如何只加密/解密一定量的字节(文件)?
我正在实现文件的加密/解密,只有一定数量的字节应该加密。 例如:我有500 MB的大文件,我想加密(和当然解密)只有2 MB的文件。如何只加密/解密一定量的字节(文件)?
我已经实现了一切,加密工作正常(没有错误),但是当我运行解密它总是抛出这个错误:
System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.
at System.Security.Cryptography.CapiSymmetricAlgorithm.DepadBlock(Byte[] block, Int32 offset, Int32 count) at System.Security.Cryptography.CapiSymmetricAlgorithm.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
at System.Security.Cryptography.CryptoStream.Dispose(Boolean disposing)
at System.IO.Stream.Close()
at System.IO.Stream.Dispose()
at ...
然后我试图填充设为encryptor.Padding = PaddingMode.None;
(并尝试PaddingMode.Zeros等)。在使用此填充模式运行加密和解密之后,解密的结果没有错误/异常,但文件的加密部分仍然是加密的,但有点不同。我也检查了密码是否正确
现在我不再有解决方案如何处理文件的“部分”加密。有任何想法吗?如何处理这个填充或字节?
这是我的加密和一定量的字节的解密过程的代码(遗憾的长度,但只有你会知道:)):
static byte[] FILE_HEADER = Encoding.Default.GetBytes("header_of_file"); //this is written to the first line of encrypted file
static long limitBytes = 4096 * 8; //limit encryption to this amount of bytes
public static bool Encrypt(string inputFilePath, string outputfilePath, string EncryptionKey)
{
int bytesRead = 1;
long byteWriteCounter = 0;
long encryptedByteCounter = 0;
byte[] blength = null;
byte[] intBytes = null;
int bufferLen = 4096;
byte[] buffer = new byte[bufferLen];
blength = new byte[FILE_HEADER.Length];
long sumBytesRead = 0;
try
{
using (FileStream fsInput = new FileStream(inputFilePath, FileMode.Open))
{
fsInput.Read(blength, 0, blength.Length);
if (!blength.SequenceEqual(FILE_HEADER)) //read the FILE_HEADER - if not equal that we can encrypt otherwise is already encrypted
{
fsInput.Position = 0;
using (FileStream fsOutput = new FileStream(outputfilePath, FileMode.Create))
{
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (CryptoStream cs = new CryptoStream(fsOutput, encryptor.CreateEncryptor(), CryptoStreamMode.Write))
{
try
{
while (bytesRead != 0)
{
bytesRead = fsInput.Read(buffer, 0, bufferLen);
sumBytesRead += bytesRead;
if (sumBytesRead <= limitBytes) //limit encryption
{
if (bytesRead < bufferLen)
{
cs.Write(buffer, 0, bytesRead);
encryptedByteCounter += bytesRead;
byteWriteCounter += bytesRead;
intBytes = Encoding.Default.GetBytes(encryptedByteCounter.ToString("D7"));
fsOutput.Position = 0;
fsOutput.Write(FILE_HEADER, 0, FILE_HEADER.Length); //we write our header to file, to know which is encrypted
fsOutput.Write(intBytes, 0, intBytes.Length); //we write number of encrypted bytes next to header, for decryption to know
bytesRead = 0;
}
else
{
cs.Write(buffer, 0, bytesRead);
encryptedByteCounter += bytesRead;
byteWriteCounter += bytesRead;
}
}
else //if the file is bigger than limit, we continue to write normal data (unencrypted)
{
if (bytesRead < bufferLen)
{
fsOutput.Write(buffer, 0, bytesRead);
byteWriteCounter += bytesRead;
intBytes = Encoding.Default.GetBytes(encryptedByteCounter.ToString("D7"));
fsOutput.Position = 0;
fsOutput.Write(FILE_HEADER, 0, FILE_HEADER.Length);
fsOutput.Write(intBytes, 0, intBytes.Length);
bytesRead = 0;
}
else
{
fsOutput.Write(buffer, 0, bytesRead);
byteWriteCounter += bytesRead;
}
}
}
}
