当前位置：首页 > news >正文

.NET Core 数据库连接字符串加密与解密

news 来源：原创 2025/6/14 8:45:44

.NET Core 数据库连接字符串加密与解密

一、实战：控制台加密解密工具开发
- 1. 基本功能实现
- - 加密
  - 解密
- 2. 动态输入秘钥与需要加密的内容
- 3. 整个源码:

每次把数据库密码直接写在配置文件里，我都感觉像是在大街上裸奔——虽然大家都这么做，但总觉得哪里不对劲。

想想看，我们把最重要的数据库密码，就这么明晃晃地写在appsettings.json里。万一哪天配置文件不小心泄露了，黑客们简直就像拿到了金库钥匙，我们的数据就全暴露了！

别担心，给数据库密码"穿衣服"没你想的那么难。今天我要分享的就是一个超级实用的方法：

用个神奇的小工具把密码加密
把加密后的乱码存到配置文件里
程序运行时再自动解密使用
这样就算有人看到你的配置文件，也只是一堆看不懂的乱码，再也不用担心密码泄露了！

这里使用的是AES加密算法

AES（高级加密标准）是一种对称加密算法，使用128/192/256位密钥对128位数据块进行加密，通过多轮替换、移位和混淆操作确保安全性，广泛应用于网络通信、文件加密等领域。

一、实战：控制台加密解密工具开发

1. 基本功能实现

这里推荐使用控制台程序来将字符串加密，首先创建一个控制台程序。EncryptConnectStrings,然后再默认的Program.cs文件中创建两个方法EncryptConnectionString、DecryptConnectionString分别负责加密和解密.
然后还需要增加一个变量用于保存秘钥

public static string encryptionKey = "EncryptionKey";

加密

接下来就是加密的方法EncryptConnectionString

 static void EncryptConnectionString(string encryptionKey){ var connectionString = "Server=myServer;Database=myDB;User=myUser;Password=myPass;";try{ if (string.IsNullOrEmpty(connectionString )){Console.WriteLine("\n加密字符串为空！");return;}using var aes = Aes.Create();var pdb = new Rfc2898DeriveBytes(encryptionKey,new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });aes.Key = pdb.GetBytes(32);aes.IV = pdb.GetBytes(16);using var memoryStream = new MemoryStream();using (var cryptoStream = new CryptoStream(memoryStream, aes.CreateEncryptor(), CryptoStreamMode.Write)){byte[] plainBytes = Encoding.UTF8.GetBytes(connectionString );cryptoStream.Write(plainBytes, 0, plainBytes.Length);}string encrypted = Convert.ToBase64String(memoryStream.ToArray());Console.WriteLine("\n加密成功！");Console.WriteLine("加密后的结果:");Console.WriteLine(encrypted);// 生成可直接粘贴到appsettings.json的内容Console.WriteLine("\nappsettings.json 配置片段:");Console.WriteLine($"\"ConnectionStrings\": {{\n  \"YourConnection\": \"{encrypted}\"\n}}");}catch (Exception ex){Console.WriteLine($"加密失败: {ex.Message}");}}

这里生成的字符串可以直接复制到.Net Core项目使用,.Net Core项目的配置在后面介绍
在这里插入图片描述

解密

解密方法为DecryptConnectionString

static void DecryptConnectionString(string encryptionKey)
{var encryptedString = "wzeN1u22aXwFr47U7PVzUEnk5rVdkBcGYLNABI01zDKSyQ2QjQPmPvJFdDDa940CUi+k79nkwCv/jtWFUIj+Dw==";if (string.IsNullOrEmpty(encryptedString)){Console.WriteLine("错误：加密字符串不能为空");return;}try{using var aes = Aes.Create();var pdb = new Rfc2898DeriveBytes(encryptionKey,new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });aes.Key = pdb.GetBytes(32);aes.IV = pdb.GetBytes(16);var cipherBytes = Convert.FromBase64String(encryptedString);using var memoryStream = new MemoryStream();using (var cryptoStream = new CryptoStream(memoryStream, aes.CreateDecryptor(), CryptoStreamMode.Write)){cryptoStream.Write(cipherBytes, 0, cipherBytes.Length);}string decrypted = Encoding.UTF8.GetString(memoryStream.ToArray());Console.WriteLine("\n解密成功！");Console.WriteLine("原始连接字符串:");Console.WriteLine(decrypted);}catch (Exception ex){Console.WriteLine($"解密失败: {ex.Message}");}
}

