我正在通过XML流发布到Web服务的项目。在这种情况下,提供者请求使用128位初始化向量以密码块链接(CBC)模式下的高级加密标准(AES)对路由xml进行加密。我在VB.Net中进行了编码,并且根据我所知道的我已经满足了他们的所有加密要求,但是当我提交该帖子时,我一直收到“无效的路由输入加密”错误响应。我没有做太多的加密工作,所以我希望有一些有加密经验的人可以帮助我。它是否失败,因为我没有正确的前缀IV?在AES中是否有标准的方法来将IV合并到密码数据中?或者我自己在做加密本身有问题吗?我在这里呆了一段时间,尝试了几种不同的加密方式,但没有成功。下面列出的是我的代码和加密要求的摘要。.Net使用AES和128位加密XML流初始化向量
生成使用高级加密标准(AES)在密码块链接(CBC)具有128位初始化向量[AES]算法模式的对称密钥。不要使用零字节初始化向量。
使用AES对称密钥加密有效的路由输入xml文档。在128位初始化向量的前面加上密码文本。 (不建议使用所有0字节的初始化向量。)
Base64编码初始化向量和加密路由输入xml文档。
使用base64编码的初始化向量和加密的Routing Input xml文档构建ENCRYPTED_RI xml元素。
生成明文Routing Input xml文档的SHA1哈希值。
连接明文路由输入xml文档和AES对称密钥的SHA1哈希。 (SHA1哈希+ AES对称密钥)
使用公钥和RSA版本1.5算法[RFC 2437]加密连接结果。
Base64对加密级联结果进行编码。
使用base64编码的加密级联结果构建ENCRYPTED_KEY xml元素。
这里是我的代码:
Sub CreateEncryptionXML()
'############
'## CREATE AES KEY AND IV
'############
Dim SymKey() As Byte
Dim IV() As Byte
Dim aes As New AesCryptoServiceProvider
Using myAes As Aes = System.Security.Cryptography.Aes.Create()
myAes.KeySize = 128
myAes.BlockSize = 128
myAes.Mode = CipherMode.CBC
myAes.Key = Encoding.UTF8.GetBytes("MyEncryptionKey1")
myAes.IV = Encoding.UTF8.GetBytes("MyInitialVector1")
SymKey = myAes.Key
IV = myAes.IV
End Using
'############
'## ENCRYPT ROUTING INPUT XML DOC
'############
Dim riXml As New XmlDocument
riXml.Load("C:\routingdoc.xml")
aes.Key = SymKey
aes.IV = IV
aes.Mode = CipherMode.CBC
' Convert the plaintext string to a byte array.
Dim plaintextBytes() As Byte = System.Text.Encoding.UTF8.GetBytes(riXml.OuterXml.ToString())
' Create the stream.
Dim ms As New System.IO.MemoryStream
' Create the encoder to write to the stream.
Dim encStream As New CryptoStream(ms, aes.CreateEncryptor(), System.Security.Cryptography.CryptoStreamMode.Write)
' Use the crypto stream to write the byte array to the stream.
