RSA 是常用的非对称加密算法。最近使用时却出现了“不正确的长度”的异常,研究发现是由于待加密的数据超长所致。
.NET Framework 中提供的 RSA 算法规定:
待加密的字节数不能超过密钥的长度值除以 8 再减去 11(即:RSACryptoServiceProvider.KeySize / 8 - 11),而加密后得到密文的字节数,正好是密钥的长度值除以 8(即:RSACryptoServiceProvider.KeySize / 8)。
所以,如果要加密较长的数据,则可以采用分段加解密的方式,实现方式如下:
namespace Macroresolute.RSACryptoService
{
public static class RSACrypto
{
private static readonly Encoding Encoder = Encoding.UTF8; public static String Encrypt(this String plaintext)
{
X509Certificate2 _X509Certificate2 = RSACrypto.RetrieveX509Certificate();
using (RSACryptoServiceProvider RSACryptography = _X509Certificate2.PublicKey.Key as RSACryptoServiceProvider)
{
Byte[] PlaintextData = RSACrypto.Encoder.GetBytes(plaintext);
int MaxBlockSize = RSACryptography.KeySize / - ; //加密块最大长度限制 if (PlaintextData.Length <= MaxBlockSize)
return Convert.ToBase64String(RSACryptography.Encrypt(PlaintextData, false)); using (MemoryStream PlaiStream = new MemoryStream(PlaintextData))
using (MemoryStream CrypStream = new MemoryStream())
{
Byte[] Buffer = new Byte[MaxBlockSize];
int BlockSize = PlaiStream.Read(Buffer, , MaxBlockSize); while (BlockSize > )
{
Byte[] ToEncrypt = new Byte[BlockSize];
Array.Copy(Buffer, , ToEncrypt, , BlockSize); Byte[] Cryptograph = RSACryptography.Encrypt(ToEncrypt, false);
CrypStream.Write(Cryptograph, , Cryptograph.Length); BlockSize = PlaiStream.Read(Buffer, , MaxBlockSize);
} return Convert.ToBase64String(CrypStream.ToArray(), Base64FormattingOptions.None);
}
}
} public static String Decrypt(this String ciphertext)
{
X509Certificate2 _X509Certificate2 = RSACrypto.RetrieveX509Certificate();
using (RSACryptoServiceProvider RSACryptography = _X509Certificate2.PrivateKey as RSACryptoServiceProvider)
{
Byte[] CiphertextData = Convert.FromBase64String(ciphertext);
int MaxBlockSize = RSACryptography.KeySize / ; //解密块最大长度限制 if (CiphertextData.Length <= MaxBlockSize)
return RSACrypto.Encoder.GetString(RSACryptography.Decrypt(CiphertextData, false)); using (MemoryStream CrypStream = new MemoryStream(CiphertextData))
using (MemoryStream PlaiStream = new MemoryStream())
{
Byte[] Buffer = new Byte[MaxBlockSize];
int BlockSize = CrypStream.Read(Buffer, , MaxBlockSize); while (BlockSize > )
{
Byte[] ToDecrypt = new Byte[BlockSize];
Array.Copy(Buffer, , ToDecrypt, , BlockSize); Byte[] Plaintext = RSACryptography.Decrypt(ToDecrypt, false);
PlaiStream.Write(Plaintext, , Plaintext.Length); BlockSize = CrypStream.Read(Buffer, , MaxBlockSize);
} return RSACrypto.Encoder.GetString(PlaiStream.ToArray());
}
}
} private static X509Certificate2 RetrieveX509Certificate()
{
return null; //检索用于 RSA 加密的 X509Certificate2 证书
}
}
}
注:以上加密方法返回的字符串类型为原始的 Base-64 ,若要用于 URL 传输,需另行处理!
分享自:http://www.cnblogs.com/zys529/archive/2012/05/24/2516539.html