Shulou(Shulou.com)05/31 Report--

How to use RSA certificates to encrypt and decrypt sensitive data, many novices are not very clear about this. In order to help you solve this problem, the following editor will explain it in detail. People with this need can come and learn. I hope you can get something.

In the description of RSA algorithm, the MyTestCert certificate generated by makecert tool is used for encryption and decryption, which has a key pair of 1024 bits of RSA algorithm.

Figure 12. The encryption and decryption process of RSA is as follows:

1. Generate and issue certificates

The certificate uses the MyTestCert generated in the previous section "getting with the makecert tool", which can also be a certificate obtained from a commercial CA. The certificate you get should be a comprehensive certificate with both public and private keys, and it should be a certificate in the form of pfx. To get rid of the data, you must issue your public key to the encrypted party who uses your public key to encrypt the data. The certificate either exists as a pfx or is imported into the certificate store.

In case your certificate exists in the certificate store, you can export a cer certificate that contains only the public key through the certificate export function provided by the certificate control desk. In case the certificate exists as a pfx certificate file, you can read the certificate through the code and export it as an cer certificate with only the public key.

2. Convert the plaintext of a string to the encoded byte stream corresponding to a code page

There may be two forms of data to be encrypted, one is binary data, even if it is a set of byte streams, such data can skip this step and go directly into the encryption link. There is also a case of string data, where the same characters in a string generate different bytecodes using different code pages, so the conversion from a string to a byte stream must specify which encoding to use. After decryption, to switch from byte circulation to string is about to use the same code page to decode, otherwise the garbled will be revealed.

/ / keep the byte array of plaintext files

Byte [] plainTextByte = Encoding.UTF8.GetBytes (& ldquo http://www.9tishop.info/lianxiwomen/545.htmlhttp://www.damuge.info/gongsi/627.html;RSA certificate encrypts http://www.myfo4.info/lianxiwomen/627.html!"); for sensitive data

Here, the plaintext is encoded with the utf8 code page, and the plaintext string is converted into a byte stream.

3. Encryption monopoly

/ / load a certificate from a certificate file that includes only the public key

X509Certificate2 myX509Certificate2 = new X509Certificate2 (@ "C:/Samples/PartnerAEncryptMsg/MyTestCert.cer")

/ / obtain RSACryptoServiceProvider with public key from cer certificate

RSACryptoServiceProvidermyRSACryptoServiceProvider = (RSACryptoServiceProvider) myX509Certificate2.PublicKey.Key

/ / use RSACryptoServiceProvider to encrypt Ming text throttling to encrypted text throttling

Byte [] Cryptograph = myRSACryptoServiceProvider.Encrypt (plainTextByte,gexinghua.org false)

Using the key encryption of 1024, the raw material should be the original data of byte [] with 128bytes (1024 bits), and the encrypted data is also 128bytes (1024 bits). In case the plaintext is less than 128bytes, RSACryptoServiceProvider will actively supplement 128bytes with random numbers.

Dotnet's RSA finally has a personality, it must add some random numbers in plaintext, so plaintext can not fill 128bytes, practical test, plaintext up to 117bytes, leaving space to add random numbers.

Therefore, using a unified key to encrypt a unified string of strings, the ciphertext obtained each time is different.

4. Decryption monopoly

/ / load the certificate from the certificate file. If there is a private key, you must provide the password set when you retain the certificate.

X509Certificate2 myX509Certificate2 = new X509Certificate2 (@ "C:/Samples/PartnerAEncryptMsg/MyTestCert.pfx", "password")

/ / obtain RSACryptoServiceProvider with private key from certificate

RSACryptoServiceProvidermyRSACryptoServiceProvider = (RSACryptoServiceProvider) myX509Certificate2.PrivateKey

/ / use RSACryptoServiceProvider to decrypt the encrypted text throttling into plaintext throttling

Byte [] plaintextByte = myRSACryptoServiceProvider.Decrypt (Cryptograph, false)

Decryption must be loaded with a pfx certificate with a private key, and a private key defense password must be provided.

5. circulate from encoded bytes to string plaintext

Use the same code page utf8 approved during encryption to convert the decrypted plaintext byte [] into a string: string Plaintext = Encoding.UTF8.GetString (plaintextByte)

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.