加密协议知多少

前言

在我们日常编码的过程中，可能会接触多种加密协议，那么今天我们就来梳理一下常见的加密协议。加密协议分为需要秘钥的对称加密和非对称加密，以及不需要秘钥的的信息摘要算法。

对称加密和非对称加密都是可以通过秘钥进行解密的，而信息摘要算法是通过特定的运算最终输出一个固定长度的散列值，所以无法进行逆向解密。

以下代码中，仅仅是基础的使用，不包含原理哦。

其中MD5和SHA使用的是默认命名空间System.Security.Cryptography下的算法，其他的算法使用的包是Portable.BouncyCastle，这个包里包含了很多的加密算法，感兴趣的可以继续研究哈。

信息摘要算法（哈希算法）之MD5、SM3、SHA

对于一些需要进行完整性校验的地方就可以使用信息摘要算法，比如下载一些文件的时候，可以看到官方除了给出文件地址还给了一个MD5的字符串，自己下载好文件之后使用MD5校验一下，如果得到的MD5和官方的一致则说明文件没有被更改，

SHA512应用

我们也可以使用信息摘要算法对用户的敏感信息进行加密，因为MD5，SM3，SHA这样的哈希算法都是单向哈希函数，意味着计算出的散列值无法逆向推导出原始数据，这样加密之后的数据连开发人员也无法破解，所以即便数据泄露了，黑客也很难进行破解，不过随着计算能力的提升，哈希算法的抗碰撞性开始受到质疑。

MD5

using System.Security.Cryptography;
using System.Text;namespace 加密算法
{public class MD5Helper{/// <summary>/// 获取MD5(内置类库实现)/// </summary>/// <param name="str"></param>/// <returns></returns>public static string GetMD5(string str){ return MD5.Create().ComputeHash(Encoding.UTF8.GetBytes(str)).Aggregate("", (current, t) => current + t.ToString("X2"));}}
}

namespace 加密算法
{internal class Program{static void Main(string[] args){//MD5Console.WriteLine(MD5Helper.GetMD5("爱游戏爱编程"));}}
}

输出结果如下

SM3

using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Digests;
using Org.BouncyCastle.Utilities.Encoders;
using System.Text;namespace 加密算法
{public static class SM3Helper{public static string Encrypt(string str){byte[] plaintextBytes = Encoding.UTF8.GetBytes(str);IDigest digest = new SM3Digest();byte[] hashBytes = new byte[digest.GetDigestSize()];digest.BlockUpdate(plaintextBytes, 0, plaintextBytes.Length);digest.DoFinal(hashBytes, 0);string hashString = Hex.ToHexString(hashBytes);return hashString;}}
}

namespace 加密算法
{internal class Program{static void Main(string[] args){//SM3Console.WriteLine(SM3Helper.Encrypt("爱游戏爱编程"));}}
}

输出结果如下

SHA512

using System.Security.Cryptography;
using System.Text;namespace 加密算法
{public static class SHAHelper{public static string Encryption(string str){return SHA512.Create().ComputeHash(Encoding.UTF8.GetBytes(str)).Aggregate("", (current, t) => current + t.ToString("X2"));}}
}

namespace 加密算法
{internal class Program{static void Main(string[] args){//SHA512Console.WriteLine(SHAHelper.Encryption("爱游戏爱编程"));}}
}

