一.DES
对称算法
1.key的大小
KEY64bit,IV(初始化向量)64bit,block size(每次运算处理的字节数)64bit,key的实际使用时56bit,每个字节的最后一位是校验位,不参与计算
2.加密模式
既可以block cipher(分组加密,ECB模式),也可以productcipher(乘积加密,CBC模式)。
分组加密就是每组分别加密,如果明文相同,得到的密文也会相同,乘积加密就是将上一次运算得到的结果,也就是密文,也参与到下一次运算当中,这样即使两个分组明文相同,得到的密文也不一样,计算第一组的时候就需要使用到IV了。显然CBC模式更安全一些。
3.Padding
明文如果不是block size的整数倍,最后一组就不能运算,因此在加密前需要进行padding,常用的PKCS7的padding,是将需要填充的字节数作为填充值,为了消除歧义,即使明文字节数正好是8的倍数,需要填充8个字节的0x08
4.例子
DES例子
1
usingSystem;
2
usingSystem.Collections.Generic;
3
usingSystem.Linq;
4
usingSystem.Text;
5
usingSystem.Security.Cryptography;
6
usingSystem.IO;
7
8
namespaceCipherTest
9
{
10
class
Program
11
{
12
static
void
Main(
string
[] args)
13
{
14
SymmetricAlgorithmTest(newDESCryptoServiceProvider());
15
//
SymmetricAlgorithmTest(newTripleDESCryptoServiceProvider());
16
17
Console.ReadLine();
18
}
19
20
static
voidSymmetricAlgorithmTest(SymmetricAlgorithm algo)
21
{
22
Console.WriteLine(
"
=============================================
"
);
23
Console.WriteLine(
"
Default Algorithminfo:
"
);
24
PrintSymmetricAlgorithmInfo(algo);
25
26
algo.Mode
=
CipherMode.ECB;
27
algo.GenerateIV();
28
algo.GenerateKey();
29
30
Console.WriteLine(
"
Modify Algorithminfo:
"
);
31
PrintSymmetricAlgorithmInfo(algo);
32
33
string
text
=
"
01234567012345670123456701234567
"
;
34
byte
[] plainText
=
Encoding.UTF8.GetBytes(text);
35
Console.WriteLine(
"
\nPlaintext:\n\t
"
+
ConvertBytesToHexString(plainText));
36
37
//
Encrypt
38
MemoryStream ms
=
new
MemoryStream();
39
CryptoStream encStream
=
newCryptoStream(ms, algo.CreateEncryptor(), CryptoStreamMode.Write);
40
41
encStream.Write(plainText,
0
,plainText.Length);
42
encStream.FlushFinalBlock();
43
44
byte
[] cipherText
=
ms.ToArray();
45
Console.WriteLine(
"
\nEncryptedtext:\n\t
"
+
ConvertBytesToHexString(cipherText));
46
encStream.Close();
47
ms.Close();
48
49
//
Decrypt
50
MemoryStream ms2
=
newMemoryStream(cipherText);
51
CryptoStream decStream
=
newCryptoStream(ms2, algo.CreateDecryptor(), CryptoStreamMode.Read);
52
53
Byte[] tempBuffer
=
new
Byte[
1024
];
54
Byte[] outputBytes
=
new
byte
[
0
];
55
int
nRead
=
decStream.Read(tempBuffer,
0
,tempBuffer.Length);
56
int
nLength
=
0
;
57
while
(
0
!=
nRead)
58
{
59
nLength
=
outputBytes.Length;
60
Array.Resize(
ref
outputBytes, nLength
+
nRead);
61
Array.Copy(tempBuffer,
0
, outputBytes,nLength, nRead);
62
nRead
=
decStream.Read(tempBuffer,
0
,tempBuffer.Length);
63
}
64
65
Console.WriteLine(
"
\nDecryptedtext:\n\t
"
+
ConvertBytesToHexString(outputBytes));
66
decStream.Close();
67
ms2.Close();
68
algo.Clear();
69
}
70
71
static
