问题描述

我已经看到了这个问题问过，但在这种情况下，海报要加密一个面向公众的网站上的东西（通常是URL），以及反应大多是不！。在我的情况，但是，JavaScript的将被存储在一个非公开的内部系统中，所以我觉得我有更大的回旋余地。类似的问题的一个例子是： - 和答案实际上不回答这个问题。

I've seen this question asked before, though in these cases the poster wanted to encrypt something (usually a url) on a public facing website, and the responses were mostly "don't!". In my case, however, the JavaScript will be stored within a non-public internal system, so I think I have more leeway. One example of a similar question is: How to encrypt url in javascript and decrypt in c# - and the answers don't actually answer the question.

我的'的JavaScript'其实是'SuiteScript，其定义为SuiteScript是一个基于JavaScript的API，让开发者来扩展NetSuite公司的能力，其中NetSuite的是托管型CRM包，所以用我的字符串加密任何编码将被隐藏到每一个人，除了我的公司的雇员（这么考虑。安全隐患）

My 'JavaScript' is actually 'SuiteScript', which is defined as "SuiteScript is a JavaScript-based API that gives developers the ability to extend NetSuite", where NetSuite is a hosted CRM package, so any coding used to encrypt my string would be hidden to everyone, except for employees of my company (so considered safely hidden).

我想要做的是：

1. 生成查询字符串（如：用户ID = guidValue&放大器;的firstName = stringValue的&安培;公司= stringValue的&安培; ...），


2. 加密使用一个安全的方法（例如AES256，RSA，不管有人能认为是安全的）


3. 拨打网页上我的C＃为基础的网站的URL通过此字符串（如mysite.com/mypage.aspx?encStr=encryptedString）


4. 有一个C＃页解密，分隔名称/值对它们进行处理。

1. generate a querystring (e.g. userid=guidValue&firstName=stringValue&company=stringValue&...),
2. encrypt that using a secure method (such as AES256, RSA, whatever someone can suggest that's secure),
3. call a webpage on my C# based website passing this string in the URL (e.g. mysite.com/mypage.aspx?encStr=encryptedString)
4. have that C# page decrypt it, separate the name/value pairs and process them.

我周围的一派，搜索计算器但发现，提供可以由两种技术一起使用的加密方法的明确指令的任何物品或解答。有没有人有这样的指令？

I've googled around and search stackoverflow, but not found any articles or answers that provide clear instructions of an encryption method that can be used by both technologies. Does anyone have such instructions?

推荐答案

最简单的方法是使用一个库作为的那个（在此情况下，AES）实现一个标准，并使用相同的密码在C＃中（通过或的）。

Symmetrical

The simplest way is to use a library as the Stanford Javascript Crypto Library that implement a standard (AES in this case) and to use the same cipher in C# (via AesManaged or AesCryptoServiceProvider).

您会得到一个对称加密但几乎没有更多的不止一个参数（键），这两个库工作设置。

You'll get a symmetrical cipher but there nearly no more than one parameter (the key) to set for both libs to work.

您也可以使用非对称（公钥）加密来代替。攻击者得到它的手在JavaScript代码将能够制作的请求发送到您的服务器，但将无法拦截其他请求。

You could also use an asymmetrical (Public-Key) cipher instead. An attacker getting it's hand on the javascript code would be able to send crafted requests to your server but won't be able to intercept other requests.

有是一个实现和的类提供.NET中的支持

There is an implementation of RSA in javascript and the RSACryptoServiceProvider class provide the support in .Net

一个包括对RSA的路径在JavaScript LIB（使用.NET实现时强制）支持填充

A full example is available in Code project including a path to the RSA in javascript lib to support padding (mandatory when using the .Net implementation)

这两种论点的解决方案本身是容易受到重放（攻击者截获一个字符串，并把它发回后 - 可能多次 - 到服务器）

Both of theses solutions by themselves are vulnerable to replay (an attacker intercepting a string and sending it back later -- potentially multiple times -- to the server)

这篇关于我如何可以加密在JavaScript中的字符串和解密在C＃中该字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！