catch (SystemException se)
{
Console.WriteLine("Exception ENC: " + se);
}
}
}
}
return true;
}
else
{
//file is already encrypted
return false;
}
}
}
catch (SystemException se)
{
Console.WriteLine("Main ENC exception: "+se);
return false;
}
}
......和解密功能:
public static bool Decrypt(string inputFilePath, string outputfilePath, string EncryptionKey)
{
byte[] blength = null;
blength = new byte[FILE_HEADER.Length];
long byteWriteCounter = 0;
int bufferLen = 4096;
byte[] buffer = new byte[bufferLen];
int bytesRead = 1;
long decryptedByteCounter = 0;
long sumBytesRead = 0;
byte[] bufferEncBytes = new byte[7];
try
{
using (FileStream fsInput = new FileStream(inputFilePath, FileMode.Open))
{
fsInput.Read(blength, 0, blength.Length);
if (blength.SequenceEqual(FILE_HEADER))//check if is our encrypted file
{
fsInput.Read(bufferEncBytes, 0, bufferEncBytes.Length);
int numOfDecBytes = Convert.ToInt32(Encoding.Default.GetString(bufferEncBytes)); //get number of encrypted bytes
using (FileStream fsOutput = new FileStream(outputfilePath, FileMode.Create))
{
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (CryptoStream cs = new CryptoStream(fsOutput, encryptor.CreateDecryptor(), CryptoStreamMode.Write))
{
try
{
while (bytesRead != 0)
{
bytesRead = fsInput.Read(buffer, 0, bufferLen);
sumBytesRead += bytesRead;
if (sumBytesRead <= numOfDecBytes) //decrypt until limit
{
if (bytesRead < bufferLen)
{
cs.Write(buffer, 0, bytesRead);
decryptedByteCounter += bytesRead;
byteWriteCounter += bytesRead;
bytesRead = 0; //we are at the end of file, end everything
}
else
{
cs.Write(buffer, 0, bytesRead);
decryptedByteCounter += bytesRead;
byteWriteCounter += bytesRead;
}
}
else //if we have decrypted encrypted bytes, continue with rest of the (normal) data
{
if (bytesRead < bufferLen)
{
fsOutput.Write(buffer, 0, bytesRead);
byteWriteCounter += bytesRead;
bytesRead = 0;
}
else
{
fsOutput.Write(buffer, 0, bytesRead);
byteWriteCounter += bytesRead;
}
}
}
}
catch (SystemException se)
{
Console.WriteLine("Exception DECR: " + se);
}
}
}
}
return true;
}
else
{
//not right file for decryption
return false;
}
}
}
catch (SystemException eks)
{
Console.WriteLine("Error: " + eks); //here the exception of Invalid Padding is thrown
return false;
}
}
当您使用块密码进行加密时,大多数模式都会添加填充。这意味着加密数据将会是较长的,即原来的明文,因为有额外的填充。你需要保留加密数据的填充,否则你会得到错误的填充错误。
您可以确保仔细处理填充或切换到CTR模式,该模式不使用填充,给出与明文长度相同的密文。
使用Stream Cypher,如Rabbit或Salsa20会产生同样的效果。
在这种情况下,我该如何仔细处理Padding?此算法不支持CTR模式。 – OnlyKing
如果您将明文大小存储在密文前面,那么您可以尝试并实施填充到块大小的填充(即AES的0..15个字节)。在这种情况下,请确保您的缓冲区和要加密的字节数都是块大小的倍数。然后你可以使用'NoPadding'来加密/解密所需的字节。如果你已经加密到最大,那么你不需要填充。在另一种情况下,你可以通过填充零的缓冲区的最后部分来填充。 PS在你的情况下,我当然会考虑存储64位大小的明文。 –
加密,并记录* encrypted *字节的大小。将这些字节添加到文件的未加密部分的前面。保留一个固定大小的记录,将您预先添加到密文中的密文大小。在解密端,首先读取密文大小。然后解密那么多字节(填充应该自动消失)。将解密的明文前加到文件未加密的剩余部分。确保固定大小的长度变量足够大,以保持您需要的最长可能的密文大小。 – rossum
这基本上相当于调试文件处理。假设你的密文与纯文本一样大是错误的。假设你完全阅读你想要加密的明文的结尾似乎也是错误的。密文也可能比明文大。总而言之,许多错误和加密/解密方法试图做一切,而不是做出好的设计。 –
为什么你只想加密部分文件?这显然不安全。 – CodesInChaos
@ MaartenBodewes-owlstead我知道,有很多错误,我正在开发阶段测试,如果它符合我的逻辑。但是,你能帮助并提供解决方案如何实现加密字节的数量,在解密中可以计数和解密?或者我应该使用其他加密算法? – OnlyKing