stringConvertBytesToHexString(
byte
[] bytes)
72
{
73
if
(bytes
==
null
||
bytes.Length
==
0
)
74
{
75
return
string
.Empty;
76
}
77
StringBuilder sb
=
new
StringBuilder();
78
foreach
(
byte
temp
in
bytes)
79
{
80
sb.Append(
string
.Format(
"
{0:X2}
"
, temp));
81
}
82
sb.Remove(sb.Length
-
1
,
1
);
83
sb.Append(
string
.Format((
"
[{0}]
"
), bytes.Length));
84
85
return
sb.ToString();
86
}
87
88
static
voidPrintSymmetricAlgorithmInfo(SymmetricAlgorithm algo)
89
{
90
Console.WriteLine(
"
\t
"
+
algo.ToString());
91
Console.WriteLine(
"
\tMode:
"
+
algo.Mode);
92
Console.WriteLine(
"
\tPadding:
"
+
algo.Padding);
93
Console.WriteLine(
"
\tKeySize:
"
+
algo.KeySize);
94
Console.WriteLine(
"
\tBlockSize:
"
+
algo.BlockSize);
95
Console.WriteLine(
"
\tIV:
"
+
ConvertBytesToHexString(algo.IV));
96
Console.WriteLine(
"
\tKey:
"
+
ConvertBytesToHexString(algo.Key));
97
}
98
}
99
}
可能运行结果:
=============================================
DefaultAlgorithm info:
System.Security.Cryptography.DESCryptoServiceProvider
Mode:CBC
Padding:PKCS7
KeySize:64
BlockSize:64
IV:79 5D 7A E4 22 10 39 F2[8]
Key:77 FF 02 7F 98 6F B6 46[8]
ModifyAlgorithm info:
System.Security.Cryptography.DESCryptoServiceProvider
Mode:ECB
Padding:PKCS7
KeySize:64
BlockSize:64
IV:30 15 B1 29 38 99 CC 36[8]
Key:18 0D 84 44 18 4B 61 61[8]
Plaintext:
30 31 32 33 34 35 36 37 30 31 32 33 3435 36 37 30 31 32 33 34 35 36 37
30 31 3233 34 35 36 37[32]
Encryptedtext:
27 9B 21 8D 77 18 AB 53 27 9B 21 8D 7718 AB 53 27 9B 21 8D 77 18 AB 53
27 9B 218D 77 18 AB 53 4F 4B D6 D7 68 18 A4 FA[40]
Decryptedtext:
30 31 32 33 34 35 36 37 30 31 32 33 3435 36 37 30 31 32 33 34 35 36 37
30 31 3233 34 35 36 37[32]
可以看出:
模式使用比较安全的CBC模式,padding用PKCS7,原文32字节也需要填充,加密后的密文是40字节,使用ECB模式时,相同的分组得到相同的密文
将模式改为CBC后的可能运行结果:
=============================================
DefaultAlgorithm info:
System.Security.Cryptography.DESCryptoServiceProvider
Mode:CBC
Padding:PKCS7
KeySize:64
BlockSize:64
IV:34 42 42 52 AC 9F D6 2A[8]
Key:29 98 61 4F 14 2C 5E A1[8]
ModifyAlgorithm info:
System.Security.Cryptography.DESCryptoServiceProvider
Mode:CBC
Padding:PKCS7
KeySize:64
BlockSize:64
IV:35 C5 78 6D D8 54 BB 1D[8]
Key:DC 73 23 E1 E3 78 42 84[8]
Plaintext:
30 31 32 33 34 35 36 37 30 31 32 33 3435 36 37 30 31 32 33 34 35 36 37
30 31 3233 34 35 36 37[32]
Encryptedtext:
65 67 16 2F 53 D9 FC 4A 02 6F CE C8 40B8 9C 40 C7 5F BF A8 38 62 05 E3
20 52 4AD7 5B AD 5E D1 5F CC D4 C3 C9 F1 97 53[40]
Decryptedtext:
30 31 32 33 34 35 36 37 30 31 32 33 3435 36 37 30 31 32 33 34 35 36 37
30 31 3233 34 35 36 37[32]
即使明文分组相同,得到的密文也不一样了。
