1、Windows Data Protection 数据保护
File.WriteAllText ("myfile.txt", "");
File.Encrypt ("myfile.txt");
File.AppendAllText ("myfile.txt", "sensitive data");
ProtectedData API通过ProtectedData 类-提供了两个静态方法:
public static byte[] Protect (byte[] userData, byte[] optionalEntropy,DataProtectionScope scope);
public static byte[] Unprotect (byte[] encryptedData, byte[] optionalEntropy,DataProtectionScope scope);
很多在的System.Security.Cryptography类都存在mscorlib.dll and System.dll之中,但是ProtectedData 是一个例外,它存在System.Security.dll.
byte[] original = {1, 2, 3, 4, 5};
DataProtectionScope scope = DataProtectionScope.CurrentUser;
byte[] encrypted = ProtectedData.Protect (original, null, scope);
byte[] decrypted = ProtectedData.Unprotect (encrypted, null, scope);
// decrypted is now {1, 2, 3, 4, 5}
2、Hashing 哈希算法
哈希算法主要是使用HashAlgorithm 哈希算法中的ComputeHash 例如 :SHA256 和 MD5 :
byte[] hash;
using (Stream fs = File.OpenRead ("checkme.doc"))
hash = MD5.Create().ComputeHash (fs); // hash is 16 bytes long
byte[] data = System.Text.Encoding.UTF8.GetBytes ("stRhong%pword");
byte[] hash = SHA256.Create().ComputeHash (data);
3、Symmetric Encryption 对称加密解密
对称加密使用与解密相同的密钥,.NET Framework框架提供了四种对称算法,Rijndael是其中的佼佼者(发音为“Rhine Dahl”或“Rain Doll”)。Rijndael既快速又安全,
•从.NET Framework框架1.0开始就可用Rijndael类
byte[] key = {145,12,32,245,98,132,98,214,6,77,131,44,221,3,9,50};
byte[] iv = {15,122,132,5,93,198,44,31,9,39,241,49,250,188,80,7};
byte[] data = { 1, 2, 3, 4, 5 }; // This is what we're encrypting.
using (SymmetricAlgorithm algorithm = Aes.Create())
using (ICryptoTransform encryptor = algorithm.CreateEncryptor (key, iv))
using (Stream f = File.Create ("encrypted.bin"))
using (Stream c = new CryptoStream (f, encryptor, CryptoStreamMode.Write))
c.Write (data, 0, data.Length);
byte[] key = {145,12,32,245,98,132,98,214,6,77,131,44,221,3,9,50};
byte[] iv = {15,122,132,5,93,198,44,31,9,39,241,49,250,188,80,7};
byte[] decrypted = new byte[5];
using (SymmetricAlgorithm algorithm = Aes.Create())
using (ICryptoTransform decryptor = algorithm.CreateDecryptor (key, iv))
using (Stream f = File.OpenRead ("encrypted.bin"))
using (Stream c = new CryptoStream (f, decryptor, CryptoStreamMode.Read))
for (int b; (b = c.ReadByte()) > −1;)
Console.Write (b + " "); // 1 2 3 4 5
也可以使用System.Cryptography的RandomNumberGenerator 来产生上面的 key 和 iv,
byte[] key = new byte [16];
byte[] iv = new byte [16];
RandomNumberGenerator rand = RandomNumberGenerator.Create();
rand.GetBytes (key);
rand.GetBytes (iv);
System.Cryptography的RandomNumberGenerator 它产生的数字确实是不可预测的,或者是复杂加密的( 而 System.Random随机类无法保证提供相同的功能)。
4、Encrypting in Memory 在内存中的加密解密
public static byte[] Encrypt (byte[] data, byte[] key, byte[] iv)
using (Aes algorithm = Aes.Create())
using (ICryptoTransform encryptor = algorithm.CreateEncryptor (key, iv))
return Crypt (data, encryptor);
public static byte[] Decrypt (byte[] data, byte[] key, byte[] iv)
using (Aes algorithm = Aes.Create())
using (ICryptoTransform decryptor = algorithm.CreateDecryptor (key, iv))
return Crypt (data, decryptor);
static byte[] Crypt (byte[] data, ICryptoTransform cryptor)
MemoryStream m = new MemoryStream();
using (Stream c = new CryptoStream (m, cryptor, CryptoStreamMode.Write))
c.Write (data, 0, data.Length);
return m.ToArray();
public static string Encrypt (string data, byte[] key, byte[] iv)
return Convert.ToBase64String (Encrypt (Encoding.UTF8.GetBytes (data), key, iv));
public static string Decrypt (string data, byte[] key, byte[] iv)
return Encoding.UTF8.GetString (Decrypt (Convert.FromBase64String (data), key, iv));
byte[] kiv = new byte[16];
RandomNumberGenerator.Create().GetBytes (kiv);
string encrypted = Encrypt ("Yeah!", kiv, kiv);
Console.WriteLine (encrypted); // R1/5gYvcxyR2vzPjnT7yaQ==
string decrypted = Decrypt (encrypted, kiv, kiv);
Console.WriteLine (decrypted); // Yeah!