输出结果如下

对称加密之SM4、AES、DES

对称加密意味着加密和解密使用的秘钥是一样的，所以在秘钥的分发上需要格外注意。相对于非对称加密，对称加密的算法简单，适合处理大量数据比如视频，文件等等。

SM4

using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Engines;
using Org.BouncyCastle.Crypto.Modes;
using Org.BouncyCastle.Crypto.Paddings;
using Org.BouncyCastle.Crypto.Parameters;
using System.Text;namespace 加密算法
{public static class SM4Helper{// 示例密钥（16字节）public static string keyStr = "0123456789abcdef";public static byte[] keyBytes = Encoding.UTF8.GetBytes(keyStr);public static byte[] iv = new byte[16];/// <summary>/// SM4加密/// </summary>/// <param name="str"></param>/// <returns></returns>public static byte[] EncryptSM4(byte[] plaintext){IBufferedCipher cipher = new PaddedBufferedBlockCipher(new CbcBlockCipher(new SM4Engine()), new Pkcs7Padding());cipher.Init(true, new ParametersWithIV(new KeyParameter(keyBytes), iv));byte[] encryptedBytes = new byte[cipher.GetOutputSize(plaintext.Length)];int len = cipher.ProcessBytes(plaintext, 0, plaintext.Length, encryptedBytes, 0);len += cipher.DoFinal(encryptedBytes, len);Array.Resize(ref encryptedBytes, len);return encryptedBytes;}/// <summary>/// SM4解密/// </summary>/// <param name="str"></param>/// <returns></returns>public static byte[] DecryptSM4(byte[] ciphertext){IBufferedCipher cipher = new PaddedBufferedBlockCipher(new CbcBlockCipher(new SM4Engine()), new Pkcs7Padding());cipher.Init(false, new ParametersWithIV(new KeyParameter(keyBytes), iv));byte[] decryptedBytes = new byte[cipher.GetOutputSize(ciphertext.Length)];int len = cipher.ProcessBytes(ciphertext, 0, ciphertext.Length, decryptedBytes, 0);len += cipher.DoFinal(decryptedBytes, len);Array.Resize(ref decryptedBytes, len);return decryptedBytes;}}
}

using Org.BouncyCastle.Utilities.Encoders;
using System.Text;namespace 加密算法
{internal class Program{static void Main(string[] args){//SM4// 示例明文byte[] plaintextBytes = Encoding.UTF8.GetBytes("爱游戏爱编程");// 加密byte[] encryptedBytes = SM4Helper.EncryptSM4(plaintextBytes);string encryptedStr = Hex.ToHexString(encryptedBytes);Console.WriteLine("Encrypted: " + encryptedStr);// 解密byte[] decryptedBytes = SM4Helper.DecryptSM4(encryptedBytes);string decryptedStr = Encoding.UTF8.GetString(decryptedBytes);Console.WriteLine("Decrypted: " + decryptedStr);}}
}

输出结果如下

AES

using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Engines;
using Org.BouncyCastle.Crypto.Modes;
using Org.BouncyCastle.Crypto.Paddings;
using Org.BouncyCastle.Crypto.Parameters;
using System.Text;namespace 加密算法
{public class AESHelper{// 示例密钥（16字节）public static string keyStr = "0123456789abcdef";public static byte[] keyBytes = Encoding.UTF8.GetBytes(keyStr);public static byte[] iv = new byte[16];/// <summary>/// AES加密/// </summary>/// <param name="str"></param>/// <returns></returns>public static byte[] EncryptAES(byte[] plaintext){IBufferedCipher cipher = new PaddedBufferedBlockCipher(new CbcBlockCipher(new AesEngine()), new Pkcs7Padding());cipher.Init(true, new ParametersWithIV(new KeyParameter(keyBytes), iv));byte[] encryptedBytes = new byte[cipher.GetOutputSize(plaintext.Length)];int len = cipher.ProcessBytes(plaintext, 0, plaintext.Length, encryptedBytes, 0);len += cipher.DoFinal(encryptedBytes, len);Array.Resize(ref encryptedBytes, len);return encryptedBytes;}/// <summary>/// AES解密/// </summary>/// <param name="ciphertext"></param>/// <returns></returns>public static byte[] DecryptAES(byte[] ciphertext){IBufferedCipher cipher = new PaddedBufferedBlockCipher(new CbcBlockCipher(new AesEngine()), new Pkcs7Padding());cipher.Init(false, new ParametersWithIV(new KeyParameter(keyBytes), iv));byte[] decryptedBytes = new byte[cipher.GetOutputSize(ciphertext.Length)];int len = cipher.ProcessBytes(ciphertext, 0, ciphertext.Length, decryptedBytes, 0);len += cipher.DoFinal(decryptedBytes, len);Array.Resize(ref decryptedBytes, len);return decryptedBytes;}}
}

using Org.BouncyCastle.Utilities.Encoders;
using System.Text;namespace 加密算法
{internal class Program{static void Main(string[] args){//AES// 示例明文byte[] plaintextBytes = Encoding.UTF8.GetBytes("爱游戏爱编程");// 加密byte[] encryptedBytes = AESHelper.EncryptAES(plaintextBytes);string encryptedStr = Hex.ToHexString(encryptedBytes);Console.WriteLine("Encrypted: " + encryptedStr);// 解密byte[] decryptedBytes = AESHelper.DecryptAES(encryptedBytes);string decryptedStr = Encoding.UTF8.GetString(decryptedBytes);Console.WriteLine("Decrypted: " + decryptedStr);}}
}

