Compartilhar via


EncryptedAndAuthenticatedData Classe

Definição

Contém dados que podem ser recuperados de dados criptografados e autenticados. Algoritmos de criptografia autenticados são abertos usando a classe SymmetricKeyAlgorithmProvider .

public ref class EncryptedAndAuthenticatedData sealed
/// [Windows.Foundation.Metadata.ContractVersion(Windows.Foundation.UniversalApiContract, 65536)]
/// [Windows.Foundation.Metadata.MarshalingBehavior(Windows.Foundation.Metadata.MarshalingType.Agile)]
class EncryptedAndAuthenticatedData final
[Windows.Foundation.Metadata.ContractVersion(typeof(Windows.Foundation.UniversalApiContract), 65536)]
[Windows.Foundation.Metadata.MarshalingBehavior(Windows.Foundation.Metadata.MarshalingType.Agile)]
public sealed class EncryptedAndAuthenticatedData
Public NotInheritable Class EncryptedAndAuthenticatedData
Herança
Object Platform::Object IInspectable EncryptedAndAuthenticatedData
Atributos

Requisitos do Windows

Família de dispositivos
Windows 10 (introduzida na 10.0.10240.0)
API contract
Windows.Foundation.UniversalApiContract (introduzida na v1.0)

Exemplos

using Windows.Security.Cryptography;
using Windows.Security.Cryptography.Core;
using Windows.Storage.Streams;

namespace SampleEncryptedAndAuthenticatedData
{
    sealed partial class EncryptedAuthenticatedDataApp : Application
    {
        // Initialize a static nonce value.
        static byte[] NonceBytes = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };

        public EncryptedAuthenticatedDataApp()
        {
            // Initialize the application.
            this.InitializeComponent();

            // Initialize the encryption method.
            String strMsg = "This is a message.";   // Message to encrypt and authenticate.
            String strAlgName = SymmetricAlgorithmNames.AesGcm;
            UInt32 keyLength = 32;                  // Length of the key, in bytes
            BinaryStringEncoding encoding;          // Binary encoding
            IBuffer buffNonce;                      // Nonce
            CryptographicKey key;                   // Symmetric key

            // Encrypt and authenticate the message.
            EncryptedAndAuthenticatedData objEncrypted = this.AuthenticatedEncryption(
                strMsg,
                strAlgName,
                keyLength,
                out encoding,
                out buffNonce,
                out key);

            // Decrypt the encrypted data.
            this.AuthenticatedDecryption(
                strAlgName,
                key,
                objEncrypted,
                encoding,
                buffNonce);
        }

        public EncryptedAndAuthenticatedData AuthenticatedEncryption(
            String strMsg,
            String strAlgName, 
            UInt32 keyLength, 
            out BinaryStringEncoding encoding, 
            out IBuffer buffNonce,
            out CryptographicKey key)
        {
            // Open a SymmetricKeyAlgorithmProvider object for the specified algorithm.
            SymmetricKeyAlgorithmProvider objAlgProv = SymmetricKeyAlgorithmProvider.OpenAlgorithm(strAlgName);

            // Create a buffer that contains the data to be encrypted.
            encoding = BinaryStringEncoding.Utf8;
            IBuffer buffMsg = CryptographicBuffer.ConvertStringToBinary(strMsg, encoding);

            // Generate a symmetric key.
            IBuffer keyMaterial = CryptographicBuffer.GenerateRandom(keyLength);
            key = objAlgProv.CreateSymmetricKey(keyMaterial);

            // Generate a new nonce value.
            buffNonce = GetNonce();

            // Encrypt and authenticate the message.
            EncryptedAndAuthenticatedData objEncrypted = CryptographicEngine.EncryptAndAuthenticate(
                key,
                buffMsg,
                buffNonce,
                null);

            return objEncrypted;

        }

        public void AuthenticatedDecryption(
            String strAlgName, 
            CryptographicKey key,
            EncryptedAndAuthenticatedData objEncrypted,
            BinaryStringEncoding encoding, 
            IBuffer buffNonce)
        {
            // Declare a buffer to contain the decrypted data.
            IBuffer buffDecrypted;

            // Open a SymmetricKeyAlgorithmProvider object for the specified algorithm.
            SymmetricKeyAlgorithmProvider objAlgProv = SymmetricKeyAlgorithmProvider.OpenAlgorithm(strAlgName);

            // The input key must be securely shared between the sender of the encrypted message
            // and the recipient. The nonce must also be shared but does not need to be shared
            // in a secure manner. If the sender encodes the message string to a buffer, the
            // binary encoding method must also be shared with the recipient.
            // The recipient uses the DecryptAndAuthenticate() method as follows to decrypt the 
            // message, authenticate it, and verify that it has not been altered in transit.
            buffDecrypted = CryptographicEngine.DecryptAndAuthenticate(
                key,
                objEncrypted.EncryptedData,
                buffNonce,
                objEncrypted.AuthenticationTag,
                null);

            // Convert the decrypted buffer to a string (for display). If the sender created the
            // original message buffer from a string, the sender must tell the recipient what 
            // BinaryStringEncoding value was used. Here, BinaryStringEncoding.Utf8 is used to
            // convert the message to a buffer before encryption and to convert the decrypted
            // buffer back to the original plaintext.
            String strDecrypted = CryptographicBuffer.ConvertBinaryToString(encoding, buffDecrypted);

        }

        IBuffer GetNonce()
        {
            // Security best practises require that an ecryption operation not
            // be called more than once with the same nonce for the same key.
            // A nonce value can be predictable, but must be unique for each
            // secure session.

            NonceBytes[0]++;
            for (int i = 0; i < NonceBytes.Length - 1; i++)
            {
                if (NonceBytes[i] == 255)
                {
                    NonceBytes[i + 1]++;
                }
            }

            return CryptographicBuffer.CreateFromByteArray(NonceBytes);
        }
    }
}

Comentários

A criptografia autenticada criptografa e autentica o conteúdo em uma operação. Um autenticador, também chamado de marca, é usado durante a criptografia e a saída do processo contém um par de texto cifrado de marca. Para obter mais informações, consulte as propriedades AuthenticationTag e EncryptedData . O processo de descriptografia verifica o texto cifrado em relação à marca.

Você pode usar um algoritmo de criptografia autenticado depois de chamar o método OpenAlgorithm na classe SymmetricKeyAlgorithmProvider e especificar o nome do algoritmo a ser aberto. Há suporte para os seguintes nomes de algoritmo para criptografia e descriptografia autenticadas:

  • AES_GCM
  • AES_CCM

Propriedades

AuthenticationTag

Obtém a marca de autenticação.

EncryptedData

Obtém os dados criptografados.

Aplica-se a

Confira também