encStream.Write(plaintextBytes, 0, plaintextBytes.Length)
encStream.FlushFinalBlock()
'############
'## PREFIX CIPHER TEXT WITH IV
'############
Dim encRiXml() As Byte = ms.ToArray
Dim arraySize As Integer = IV.Length + encRiXml.Length
Dim Merged(arraySize) As Byte
IV.CopyTo(Merged, 0)
encRiXml.CopyTo(Merged, IV.Length)
Dim Base64IVEncRiXML As String = Convert.ToBase64String(Merged)
'******** I BELIVE EVERYTHING PAST HERE IS CORRECT BUT INCLUDED IT TO SHOW WHOLE PROCESS **********
'############
'## CREATE SHA1 HASH FOR PLAINTEXT ROUTING INPUT
'############
Dim hash() As Byte = New SHA1Managed().ComputeHash(Encoding.UTF8.GetBytes(riXml.OuterXml.ToString()))
'############
'## CONCATENATE THE SHA1 HASH OF PLAINTEXT ROUTING INPUT XML WITH AES KEY
'############
Dim arraySize2 As Integer = hash.Length + SymKey.Length
Dim Merged2(arraySize2) As Byte
hash.CopyTo(Merged2, 0)
SymKey.CopyTo(Merged2, hash.Length)
'############
'## ENCRYPT CONCATENATED RESULT USING RSA
'############
Dim EncryptionKey As String = File.ReadAllText("C:\cert-1.txt").Replace("-----BEGIN CERTIFICATE-----" & vbCr & vbLf, "").Replace("-----END CERTIFICATE-----", "")
TextBox1.Text = EncryptionKey
Dim binaryCertData() As Byte = Convert.FromBase64String(EncryptionKey)
Dim cert As X509Certificate2 = New X509Certificate2(binaryCertData)
Dim xmlKey As String = cert.PublicKey.Key.ToXmlString(False)
Dim objRSA As RSACryptoServiceProvider = New RSACryptoServiceProvider()
objRSA.FromXmlString(xmlKey)
Dim encrypted() As Byte = objRSA.Encrypt(Merged2, False)
Dim RSAEncryptedSHA1HashAESKey As String = Convert.ToBase64String(encrypted)
postStaticTest(RSAEncryptedSHA1HashAESKey, Base64IVEncRiXML)
End Sub
'PROVIDED SAMPLE OF XML OUTPUT FROM DOCUMENTATION
'<?xml version="1.0" encoding="UTF-8"?>
'<SECURE_REQUEST_GROUP>
'<ENCRYPTED_KEY Algorithm=”http://www.w3.org/2001/04/xmlenc#rsa-1_5” >
'bXcCaS97p8TtGzlgZ9ogRcEAaw1D1OQCpk1AQFfWYE5J2CheNtRBpuME+uB3wSkwjIWftkYxQ5JRTQ3Qhz7LrCM+TOORl2lFFTpVC9zGUP1xndfT6EQONViV0XGJieWCzXNyjO3XpEl7IdntkVKucrDN9gA7wlimUdw4Ya5sn08=
'</ ENCRYPTED_KEY>
'< ENCRYPTED_RI Algorithm=”http://www.w3.org/2001/04/xmlenc#aes128-cbc”>
'9BWPkFDt0Ua/2gN9+BDT9XbYHBuadEREIV1EUmvon/jSr0HkndD/9lBo95H3UYD12TL3wmXVSqi7Ak/QqxzmVRDMgw2Wy0Ezdc3eaA9tOE1c49ZcaZpGM23R1BOazTGdky5v2+oBvSj4a+Ry/aJynvzKvxpTYd15IKOOzPsF/n89Oj6XdjA1TTdn2FCEwo6IkPi0D5QK2i1i/pilEyrrSYQ0oWkYc6ON/OQyL/oHlkBXk0zzQd1HBPOde4/3C6ceajUTvqiIlP6dRBHe6DZ3Ps34g7326jg3koh59RYao/0StgpF3wTJaZ/W36nqlpT3aeoLa/5oKh4A7DjHbYCHTw1uYkPXVGLFl6zTpFRw8hGkPfBRZmS5lXnQl6xidqftb+fx61yBj80/FHAlvmUzBsSQZggeXzBjqlVoWudCuGdC5QH1xKBWrm8haS2UIEdK/DH8fC13oFMpS++C7HTc/u9N8iH6qF0GimxYHvhKwdk3iw/hxrw5Bv1/tQjI1snJm9U1HnokDwG5BWZJp8jBuPgJIapc/DQgIEbM+3NMJXoB/ed9PquPFPPlfoo4E13a3PZPYIDImnLkOjvdPMrZ8A==
'</ ENCRYPTED_RI>
'</SECURE_REQUEST_GROUP>
找出他们是否正在使用具有128,192或256位密钥的AES(这些是AES的FIPS兼容标准密钥大小)。指定了128位IV,但这是标准的,所有AES都使用IV尺寸,因为所有类型的AES使用128位块。其余的要求看起来非常简单。 – Kevin