输出结果如下

DES

using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Engines;
using Org.BouncyCastle.Crypto.Modes;
using Org.BouncyCastle.Crypto.Paddings;
using Org.BouncyCastle.Crypto.Parameters;
using System.Text;
namespace 加密算法
{public class DESHelper{// 示例密钥（16字节）public static string keyStr = "01234567";public static byte[] keyBytes = Encoding.UTF8.GetBytes(keyStr);public static byte[] iv = new byte[8];/// <summary>/// DES加密/// </summary>/// <param name="str"></param>/// <returns></returns>public static byte[] EncryptDES(byte[] plaintext){IBufferedCipher cipher = new PaddedBufferedBlockCipher(new CbcBlockCipher(new DesEngine()), new Pkcs7Padding());cipher.Init(true, new ParametersWithIV(new KeyParameter(keyBytes), iv));byte[] encryptedBytes = new byte[cipher.GetOutputSize(plaintext.Length)];int len = cipher.ProcessBytes(plaintext, 0, plaintext.Length, encryptedBytes, 0);len += cipher.DoFinal(encryptedBytes, len);Array.Resize(ref encryptedBytes, len);return encryptedBytes;}/// <summary>/// DES解密/// </summary>/// <param name="ciphertext"></param>/// <returns></returns>public static byte[] DecryptDES(byte[] ciphertext){IBufferedCipher cipher = new PaddedBufferedBlockCipher(new CbcBlockCipher(new DesEngine()), new Pkcs7Padding());cipher.Init(false, new ParametersWithIV(new KeyParameter(keyBytes), iv));byte[] decryptedBytes = new byte[cipher.GetOutputSize(ciphertext.Length)];int len = cipher.ProcessBytes(ciphertext, 0, ciphertext.Length, decryptedBytes, 0);len += cipher.DoFinal(decryptedBytes, len);Array.Resize(ref decryptedBytes, len);return decryptedBytes;}}
}

using Org.BouncyCastle.Utilities.Encoders;
using System.Text;namespace 加密算法
{internal class Program{static void Main(string[] args){//DES// 示例明文byte[] plaintextBytes = Encoding.UTF8.GetBytes("爱游戏爱编程");// 加密byte[] encryptedBytes = DESHelper.EncryptDES(plaintextBytes);string encryptedStr = Hex.ToHexString(encryptedBytes);Console.WriteLine("Encrypted: " + encryptedStr);// 解密byte[] decryptedBytes = DESHelper.DecryptDES(encryptedBytes);string decryptedStr = Encoding.UTF8.GetString(decryptedBytes);Console.WriteLine("Decrypted: " + decryptedStr);}}
}

输出结果如下

非对称加密之SM2、RSA、ECC、DSA

非对称加密需要使用一对秘钥，分为公钥和私钥，对于一份数据，用户A使用用户B公开的公钥进行加密，那么用户B只能用自己的私钥进行解密，也就是谁的公钥加密的只有谁的私钥可以解密，同理，对应私钥加密的也只有对应的公钥可以解密。以此保证数据的安全性，但是非对称加密的算法复杂，不适合加密大量数据，典型的应用如HTTPS、数字签名、身份认证。

ECC和DSA的应用与其他几个加密协议略有不同，这俩更多的使用场景是验证签名，当用户A使用自己的私钥对数据进行签名之后，之后通过A的公钥去验证签名，如果验证通过，则说明数据是由用户A进行签名的。

