发表新帖
发表新帖

How to use Rijndael encryption with a .Net Core class library? (Not .Net Framework)

后端 未结
关注
2 1170
迷失自我
迷失自我 2020-12-30 04:00

How do we use Rijndael encryption in a .Net Core class library? (Not a .Net Framework Class Library) We need to create a shared .Net Core library for use in multiple projec

相关标签:
2条回答
  • 眼角桃花
    2020-12-30 04:24

    If you just want to encrypt/decrypt stuff, avoid using Rijndael directly as asp.net core has some much nicer wrappers that are much easier to use and more likely to be properly secure by default. It is known as DataProtection.

    using Microsoft.AspNetCore.DataProtection;

// During startup add DP
serviceCollection.AddDataProtection();

...

// the 'provider' parameter is provided by DI
public MyClass(IDataProtectionProvider provider)
{
    _protector = provider.CreateProtector("Contoso.MyClass.v1");
}

...

// protect the payload
string protectedPayload = _protector.Protect(input);
Console.WriteLine($"Protect returned: {protectedPayload}");

...

// unprotect the payload
string unprotectedPayload = _protector.Unprotect(protectedPayload);
Console.WriteLine($"Unprotect returned: {unprotectedPayload}");

    See the data protection docs for more information

    0 讨论(0)
  • 甜味超标
    2020-12-30 04:39

    The difference (in .NET) between Rijndael and AES is that Rijndael allows the block size to change, but AES does not. Since RijndaelManaged's default block size is the same as the AES block size (128 bit / 16 byte) you are, in fact, using AES.

    Instead of instantiating the implementation type by name, just use the factory (Aes.Create()). That works in both .NET Core and .NET Framework.

    Other things worth mentioning:

    • All SymmetricAlgorithm instances are IDisposable, you should use them in a using statement.
    • All ICryptoTransform instances (such as your incorrectly named desEncryptor) are IDisposable, you should use them in a using statement.
    • ISO10126 padding is not available in .NET Core 1.0. If you need to be compatible with existing streams you can apply the padding yourself and specify PaddingMode.None. Otherwise, PKCS7 is more standard.
    • Your AES key isn't very random, since it comes from an ASCII string (lots of values won't be valid).
      • Base64 at least has full value range
      • PBKDF2 (Password-Based Key Derivation Function 2) via the Rfc2898DeriveBytes class allows for shared-string-secret in, predictable noise out.
      • KeyAgreement is in general better, but neither ECDH nor classic DH are available in .NET Core 1.0.
    • Usually the encryptor should let a random IV be calculated (call aes.GenerateIV() if using the same object for multiple operations) and present it with the ciphertext. So encrypt takes a key and plaintext and produces a ciphertext and IV. Decrypt takes (key, IV, ciphertext) and produces plaintext.
    0 讨论(0)
 看不清?
提交回复
热议问题