RSA 分段加解密【解决“不正确的长度”的异常】

  RSA 是常用的非对称加密算法。最近使用时却出现了“不正确的长度”的异常,研究发现是由于待加密的数据超长所致。

  .NET Framework 中提供的 RSA 算法规定:

  待加密的字节数不能超过密钥的长度值除以 8 再减去 11(即:RSACryptoServiceProvider.KeySize / 8 - 11),而加密后得到密文的字节数,正好是密钥的长度值除以 8(即:RSACryptoServiceProvider.KeySize / 8)。

  所以,如果要加密较长的数据,则可以采用分段加解密的方式,实现方式如下:

 1     namespace Macroresolute.RSACryptoService
 2     {
 3         public static class RSACrypto
 4         {
 5             private static readonly Encoding Encoder = Encoding.UTF8;
 6 
 7             public static String Encrypt(this String plaintext)
 8             {
 9                 X509Certificate2 _X509Certificate2 = RSACrypto.RetrieveX509Certificate();
10                 using (RSACryptoServiceProvider RSACryptography = _X509Certificate2.PublicKey.Key as RSACryptoServiceProvider)
11                 {
12                     Byte[] PlaintextData = RSACrypto.Encoder.GetBytes(plaintext);
13                     int MaxBlockSize = RSACryptography.KeySize / 8 - 11;    //加密块最大长度限制
14 
15                     if (PlaintextData.Length <= MaxBlockSize)
16                         return Convert.ToBase64String(RSACryptography.Encrypt(PlaintextData, false));
17 
18                     using (MemoryStream PlaiStream = new MemoryStream(PlaintextData))
19                     using (MemoryStream CrypStream = new MemoryStream())
20                     {
21                         Byte[] Buffer = new Byte[MaxBlockSize];
22                         int BlockSize = PlaiStream.Read(Buffer, 0, MaxBlockSize);
23 
24                         while (BlockSize > 0)
25                         {
26                             Byte[] ToEncrypt = new Byte[BlockSize];
27                             Array.Copy(Buffer, 0, ToEncrypt, 0, BlockSize);
28 
29                             Byte[] Cryptograph = RSACryptography.Encrypt(ToEncrypt, false);
30                             CrypStream.Write(Cryptograph, 0, Cryptograph.Length);
31 
32                             BlockSize = PlaiStream.Read(Buffer, 0, MaxBlockSize);
33                         }
34 
35                         return Convert.ToBase64String(CrypStream.ToArray(), Base64FormattingOptions.None);
36                     }
37                 }
38             }
39 
40             public static String Decrypt(this String ciphertext)
41             {
42                 X509Certificate2 _X509Certificate2 = RSACrypto.RetrieveX509Certificate();
43                 using (RSACryptoServiceProvider RSACryptography = _X509Certificate2.PrivateKey as RSACryptoServiceProvider)
44                 {
45                     Byte[] CiphertextData = Convert.FromBase64String(ciphertext);
46                     int MaxBlockSize = RSACryptography.KeySize / 8;    //解密块最大长度限制
47 
48                     if (CiphertextData.Length <= MaxBlockSize)
49                         return RSACrypto.Encoder.GetString(RSACryptography.Decrypt(CiphertextData, false));
50 
51                     using (MemoryStream CrypStream = new MemoryStream(CiphertextData))
52                     using (MemoryStream PlaiStream = new MemoryStream())
53                     {
54                         Byte[] Buffer = new Byte[MaxBlockSize];
55                         int BlockSize = CrypStream.Read(Buffer, 0, MaxBlockSize);
56 
57                         while (BlockSize > 0)
58                         {
59                             Byte[] ToDecrypt = new Byte[BlockSize];
60                             Array.Copy(Buffer, 0, ToDecrypt, 0, BlockSize);
61 
62                             Byte[] Plaintext = RSACryptography.Decrypt(ToDecrypt, false);
63                             PlaiStream.Write(Plaintext, 0, Plaintext.Length);
64 
65                             BlockSize = CrypStream.Read(Buffer, 0, MaxBlockSize);
66                         }
67 
68                         return RSACrypto.Encoder.GetString(PlaiStream.ToArray());
69                     }
70                 }
71             }
72 
73             private static X509Certificate2 RetrieveX509Certificate()
74             {
75                 return null;    //检索用于 RSA 加密的 X509Certificate2 证书
76             }
77         }
78     }


:以上加密方法返回的字符串类型为原始的 Base-64 ,若要用于 URL 传输,需另行处理!

posted @ 2012-05-24 14:56  Nabbiit  阅读(16728)  评论(4编辑  收藏  举报