5、Chaining Encryption Streams 链式加密流
// Use default key/iv for demo.
using (Aes algorithm = Aes.Create())
using (ICryptoTransform encryptor = algorithm.CreateEncryptor())
using (Stream f = File.Create ("serious.bin"))
using (Stream c = new CryptoStream (f,encryptor,CryptoStreamMode.Write))
using (Stream d = new DeflateStream (c, CompressionMode.Compress))
using (StreamWriter w = new StreamWriter (d))
await w.WriteLineAsync ("Small and secure!");
using (ICryptoTransform decryptor = algorithm.CreateDecryptor())
using (Stream f = File.OpenRead ("serious.bin"))
using (Stream c = new CryptoStream (f, decryptor, CryptoStreamMode.Read))
using (Stream d = new DeflateStream (c, CompressionMode.Decompress))
using (StreamReader r = new StreamReader (d))
Console.WriteLine (await r.ReadLineAsync()); // Small and secure!
using (ICryptoTransform encryptor = algorithm.CreateEncryptor())
using(StreamWriter w = new StreamWriter (new DeflateStream (new CryptoStream (File.Create ("serious.bin"),encryptor,CryptoStreamMode.Write),CompressionMode.Compress)))
6、Public Key Encryption and Signing 非对称加密解密
6.1 RSA Class
byte[] data = { 1, 2, 3, 4, 5 }; // This is what we're encrypting.
using (var rsa = new RSACryptoServiceProvider())
byte[] encrypted = rsa.Encrypt (data, true);
byte[] decrypted = rsa.Decrypt (encrypted, true);
public static void TestEncryptgrapg()
//byte[] data = { 1, 2, 3, 4, 5 }; // This is what we're encrypting.
//using (var rsa = new RSACryptoServiceProvider())
// byte[] encrypted = rsa.Encrypt(data, true);
// byte[] decrypted = rsa.Decrypt(encrypted, true);
using var rsa = new RSACryptoServiceProvider();
File.WriteAllText("PublicKeyOnly.xml", rsa.ToXmlString(false));
File.WriteAllText("PublicPrivate.xml", rsa.ToXmlString(true));
byte[] data = Encoding.UTF8.GetBytes("Message to encrypt");
string publicKeyOnly = File.ReadAllText("PublicKeyOnly.xml");
string publicPrivate = File.ReadAllText("PublicPrivate.xml");
byte[] encrypted, decrypted;
using (var rsaPublicOnly = new RSACryptoServiceProvider())
encrypted = rsaPublicOnly.Encrypt(data, true);
// 下面的这解密就会报错,因为需要私钥解密
// decrypted = rsaPublicOnly.Decrypt (encrypted, true);
using (var rsaPublicPrivate = new RSACryptoServiceProvider())
// With the private key we can successfully decrypt:
decrypted = rsaPublicPrivate.Encrypt(encrypted, true);
string ss = Encoding.UTF8.GetString(decrypted);
6.2 Digital Signing数字签名
byte[] data = Encoding.UTF8.GetBytes ("Message to sign");
byte[] publicKey;
byte[] signature;
object hasher = SHA1.Create(); // Our chosen hashing algorithm.
// Generate a new key pair, then sign the data with it:
using (var publicPrivate = new RSACryptoServiceProvider())
signature = publicPrivate.SignData (data, hasher);
publicKey = publicPrivate.ExportCspBlob (false); // get public key
// Create a fresh RSA using just the public key, then test the signature.
using (var publicOnly = new RSACryptoServiceProvider())
publicOnly.ImportCspBlob (publicKey);
Console.Write (publicOnly.VerifyData (data, hasher, signature)); // True
// Let's now tamper with the data, and recheck the signature:
data[0] = 0;
Console.Write (publicOnly.VerifyData (data, hasher, signature)); // False
// The following throws an exception as we're lacking a private key:
signature = publicOnly.SignData (data, hasher);
using (var rsa = new RSACryptoServiceProvider())
byte[] hash = SHA1.Create().ComputeHash (data);
signature = rsa.SignHash (hash, CryptoConfig.MapNameToOID ("SHA1"));
简单的说就是 signature = publicPrivate.SignData(data, hasher);这一句换成下面两句
byte[] hash = SHA1.Create().ComputeHash(data);
signature = publicPrivate.SignHash(hash, CryptoConfig.MapNameToOID("SHA1"));
对称算法使用---RSACryptoServiceProvider Asymmetric algorithms--Encrypt Encrypt
MD5 and SHA256 are two of the HashAlgorithm subtypes provided by the .NET Framework. Here are all the major algorithms, in ascending order of security (and hash
length, in bytes):
MD5(16) → SHA1(20) → SHA256(32) → SHA384(48) → SHA512(64)
The shorter the algorithm, the faster it executes. MD5 is more than 20 times faster than SHA512 and is well suited to calculating file checksums. You can hash hundreds
of megabytes per second with MD5 , and then store its result in a Guid . (A Guid happens to be exactly 16 bytes long, and as a value type it is more tractable than a byte array;
you can meaningfully compare Guid s with the simple equality operator, for instance.)
However, shorter hashes increase the possibility of collision (two distinct files yielding the same hash).
Use at least SHA256 when hashing passwords or other securitysensitive data. MD5 and SHA1 are considered insecure for this
purpose, and are suitable to protect only against accidental corruption, not deliberate tampering.
SHA384 is no faster than SHA512 , so if you want more security than SHA256 , you may as well use SHA512
引用using System.Security.Cryptography;
static void Main(string[] args)
Log = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