可以看到解密后的字符串和加密之前一样,那就对了
在这里插入图片描述

2. 动态输入秘钥与需要加密的内容

上面实现了基本功能,但是如果批量加密的时候每次都要重启一下程序,很麻烦,所以这里修改为动态输入秘钥与字符串(也可以固定死秘钥).
在main方法中修改:

    static void Main(string[] args){Console.WriteLine("数据库连接字符串加密/解密工具");Console.WriteLine("=============================");// 1. 获取加密密钥string encryptionKey = GetEncryptionKey();bool continueRunning = true;while (continueRunning){// 2. 选择操作模式Console.WriteLine("\n[选择操作]");Console.WriteLine("1. 加密连接字符串");Console.WriteLine("2. 解密连接字符串");Console.Write("请选择(1/2): ");var choice = Console.ReadLine();switch (choice){case "1":EncryptConnectionString(encryptionKey);break;case "2":DecryptConnectionString(encryptionKey);break;default:Console.WriteLine("无效选择，请重新输入");break;}// 3. 询问用户是否继续continueRunning = AskToContinue();}Console.WriteLine("\n程序结束，按任意键退出...");Console.ReadKey();}

增加方法AskToContinue用于询问是否继续

    static bool AskToContinue(){Console.Write("\n是否继续其他操作？(Y/N): ");var response = Console.ReadLine()?.Trim().ToUpper();return response == "Y";}

增加一个方法用于将加密与解密的内容保存到文件中去,防止丢失

  static void SaveToFile(string content, string fileName){try{File.WriteAllText(fileName, content);Console.WriteLine($"结果已保存到: {Path.GetFullPath(fileName)}");}catch (Exception ex){Console.WriteLine($"保存文件失败: {ex.Message}");}}

然后是加密解密的方法

static string Encrypt(string plainText, string encryptionKey)
{if (string.IsNullOrEmpty(plainText)) return plainText;using var aes = Aes.Create();var pdb = new Rfc2898DeriveBytes(encryptionKey,new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });aes.Key = pdb.GetBytes(32);aes.IV = pdb.GetBytes(16);using var memoryStream = new MemoryStream();using (var cryptoStream = new CryptoStream(memoryStream, aes.CreateEncryptor(), CryptoStreamMode.Write)){byte[] plainBytes = Encoding.UTF8.GetBytes(plainText);cryptoStream.Write(plainBytes, 0, plainBytes.Length);}return Convert.ToBase64String(memoryStream.ToArray());
}static string Decrypt(string cipherText, string encryptionKey)
{if (string.IsNullOrEmpty(cipherText)) return cipherText;using var aes = Aes.Create();var pdb = new Rfc2898DeriveBytes(encryptionKey,new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });aes.Key = pdb.GetBytes(32);aes.IV = pdb.GetBytes(16);var cipherBytes = Convert.FromBase64String(cipherText);using var memoryStream = new MemoryStream();using (var cryptoStream = new CryptoStream(memoryStream, aes.CreateDecryptor(), CryptoStreamMode.Write)){cryptoStream.Write(cipherBytes, 0, cipherBytes.Length);}return Encoding.UTF8.GetString(memoryStream.ToArray());
}

选择加密或者解密后运行的方法:

static void EncryptConnectionString(string encryptionKey)
{Console.WriteLine("\n[加密模式]");Console.Write("请输入要加密的连接字符串: ");var connectionString = Console.ReadLine();if (string.IsNullOrEmpty(connectionString)){Console.WriteLine("错误：连接字符串不能为空");return;}try{string encrypted = Encrypt(connectionString, encryptionKey);Console.WriteLine("\n加密成功！");Console.WriteLine("加密后的结果:");Console.WriteLine(encrypted);// 生成可直接粘贴到appsettings.json的内容Console.WriteLine("\nappsettings.json 配置片段:");Console.WriteLine($"\"ConnectionStrings\": {{\n  \"YourConnection\": \"{encrypted}\"\n}}");// 保存到文件SaveToFile(encrypted, "encrypted_connection.txt");}catch (Exception ex){Console.WriteLine($"加密失败: {ex.Message}");}
}static void DecryptConnectionString(string encryptionKey)
{Console.WriteLine("\n[解密模式]");Console.Write("请输入要解密的连接字符串: ");var encryptedString = Console.ReadLine();if (string.IsNullOrEmpty(encryptedString)){Console.WriteLine("错误：加密字符串不能为空");return;}try{string decrypted = Decrypt(encryptedString, encryptionKey);Console.WriteLine("\n解密成功！");Console.WriteLine("原始连接字符串:");Console.WriteLine(decrypted);// 保存到文件SaveToFile(decrypted, "decrypted_connection.txt");}catch (Exception ex){Console.WriteLine($"解密失败: {ex.Message}");}
}

获取秘钥的方法,如果需要手动输入秘钥则取消下面的注释即可.

    static string GetEncryptionKey(){return "MyAppSecureKey";//Console.Write("\n请输入加密密钥(至少16个字符): ");//var key = Console.ReadLine();//if (string.IsNullOrEmpty(key) || key.Length < 16)//{//    Console.WriteLine("错误：密钥必须至少16个字符");//    return GetEncryptionKey(); // 递归调用直到获取有效密钥//}//return key;}

