CryptographicEngine.EncryptAndAuthenticate 方法
定義
重要
部分資訊涉及發行前產品,在發行之前可能會有大幅修改。 Microsoft 對此處提供的資訊,不做任何明確或隱含的瑕疵擔保。
執行已驗證的加密。
public:
static EncryptedAndAuthenticatedData ^ EncryptAndAuthenticate(CryptographicKey ^ key, IBuffer ^ data, IBuffer ^ nonce, IBuffer ^ authenticatedData); static EncryptedAndAuthenticatedData EncryptAndAuthenticate(CryptographicKey const& key, IBuffer const& data, IBuffer const& nonce, IBuffer const& authenticatedData);public static EncryptedAndAuthenticatedData EncryptAndAuthenticate(CryptographicKey key, IBuffer data, IBuffer nonce, IBuffer authenticatedData);function encryptAndAuthenticate(key, data, nonce, authenticatedData)Public Shared Function EncryptAndAuthenticate (key As CryptographicKey, data As IBuffer, nonce As IBuffer, authenticatedData As IBuffer) As EncryptedAndAuthenticatedData參數
- key
- CryptographicKey
用於加密的對稱金鑰。
- data
- IBuffer
要加密和驗證的資料。
- nonce
- IBuffer
要使用的 Nonce。 Nonce 是具有最少重複機率的變數。 例如,您可以使用針對每個用途新產生的隨機值、時間戳記、序號或其中一些組合。 Microsoft GCM 實作需要 12 位元組 nonce。 CCM 實作需要 7 到 13 位元組 nonce。
- authenticatedData
- IBuffer
已驗證的資料。 這可以是 Null。
傳回
加密和已驗證的資料。如果方法失敗,驗證就會失敗;如果方法成功,驗證也會成功。
範例
public void AuthenticatedDecryption(
String strAlgName,
CryptographicKey key,
EncryptedAndAuthenticatedData objEncrypted,
BinaryStringEncoding encoding,
IBuffer buffNonce)
{
// Declare a buffer to contain the decrypted data.
IBuffer buffDecrypted;
// Open a SymmetricKeyAlgorithmProvider object for the specified algorithm.
SymmetricKeyAlgorithmProvider objAlgProv = SymmetricKeyAlgorithmProvider.OpenAlgorithm(strAlgName);
// The input key must be securely shared between the sender of the encrypted message
// and the recipient. The nonce must also be shared but does not need to be shared
// in a secure manner. If the sender encodes the message string to a buffer, the
// binary encoding method must also be shared with the recipient.
// The recipient uses the DecryptAndAuthenticate() method as follows to decrypt the
// message, authenticate it, and verify that it has not been altered in transit.
buffDecrypted = CryptographicEngine.DecryptAndAuthenticate(
key,
objEncrypted.EncryptedData,
buffNonce,
objEncrypted.AuthenticationTag,
null);
// Convert the decrypted buffer to a string (for display). If the sender created the
// original message buffer from a string, the sender must tell the recipient what
// BinaryStringEncoding value was used. Here, BinaryStringEncoding.Utf8 is used to
// convert the message to a buffer before encryption and to convert the decrypted
// buffer back to the original plaintext.
String strDecrypted = CryptographicBuffer.ConvertBinaryToString(encoding, buffDecrypted);
}
備註
已驗證的加密會加密,並在一項作業中驗證內容。 驗證器也稱為標記,會在加密期間使用,而進程的輸出包含標籤加密文字組。 如需詳細資訊,請參閱 AuthenticationTag 和 EncryptedData 屬性。 解密程式會針對 標記驗證加密文字。
您可以在SymmetricKeyAlgorithmProvider類別上呼叫OpenAlgorithm方法並指定要開啟的演算法名稱之後,使用已驗證的加密演算法。 已驗證的加密和解密支援下列演算法名稱:
- SymmetricAlgorithmNames.AesGcm
- SymmetricAlgorithmNames.AesCcm 如需包含下列程式碼範例的完整範例,請參閱 EncryptedAndAuthenticatedData 類別。