使用 RSACryptoServiceProvider 和 X509Certificate2 进行数据加密/解密
1.17/5 (6投票s)
2007年5月24日
2分钟阅读
112108
使用 RSACryptoServiceProvider 和 X509Certificate2 进行数据加密/解密
引言
使用 RSACryptoServiceProvider 和 X509Certificate2 进行数据加密/解密
背景
在编写加密/解密代码之前,必须确保生成具有私钥选项的有效证书。这可以通过以下命令实现。
makecert -r -pe -n "CN=MyTestServer" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr CurrentUser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
使用代码
using System;
using System.Collections.Generic;
using System.Text;
using System.IO;
using System.Xml;
using System.Security.Cryptography;
using System.Security.Permissions;
using System.Security.Cryptography.X509Certificates;
using System.Runtime.InteropServices;
string DigitalCertificateName = "";
/// <summary>
/// 构造函数
/// 作者:Ranajit Biswal
/// 日期:2007 年 5 月 24 日
/// 目的:用于使用具有私钥的数字签名来加密和解密字符串。
/// 要求:WSE 2.0 和 .Net Framework 2.0
/// </summary>
//从当前用户存储读取数字证书。
public string GetEncryptedText(string PlainStringToEncrypt)
{
X509Store store = new X509Store(StoreName.My);
X509Certificate2 x509_2 = null;
store.Open(OpenFlags.ReadWrite);
if (DigitalCertificateName.Length > 0)
{
foreach (X509Certificate2 cert in store.Certificates)
{
if (cert.SubjectName.Name.Contains(DigitalCertificateName))
{
x509_2 = cert;
break;
}
}
if (x509_2 == null)
throw new Exception("在名称 " + DigitalCertificateName + " 中找不到证书");
}
else
{
x509_2 = store.Certificates[0];
}
try
{
string PlainString = PlainStringToEncrypt.Trim();
byte[] cipherbytes = ASCIIEncoding.ASCII.GetBytes(PlainString);
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509_2.PublicKey.Key;
byte[] cipher = rsa.Encrypt(cipherbytes, false);
return Convert.ToBase64String(cipher);
}
catch (Exception e)
{
//处理异常
throw e;
}
}//方法在此结束
/// <summary>
/// 使用 RSACryptoServer Provider 和具有私钥的数字证书解密明文。
/// </summary>
/// <param name="EncryptedStringToDecrypt"></param>
/// <returns></returns>
public string GetDecryptedText(string EncryptedStringToDecrypt)
{
X509Store store = new X509Store(StoreName.My);
X509Certificate2 x509_2 = null;
store.Open(OpenFlags.ReadWrite);
if (DigitalCertificateName.Length > 0)
{
foreach (X509Certificate2 cert in store.Certificates)
{
if (cert.SubjectName.Name.Contains(DigitalCertificateName))
{
x509_2 = cert;
break;
}
}
if (x509_2 == null)
throw new Exception("在名称 " + DigitalCertificateName + " 中找不到证书");
}
else
{
x509_2 = store.Certificates[0];
}
try
{
byte[] cipherbytes = Convert.FromBase64String(EncryptedStringToDecrypt);
if (x509_2.HasPrivateKey)
{
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509_2.PrivateKey;
byte[] plainbytes = rsa.Decrypt(cipherbytes, false);
System.Text.ASCIIEncoding enc = new System.Text.ASCIIEncoding();
return enc.GetString(plainbytes);
}
else
{
throw new Exception("用于的证书没有私钥。");
}
}
catch (Exception e)
{
//处理异常
throw e;
}
}//方法在此结束