gpt4 book ai didi

c# - Rijndael 加密在 Windows Server 2012 上不起作用

转载 作者:可可西里 更新时间:2023-11-01 09:47:14 26 4
gpt4 key购买 nike

我有一个 Windows 应用程序 (x64),它在 Winodws 7、8 和现在的 10 上运行良好。今天我们无法在 Windows 2012 Server 下运行该程序。当我们查看事件日志时,我们发现了一个源自 System.Security.Cryptography.RijndaelManaged..ctor() 的错误(不幸的是日志没有给我们完整的路径)。

我使用了 Rijndael 算法来加密我程序中的敏感数据。程序做的第一件事是检索加密的配置文件并解密它以获得所有设置。这是我的程序没有启动的地方。

这是我程序中的解密方法:

public static string Decrypt(string cipherText, string passPhrase)
{
byte[] cipherTextBytes = Convert.FromBase64String(cipherText);
using (PasswordDeriveBytes password = new PasswordDeriveBytes(passPhrase, null))
{
byte[] keyBytes = password.GetBytes(keysize / 8);
using (RijndaelManaged symmetricKey = new RijndaelManaged())
{
symmetricKey.Mode = CipherMode.CBC;
using (ICryptoTransform decryptor = symmetricKey.CreateDecryptor(keyBytes, initVectorBytes))
{
using (MemoryStream memoryStream = new MemoryStream(cipherTextBytes))
{
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
{
byte[] plainTextBytes = new byte[cipherTextBytes.Length];
int decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
return Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount);
}
}
}
}
}
}

这是我在日志中得到的错误信息:

Application: Postbag.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.InvalidOperationException at System.Security.Cryptography.RijndaelManaged..ctor() at Common.StringCipher.Decrypt(System.String, System.String) at Common.Conf..cctor() Exception Info: System.TypeInitializationException at Common.Conf.get_DataProvider() at Postbag.FormMain..ctor() at Postbag.Program.Main()

新服务器也有相同版本的 .Net 框架。

最佳答案

RijndaelManaged 类不符合 FIPS,您的服务器似乎设置了安全策略系统加密:使用符合 FIPS 的算法进行加密、散列和签名

在知识库文章中 "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security setting effects in Windows XP and in later versions of Windows它说:

Microsoft .NET Framework applications such as Microsoft ASP.NET only allow for using algorithm implementations that are certified by NIST to be FIPS 140 compliant. Specifically, the only cryptographic algorithm classes that can be instantiated are those that implement FIPS-compliant algorithms. The names of these classes end in "CryptoServiceProvider" or "Cng." Any attempt to create an instance of other cryptographic algorithm classes, such as classes with names ending in "Managed," cause an InvalidOperationException exception to occur

所以要么 disable the security policy (来自 SecPol.msc 工具)或使用符合 FIPS 的实现。不幸的是,Rijndael 没有这样的实现,所以你可能想看看 AesCngAesCryptoServiceProvider符合您的需求,因为 AES 是最初作为 Rijndael 的正式实现。基于the blog Is RijndaelManaged class FIPS compliant?来自 Prateek Kr Dubey我得出结论,可以使用 AesCngAesCryptoServiceProvider 解密使用 RijdaelManaged 加密的数据。

为了完整起见,我使用 RijnDaelManaged 类创建了一个 Encrypt 方法,并在此行调整了您的代码示例:

using (RijndaelManaged symmetricKey = new RijndaelManaged())

阅读

using (var symmetricKey = new AesCryptoServiceProvider()) // or new AesCng()

并且确实能够解密字符串。

关于c# - Rijndael 加密在 Windows Server 2012 上不起作用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46300362/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com