跨平台加密/解密处理密钥和初始化向量(IV)

Question

在查看了许多示例之后，我将一些加密/解密方法组合在一起，这些方法利用Rfc2898DeriveBytes来获得密钥和初始化向量。我担心的是，接收我的加密内容的一方必须能够解密它。因为我无法控制他们所使用的语言(可以是Java、PHP、C等)。我如何确保他们能够像我使用.NET中的Rfc2898DeriveBytes类那样派生密钥和初始化向量(IV)？下面是我正在使用的加密和解密方法。

Public Shared Function EncryptText(ByVal plainText As String, ByVal password As String) As String

  Dim aesCrypto As Rijndael = Nothing
  Dim plainTextBytes As Byte()
  plainTextBytes = Encoding.Default.GetBytes(plainText)

  Dim rfc2898 As Rfc2898DeriveBytes
  rfc2898 = New Rfc2898DeriveBytes(password, GenerateSalt(password))
  aesCrypto = Rijndael.Create()
  aesCrypto.Padding = PaddingMode.ISO10126
  Dim tx As ICryptoTransform
  tx = aesCrypto.CreateEncryptor(rfc2898.GetBytes(32), rfc2898.GetBytes(16))
  Dim encryptedBytes As Byte()
  encryptedBytes = tx.TransformFinalBlock(plainTextBytes, 0, plainTextBytes.Length)
  Return Convert.ToBase64String(encryptedBytes)

End Function

Public Shared Function DecryptText(ByVal encryptedText As String, ByVal password As String) As String

  Dim aesCrypto As Rijndael = Nothing
  Dim encryptedTextBytes As Byte()
  encryptedTextBytes = Convert.FromBase64String(encryptedText)

  Dim rfc2898 As Rfc2898DeriveBytes
  rfc2898 = New Rfc2898DeriveBytes(password, GenerateSalt(password))
  aesCrypto = Rijndael.Create()
  aesCrypto.Padding = PaddingMode.ISO10126
  Dim tx As ICryptoTransform
  tx = aesCrypto.CreateEncryptor(rfc2898.GetBytes(32), rfc2898.GetBytes(16))
  Dim decryptedBytes As Byte()
  decryptedBytes = tx.TransformFinalBlock(encryptedTextBytes, 0, encryptedTextBytes.Length)
  Return Encoding.Default.GetString(decryptedBytes)

End Function

Answer 1

您将告诉接收者实现PBKDF2，这是在RFC2898和PKCS #5中定义的标准。Microsoft's documentation说他们的函数使用HMAC-SHA-1作为伪随机函数，使用1000作为默认的迭代次数。这是他们需要的信息。

但是，您还需要在发送端传输使用GenerateSalt()创建的salt。接收者不能自己调用GenerateSalt() -应该为每条消息随机生成它。