptoTransform decryptor;//解密器对象 private const int BufferSize = 1024; /// <summary> /// Initializes a new instance of the <see cref="SymmetricCryPtoHelper"/> class. /// </summary> /// <param name="algorithmName">Name of the algorithm.</param> /// <param name="key">The key.</param> /// <remarks>Editor:v-liuhch</remarks> public SymmetricCryPtoHelper(string algorithmName, byte[] key) { //SymmetricAlgorithm为对称算法基类 SymmetricAlgorithm provider = SymmetricAlgorithm.Create(algorithmName); provider.Key = key;//指定密钥,通常为128位或者196位 provider.IV = new byte[] { 0x12,0x34,0x56,0x78,0x90,0xAB,0xCD,0xEF};//Initialization vector ,初始化向量,避免了加密之后文字的相关部分也是重复的问题,通常为64位 encryptor = provider.CreateEncryptor();//创建加密器对象 decryptor = provider.CreateDecryptor();//创建解密器对象 } public SymmetricCryPtoHelper(byte[] key) : this("TripleDES", key) { } //加密算法 /// <summary> /// Encrypts the specified clear text. /// </summary> /// <param name="clearText">The clear text.</param> /// <returns>System.String.</returns> /// <remarks>Editor:v-liuhch CreateTime:2015/5/17 16:56:15</remarks> public string Encrypt(string clearText) { //创建明文流 byte[] clearBuffer = Encoding.UTF8.GetBytes(clearText); MemoryStream clearStream = new MemoryStream(clearBuffer); //创建空的密文流 MemoryStream encryptedStream = new MemoryStream(); /* 加密解密涉及到两个流,一个是明文流,一个是密文流 那么必然有一个中介者,将明文流转换成密文流;或者将密文流转换成明文流; * .net中执行这个操作的中介者是一个流类型,叫做CryptoStream; * * 加密时构造函数参数: * 1,Stream:密文流(此时密文流还没有包含数据,仅仅是一个空流); * 2,ICryptoTransform:创建的加密器,负责进行加密计算, * 3,枚举:write,将流经CryptoStream的明文流写入到密文流中,最后从密文流中获得加密后的数据 */ CryptoStream cryptoStream = new CryptoStream(encryptedStream, encryptor, CryptoStreamMode.Write); //将明文流写入到buffer中 //将buffer中的数据写入到cryptoStream中 int bytesRead = 0; byte[] buffer = new byte[BufferSize]; do { bytesRead = clearStream.Read(buffer, 0, BufferSize); cryptoStream.Write(buffer, 0, bytesRead); } while (bytesRead>0); cryptoStream.FlushFinalBlock();//清除缓冲区 //获取加密后的文本 buffer = encryptedStream.ToArray(); string encryptedText = Convert.ToBase64String(buffer); return encryptedText; } /// <summary> /// 解密算法 /// </summary> /// <param name="encryptedText">The encrypted text.</param> /// <returns>System.String.</returns> /// <remarks>Editor:v-liuhch CreateTime:2015/5/17 16:56:22</remarks> public string Decrypt(string encryptedText) { byte[] encryptedBuffer = Convert.FromBase64String(encryptedText); Stream encryptedStream = new MemoryStream(encryptedBuffer); MemoryStream clearStream = new MemoryStream(); /* 解密时构造函数参数: * 1,Stream:密文流(此时密文流包含数据); * 2,ICryptoTransform:创建的解密器,负责进行解密计算, * 3,枚举:write,将密文流中的数据读出到明文流,进而再转换成明文的,原来的格式 */ CryptoStream cryptoStream = new CryptoStream(encryptedStream, decryptor, CryptoStreamMode.Read); int bytesRead = 0; byte[] buffer = new byte[BufferSize]; do { bytesRead = cryptoStream.Read(buffer, 0, BufferSize); clearStream.Write(buffer, 0, bytesRead); } while (bytesRead>0); buffer = clearStream.GetBuffer(); string clearText = Encoding.UTF8.GetString(buffer, 0, (int)clearStream.Length); return clearText; } /// <summary> /// Encrypts the specified clear text. /// </summary> /// <param name="clearText">The clear text.</param> /// <param name="key">The key.</param> /// <returns>System.String.</returns> /// <remarks>Editor:v-liuhch CreateTime:2015/5/17 16:56:40</remarks> public static string Encrypt(string clearText, string key) { byte[] keyData = new byte[16]; byte[] sourceData = Encoding.Default.GetBytes(key); int copyBytes = 16; if (sourceData.Length<16) { copyBytes = sourceData.Length; } Array.Copy(sourceData, keyData, copyBytes); SymmetricCryPtoHelper helper = new SymmetricCryPtoHelper(keyData); return helper.Encrypt(clearText); } /// <summary> /// Decrypts the specified encrypted text. /// </summary> /// <param name="encryptedText">The encrypted text.</param> /// <param name="key">The key.</param> /// <returns>System.String.</returns> /// <remarks>Editor:v-liuhch CreateTime:2015/5/17 16:56:44</remarks> public static string Decrypt(string encryptedText, string key) { byte[] keyData = new byte[16]; byte[] sourceData = Encoding.Default.GetBytes(key); int copyBytes = 16; if (sourceData.Length<16) { copyBytes = sourceData.Length; } Array.Copy(sourceData, keyData, copyBytes); SymmetricCryPtoHelper helper = new SymmetricCryPtoHelper(keyData); return helper.Decrypt(encryptedText); } } }
四,隐患问题
1,发送方和接收方都需要持有密钥,并保证密钥不被泄露。
2,如果第三方非法获得了密钥,在对消息进行篡改后,重新加密发给接收方,则接收方无法辨别。既然无法判断消息是否被篡改,也无法确定消息是由谁发送过来的,无法满足完整性和可认证性。