解密資料
解密是加密的反向作業。 對於私密金鑰加密,您必須知道用來加密資料的金鑰和 IV。 對於公開金鑰加密,您必須知道公開金鑰 (如果資料是使用私密金鑰加密) 或私密金鑰 (如果資料是使用公開金鑰加密)。
對稱解密
使用對稱演算法加密資料的解密方式,類似使用對稱演算法加密資料的處理序。 CryptoStream 類別會與 .NET Framework 提供的對稱加密類別共同使用來解密讀取自任何 Managed 資料流物件的資料。
以下範例說明如何建立 RijndaelManaged 別的新執行個體,並使用它執行 CryptoStream 物件的解密。 這個範例首先建立 RijndaelManaged 類別的新執行個體。 接下來,建立 CryptoStream 物件並將它初始化為稱為 MyStream 的 Managed 資料流值。 接下來,用來加密的相同金鑰和 IV 會傳遞給來自 RijndaelManaged 類別的 CreateDecryptor 方法,然後再傳遞給 CryptoStream 建構函式。 最後,將 CryptoStreamMode.Read 列舉型別傳遞給 CryptoStream 建構函式,以指定資料流的讀取存取權限。
Dim RMCrypto As New RijndaelManaged()
Dim CryptStream As New CryptoStream(MyStream, RMCrypto.CreateDecryptor(RMCrypto.Key, RMCrypto.IV), CryptoStreamMode.Read)
RijndaelManaged RMCrypto = new RijndaelManaged();
CryptoStream CryptStream = new CryptoStream(MyStream, RMCrypto.CreateDecryptor(Key, IV), CryptoStreamMode.Read);
以下範例顯示整個處理序,包括建立資料流、解密資料流、讀取自資料流和關閉資料流。 當建立與接聽物件的連接時,會建立初始化網路資料流的 TCPListener 物件。 接著使用 CryptoStream 類別和 RijndaelManaged 類別來解密這個網路資料流。 這個範例假設金鑰和 IV 值已成功地傳輸或先前雙方已同意過。 它不會顯示加密和傳輸這些值所需的程式碼。
Imports System
Imports System.Net.Sockets
Imports System.Threading
Imports System.IO
Imports System.Net
Imports System.Security.Cryptography
Module Module1
Sub Main()
'The key and IV must be the same values that were used
'to encrypt the stream.
Dim Key As Byte() = {&H1, &H2, &H3, &H4, &H5, &H6, &H7, &H8, &H9, &H10, &H11, &H12, &H13, &H14, &H15, &H16}
Dim IV As Byte() = {&H1, &H2, &H3, &H4, &H5, &H6, &H7, &H8, &H9, &H10, &H11, &H12, &H13, &H14, &H15, &H16}
Try
'Initialize a TCPListener on port 11000
'using the current IP address.
Dim TCPListen As New TcpListener(IPAddress.Any, 11000)
'Start the listener.
TCPListen.Start()
'Check for a connection every five seconds.
While Not TCPListen.Pending()
Console.WriteLine("Still listening. Will try in 5 seconds.")
Thread.Sleep(5000)
End While
'Accept the client if one is found.
Dim TCP As TcpClient = TCPListen.AcceptTcpClient()
'Create a network stream from the connection.
Dim NetStream As NetworkStream = TCP.GetStream()
'Create a new instance of the RijndaelManaged class
'and decrypt the stream.
Dim RMCrypto As New RijndaelManaged()
'Create an instance of the CryptoStream class, pass it the NetworkStream, and decrypt
'it with the Rijndael class using the key and IV.
Dim CryptStream As New CryptoStream(NetStream, RMCrypto.CreateDecryptor(Key, IV), CryptoStreamMode.Read)
'Read the stream.
Dim SReader As New StreamReader(CryptStream)
'Display the message.
Console.WriteLine("The decrypted original message: {0}", SReader.ReadToEnd())
'Close the streams.
SReader.Close()
NetStream.Close()
TCP.Close()
'Catch any exceptions.
Catch
Console.WriteLine("The Listener Failed.")
End Try
End Sub
End Module
using System;
using System.Net.Sockets;
using System.Threading;
using System.IO;
using System.Net;
using System.Security.Cryptography;
class Class1
{
static void Main(string[] args)
{
//The key and IV must be the same values that were used
//to encrypt the stream.
byte[] Key = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16};
byte[] IV = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16};
try
{
//Initialize a TCPListener on port 11000
//using the current IP address.
TcpListener TCPListen = new TcpListener(IPAdress.Any, 11000);
//Start the listener.
TCPListen.Start();
//Check for a connection every five seconds.
while(!TCPListen.Pending())
{
Console.WriteLine("Still listening. Will try in 5 seconds.");
Thread.Sleep(5000);
}
//Accept the client if one is found.
TcpClient TCP = TCPListen.AcceptTcpClient();
//Create a network stream from the connection.
NetworkStream NetStream = TCP.GetStream();
//Create a new instance of the RijndaelManaged class
// and decrypt the stream.
RijndaelManaged RMCrypto = new RijndaelManaged();
//Create a CryptoStream, pass it the NetworkStream, and decrypt
//it with the Rijndael class using the key and IV.
CryptoStream CryptStream = new CryptoStream(NetStream,
RMCrypto.CreateDecryptor(Key, IV),
CryptoStreamMode.Read);
//Read the stream.
StreamReader SReader = new StreamReader(CryptStream);
//Display the message.
Console.WriteLine("The decrypted original message: {0}", SReader.ReadToEnd());
//Close the streams.
SReader.Close();
NetStream.Close();
TCP.Close();
}
//Catch any exceptions.
catch
{
Console.WriteLine("The Listener Failed.");
}
}
}
若要讓前述範例運作順利,對接聽項 (Listener) 必須建立加密的連接。 這個連接必須使用接聽項中所使用的相同金鑰、IV 和演算法。 如果建立了這類連接,這個訊息就會解密並且顯示在主控台。
非對稱解密
基本上,一方 (A 方) 會同時產生公開及私密金鑰,並將其儲存到記憶體或密碼編譯金鑰容器中。 接著 A 方將公開金鑰傳給另一方 (B 方)。 B 方利用公開金鑰加密資料,然後將資料傳回 A 方。 收到資料之後,A 方會使用對應的私密金鑰將它解密。 只有使用與 B 方用來加密資料的公開金鑰對應之私密金鑰,才能順利解密。
如需如何將非對稱金鑰儲存在安全密碼編譯金鑰容器中,以及未來如何擷取非對稱金鑰的詳細資訊,請參閱 HOW TO:將對稱金鑰儲存在金鑰容器中。
以下範例說明代表對稱金鑰和 IV 的兩個位元組陣列的解密。 如需如何從 RSACryptoServiceProvider 物件中以方便傳給第三方的格式擷取非對稱公開金鑰的詳細資訊,請參閱加密資料。
'Create a new instance of the RSACryptoServiceProvider class.
Dim RSA As New RSACryptoServiceProvider()
' Export the public key information and send it to a third party.
' Wait for the third party to encrypt some data and send it back.
'Decrypt the symmetric key and IV.
SymmetricKey = RSA.Decrypt(EncryptedSymmetricKey, False)
SymmetricIV = RSA.Decrypt(EncryptedSymmetricIV, False)
//Create a new instance of the RSACryptoServiceProvider class.
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider();
// Export the public key information and send it to a third party.
// Wait for the third party to encrypt some data and send it back.
//Decrypt the symmetric key and IV.
SymmetricKey = RSA.Decrypt( EncryptedSymmetricKey, false);
SymmetricIV = RSA.Decrypt( EncryptedSymmetricIV , false);