3. 整个源码:

using System;
using System.Security.Cryptography;
using System.Text;
using System.IO;
using EncryptConnectStrings;class Program
{static void Main(string[] args){Console.WriteLine("数据库连接字符串加密/解密工具");Console.WriteLine("=============================");// 1. 获取加密密钥string encryptionKey = GetEncryptionKey();bool continueRunning = true;while (continueRunning){// 2. 选择操作模式Console.WriteLine("\n[选择操作]");Console.WriteLine("1. 加密连接字符串");Console.WriteLine("2. 解密连接字符串");Console.Write("请选择(1/2): ");var choice = Console.ReadLine();switch (choice){case "1":EncryptConnectionString(encryptionKey);break;case "2":DecryptConnectionString(encryptionKey);break;default:Console.WriteLine("无效选择，请重新输入");break;}// 3. 询问用户是否继续continueRunning = AskToContinue();}Console.WriteLine("\n程序结束，按任意键退出...");Console.ReadKey();}static string GetEncryptionKey(){return "MyAppSecureKey123!@#";//Console.Write("\n请输入加密密钥(至少16个字符): ");//var key = Console.ReadLine();//if (string.IsNullOrEmpty(key) || key.Length < 16)//{//    Console.WriteLine("错误：密钥必须至少16个字符");//    return GetEncryptionKey(); // 递归调用直到获取有效密钥//}//return key;}static void EncryptConnectionString(string encryptionKey){Console.WriteLine("\n[加密模式]");Console.Write("请输入要加密的连接字符串: ");var connectionString = Console.ReadLine();if (string.IsNullOrEmpty(connectionString)){Console.WriteLine("错误：连接字符串不能为空");return;}try{string encrypted = Encrypt(connectionString, encryptionKey);Console.WriteLine("\n加密成功！");Console.WriteLine("加密后的结果:");Console.WriteLine(encrypted);// 生成可直接粘贴到appsettings.json的内容Console.WriteLine("\nappsettings.json 配置片段:");Console.WriteLine($"\"ConnectionStrings\": {{\n  \"YourConnection\": \"{encrypted}\"\n}}");// 保存到文件SaveToFile(encrypted, "encrypted_connection.txt");}catch (Exception ex){Console.WriteLine($"加密失败: {ex.Message}");}}static void DecryptConnectionString(string encryptionKey){Console.WriteLine("\n[解密模式]");Console.Write("请输入要解密的连接字符串: ");var encryptedString = Console.ReadLine();if (string.IsNullOrEmpty(encryptedString)){Console.WriteLine("错误：加密字符串不能为空");return;}try{string decrypted = Decrypt(encryptedString, encryptionKey);Console.WriteLine("\n解密成功！");Console.WriteLine("原始连接字符串:");Console.WriteLine(decrypted);// 保存到文件SaveToFile(decrypted, "decrypted_connection.txt");}catch (Exception ex){Console.WriteLine($"解密失败: {ex.Message}");}}static bool AskToContinue(){Console.Write("\n是否继续其他操作？(Y/N): ");var response = Console.ReadLine()?.Trim().ToUpper();return response == "Y";}static void SaveToFile(string content, string fileName){try{File.WriteAllText(fileName, content);Console.WriteLine($"结果已保存到: {Path.GetFullPath(fileName)}");}catch (Exception ex){Console.WriteLine($"保存文件失败: {ex.Message}");}}static string Encrypt(string plainText, string encryptionKey){if (string.IsNullOrEmpty(plainText)) return plainText;using var aes = Aes.Create();var pdb = new Rfc2898DeriveBytes(encryptionKey,new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });aes.Key = pdb.GetBytes(32);aes.IV = pdb.GetBytes(16);using var memoryStream = new MemoryStream();using (var cryptoStream = new CryptoStream(memoryStream, aes.CreateEncryptor(), CryptoStreamMode.Write)){byte[] plainBytes = Encoding.UTF8.GetBytes(plainText);cryptoStream.Write(plainBytes, 0, plainBytes.Length);}return Convert.ToBase64String(memoryStream.ToArray());}static string Decrypt(string cipherText, string encryptionKey){if (string.IsNullOrEmpty(cipherText)) return cipherText;using var aes = Aes.Create();var pdb = new Rfc2898DeriveBytes(encryptionKey,new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });aes.Key = pdb.GetBytes(32);aes.IV = pdb.GetBytes(16);var cipherBytes = Convert.FromBase64String(cipherText);using var memoryStream = new MemoryStream();using (var cryptoStream = new CryptoStream(memoryStream, aes.CreateDecryptor(), CryptoStreamMode.Write)){cryptoStream.Write(cipherBytes, 0, cipherBytes.Length);}return Encoding.UTF8.GetString(memoryStream.ToArray());}
}