public class EncrypHelp { static public byte[] RSAEncrypt(byte[] DataToEncrypt, RSAParameters RSAKeyInfo, bool DoOAEPPadding) { try { byte[] encryptedData; //Create a new instance of RSACryptoServiceProvider. using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider()) { //Import the RSA Key information. This only needs //toinclude the public key information. RSA.ImportParameters(RSAKeyInfo); //Encrypt the passed byte array and specify OAEP padding. //OAEP padding is only available on Microsoft Windows XP or //later. encryptedData = RSA.Encrypt(DataToEncrypt, DoOAEPPadding); } return encryptedData; } //Catch and display a CryptographicException //to the console. catch (CryptographicException e) { Console.WriteLine(e.Message); return null; } } static public byte[] RSADecrypt(byte[] DataToDecrypt, RSAParameters RSAKeyInfo, bool DoOAEPPadding) { try { byte[] decryptedData; //Create a new instance of RSACryptoServiceProvider. using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider()) { //Import the RSA Key information. This needs //to include the private key information. RSA.ImportParameters(RSAKeyInfo); //Decrypt the passed byte array and specify OAEP padding. //OAEP padding is only available on Microsoft Windows XP or //later. decryptedData = RSA.Decrypt(DataToDecrypt, DoOAEPPadding); } return decryptedData; } //Catch and display a CryptographicException //to the console. catch (CryptographicException e) { Console.WriteLine(e.ToString()); return null; } } public static String Encrypt(String plaintext, X509Certificate2 pubcrt) { X509Certificate2 _X509Certificate2 = pubcrt; using (RSACryptoServiceProvider RSACryptography = _X509Certificate2.PublicKey.Key as RSACryptoServiceProvider) { Byte[] PlaintextData = Encoding.UTF8.GetBytes(plaintext); int MaxBlockSize = RSACryptography.KeySize / 8 - 11; //加密块最大长度限制 if (PlaintextData.Length <= MaxBlockSize) return Convert.ToBase64String(RSACryptography.Encrypt(PlaintextData, false)); using (MemoryStream PlaiStream = new MemoryStream(PlaintextData)) using (MemoryStream CrypStream = new MemoryStream()) { Byte[] Buffer = new Byte[MaxBlockSize]; int BlockSize = PlaiStream.Read(Buffer, 0, MaxBlockSize); while (BlockSize > 0) { Byte[] ToEncrypt = new Byte[BlockSize]; Array.Copy(Buffer, 0, ToEncrypt, 0, BlockSize); Byte[] Cryptograph = RSACryptography.Encrypt(ToEncrypt, false); CrypStream.Write(Cryptograph, 0, Cryptograph.Length); BlockSize = PlaiStream.Read(Buffer, 0, MaxBlockSize); } return Convert.ToBase64String(CrypStream.ToArray(), Base64FormattingOptions.None); } } } public static String Decrypt(String ciphertext, X509Certificate2 prvpfx) { X509Certificate2 _X509Certificate2 = prvpfx; using (RSACryptoServiceProvider RSACryptography = _X509Certificate2.PrivateKey as RSACryptoServiceProvider) { Byte[] CiphertextData = Convert.FromBase64String(ciphertext); int MaxBlockSize = RSACryptography.KeySize / 8; //解密块最大长度限制 if (CiphertextData.Length <= MaxBlockSize) return Encoding.UTF8.GetString(RSACryptography.Decrypt(CiphertextData, false)); using (MemoryStream CrypStream = new MemoryStream(CiphertextData)) using (MemoryStream PlaiStream = new MemoryStream()) { Byte[] Buffer = new Byte[MaxBlockSize]; int BlockSize = CrypStream.Read(Buffer, 0, MaxBlockSize); while (BlockSize > 0) { Byte[] ToDecrypt = new Byte[BlockSize]; Array.Copy(Buffer, 0, ToDecrypt, 0, BlockSize); Byte[] Plaintext = RSACryptography.Decrypt(ToDecrypt, false); PlaiStream.Write(Plaintext, 0, Plaintext.Length); BlockSize = CrypStream.Read(Buffer, 0, MaxBlockSize); } return Encoding.UTF8.GetString(PlaiStream.ToArray()); } } } private static X509Certificate2 RetrieveX509Certificate() { return null; //检索用于 RSA 加密的 X509Certificate2 证书 } //调用方法 public void doit() { //Create a UnicodeEncoder to convert between byte array and string. UnicodeEncoding ByteConverter = new UnicodeEncoding(); //Create byte arrays to hold original, encrypted, and decrypted data. byte[] dataToEncrypt = ByteConverter.GetBytes("310991"); byte[] encryptedData; byte[] decryptedData; X509Certificate2 pubcrt = new X509Certificate2(AppDomain.CurrentDomain.BaseDirectory + "cmb.cer"); RSACryptoServiceProvider pubkey = (RSACryptoServiceProvider)pubcrt.PublicKey.Key; //X509Certificate2 prvcrt = new X509Certificate2(AppDomain.CurrentDomain.BaseDirectory + "bfkey.pfx", "123456789", X509KeyStorageFlags.Exportable); //RSACryptoServiceProvider prvkey = (RSACryptoServiceProvider)prvcrt.PrivateKey; encryptedData = EncrypHelp.RSAEncrypt(dataToEncrypt, pubkey.ExportParameters(false), false); string encryptedDataStr = Convert.ToBase64String(encryptedData); Console.WriteLine("Encrypted plaintext: {0}", Convert.ToBase64String(encryptedData)); //decryptedData = EncrypHelp.RSADecrypt(encryptedData, prvkey.ExportParameters(true), false); //Console.WriteLine("Decrypted plaintext: {0}", ByteConverter.GetString(decryptedData)); //加密长内容 String data = @"RSA 是常用的非对称加密算法。最近使用时却出现了“不正确的长度”的异常,研究发现是由于待加密的数据超长所致。 .NET Framework 中提供的 RSA 算法规定: 待加密的字节数不能超过密钥的长度值除以 8 再减去 11(即:RSACryptoServiceProvider.KeySize / 8 - 11),而加密后得到密文的字节数,正好是密钥的长度值除以 8(即:RSACryptoServiceProvider.KeySize / 8)。 所以,如果要加密较长的数据,则可以采用分段加解密的方式,实现方式如下:"; string encrypt = EncrypHelp.Encrypt(data, pubcrt); Console.WriteLine("Encrypted plaintext: {0}", encrypt); //string decrypt = EncrypHelp.Decrypt(encrypt, prvcrt); //Console.WriteLine("Decrypted plaintext: {0}", decrypt); //prvkey.Clear(); pubkey.Clear(); Console.Read(); } }