SM2

using Org.BouncyCastle.Asn1.X9;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Engines;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Math.EC;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Utilities.Encoders;
using System;
using System.Text;namespace 加密算法
{public class SM2Helper{/// <summary>/// 生成 SM2 密钥对，密钥对使用 Base64 进行编码/// </summary>/// <param name="privateKey"></param>/// <param name="publicKey"></param>public static void GenerateSM2KeyPair(out string privateKey, out string publicKey){// 获取 SM2 曲线参数X9ECParameters curve = ECNamedCurveTable.GetByName("sm2p256v1");KeyGenerationParameters parameters = new ECKeyGenerationParameters(new ECDomainParameters(curve), new SecureRandom());// 创建 SM2 密钥对生成器ECKeyPairGenerator generator = new ECKeyPairGenerator();generator.Init(parameters);// 创建密钥对var keyPair = generator.GenerateKeyPair();// 私钥ECPrivateKeyParameters privateKeyParameters = (ECPrivateKeyParameters)keyPair.Private;privateKey = Base64.ToBase64String(privateKeyParameters.D.ToByteArrayUnsigned());// 公钥ECPublicKeyParameters publicKeyParameters = (ECPublicKeyParameters)keyPair.Public;publicKey = Base64.ToBase64String(publicKeyParameters.Q.GetEncoded());}/// <summary>/// SM2 公钥加密/// </summary>/// <param name="message"></param>/// <param name="key"></param>/// <returns></returns>public static string EncryptSM2(string message, string key){// 获取 SM2 曲线参数X9ECParameters curve = ECNamedCurveTable.GetByName("sm2p256v1");ECPoint q = curve.Curve.DecodePoint(Base64.Decode(key));ECDomainParameters domain = new ECDomainParameters(curve);ECPublicKeyParameters pubk = new ECPublicKeyParameters("EC", q, domain);// 创建SM2加密器SM2Engine sm2Engine = new SM2Engine();sm2Engine.Init(true, new ParametersWithRandom(pubk, new SecureRandom()));// 将原始数据转换为字节数组byte[] dataBytes = Encoding.UTF8.GetBytes(message);// 执行加密操作byte[] encryptedData = sm2Engine.ProcessBlock(dataBytes, 0, dataBytes.Length);// 将加密结果转换为 Base64 字符串return Base64.ToBase64String(encryptedData);}/// <summary>/// SM2 私钥解密/// </summary>/// <param name="message"></param>/// <param name="key"></param>/// <returns></returns>public static string DecryptSM2(string message, string key){// 获取 SM2 曲线参数X9ECParameters curve = ECNamedCurveTable.GetByName("sm2p256v1");ECDomainParameters domain = new ECDomainParameters(curve);BigInteger d = new BigInteger(1, Base64.Decode(key));ECPrivateKeyParameters prik = new ECPrivateKeyParameters(d, domain);// 创建SM2加密器SM2Engine sm2Engine = new SM2Engine();sm2Engine.Init(false, prik);byte[] encryptedData = Base64.Decode(message);// 执行解密操作byte[] decryptedData = sm2Engine.ProcessBlock(encryptedData, 0, encryptedData.Length);// 将解密结果转换为字符串return Encoding.UTF8.GetString(decryptedData);}}
}

namespace 加密算法
{internal class Program{static void Main(string[] args){//SM2string publicKey = string.Empty;string privateKey = string.Empty;SM2Helper.GenerateSM2KeyPair(out privateKey, out publicKey);string message = "爱游戏爱编程";// 加密string encryptedStr = SM2Helper.EncryptSM2(message, publicKey);Console.WriteLine("Encrypted: " + encryptedStr);// 解密string decryptedStr = SM2Helper.DecryptSM2(encryptedStr, privateKey);Console.WriteLine("Decrypted: " + decryptedStr);}}
}

输出结果如下

RAS

using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Encodings;
using Org.BouncyCastle.Crypto.Engines;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.X509;namespace 加密算法
{public class RSAHelper{/// <summary>/// 生成RSA密钥对/// </summary>/// <param name="keySize"></param>/// <returns></returns>public static void GenerateRSAKeyPair(out AsymmetricKeyParameter publicKey, out AsymmetricKeyParameter privateKey){var keyGenerationParameters = new KeyGenerationParameters(new SecureRandom(), 2048);var generator = new RsaKeyPairGenerator();generator.Init(keyGenerationParameters);var keyPair = generator.GenerateKeyPair();publicKey = keyPair.Public;privateKey = keyPair.Private;}/// <summary>/// RSA加密/// </summary>/// <param name="plaintext"></param>/// <param name="publicKey"></param>/// <returns></returns>public static byte[] EncryptRSA(byte[] dataToEncrypt,byte[] publicKeyBytes){var publicKey = PublicKeyFactory.CreateKey(publicKeyBytes);var engine = new OaepEncoding(new RsaEngine());engine.Init(true, new ParametersWithRandom(publicKey));return engine.ProcessBlock(dataToEncrypt, 0, dataToEncrypt.Length);}/// <summary>/// RSA解密/// </summary>/// <param name="ciphertext"></param>/// <param name="privateKey"></param>/// <returns></returns>public static byte[] DecryptRSA(byte[] encryptedData,byte[] privateKeyBytes){var privateKey = PrivateKeyFactory.CreateKey(privateKeyBytes);var engine = new OaepEncoding(new RsaEngine());engine.Init(false, privateKey);return engine.ProcessBlock(encryptedData, 0, encryptedData.Length);}/// <summary>/// 将公钥转换为字节数组（DER编码）/// </summary>/// <param name="publicKey"></param>/// <returns></returns>public static byte[] PublicKeyToBytes(AsymmetricKeyParameter publicKey){return SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey).GetDerEncoded();}/// <summary>/// 将私钥转换为字节数组（DER编码）/// </summary>/// <param name="privateKey"></param>/// <returns></returns>public static byte[] PrivateKeyToBytes(AsymmetricKeyParameter privateKey){return PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKey).GetDerEncoded();}}
}

using Org.BouncyCastle.Utilities.Encoders;
using System.Text;namespace 加密算法
{internal class Program{static void Main(string[] args){//RSA// 生成密钥对RSAHelper.GenerateRSAKeyPair(out var publicKey, out var privateKey);// 将密钥序列化为字节数组，便于传递或保存byte[] publicKeyBytes = RSAHelper.PublicKeyToBytes(publicKey);byte[] privateKeyBytes = RSAHelper.PrivateKeyToBytes(privateKey);byte[] message = Encoding.UTF8.GetBytes("爱游戏爱编程");// 加密byte[] encryptedBytes = RSAHelper.EncryptRSA(message, publicKeyBytes);string encryptedStr = Hex.ToHexString(encryptedBytes);Console.WriteLine("Encrypted: " + encryptedStr);// 解密byte[] decryptedBytes = RSAHelper.DecryptRSA(encryptedBytes, privateKeyBytes);string decryptedStr = Encoding.UTF8.GetString(decryptedBytes);Console.WriteLine("Decrypted: " + decryptedStr);}}
}

输出结果如下

DSA

using Org.BouncyCastle.Asn1.X9;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Security;namespace 加密算法
{public class DSAHelper{/// <summary>/// 生成RSA密钥对/// </summary>/// <param name="keySize"></param>/// <returns></returns>public static AsymmetricCipherKeyPair GenerateDSAKeyPair(){var curve = ECNamedCurveTable.GetByName("secp256r1"); // 使用一个常用的椭圆曲线var domainParams = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H);var keyGenerationParameters = new ECKeyGenerationParameters(domainParams, new SecureRandom());var keyPairGenerator = new ECKeyPairGenerator();keyPairGenerator.Init(keyGenerationParameters);return keyPairGenerator.GenerateKeyPair();}/// <summary>/// 签名/// </summary>/// <param name="message"></param>/// <param name="privateKey"></param>/// <returns></returns>public static byte[] SignDSA(byte[] message, AsymmetricKeyParameter privateKey){var signer = SignerUtilities.GetSigner("SHA-256withECDSA");signer.Init(true, privateKey);signer.BlockUpdate(message, 0, message.Length);return signer.GenerateSignature();}/// <summary>/// 验证/// </summary>/// <param name="message"></param>/// <param name="signature"></param>/// <param name="publicKey"></param>/// <returns></returns>public static bool VerifyDSA(byte[] message, byte[] signature, AsymmetricKeyParameter publicKey){var signer = SignerUtilities.GetSigner("SHA-256withECDSA");signer.Init(false, publicKey);signer.BlockUpdate(message, 0, message.Length);return signer.VerifySignature(signature);}}
}

using Org.BouncyCastle.Utilities.Encoders;
using System.Text;
namespace 加密算法
{internal class Program{static void Main(string[] args){//DSA// 生成密钥对var keys = DSAHelper.GenerateDSAKeyPair();byte[] message = Encoding.UTF8.GetBytes("爱游戏爱编程");// 加密byte[] encryptedBytes = DSAHelper.SignDSA(message, keys.Private);string encryptedStr = Hex.ToHexString(encryptedBytes);Console.WriteLine("Encrypted: " + encryptedStr);// 解密签名是否正确bool result = DSAHelper.VerifyDSA(message, encryptedBytes, keys.Public);Console.WriteLine("Decrypted: " + result);}}
}

输出结果如下

完整的代码可以查看仓库

https://gitee.com/limeng66/demo-codes/tree/master/加密算法

Study hard and make progress every day.