RSA 分段加解密【解決「不正確的長度」的異常】

時間 2019-11-06

原文原文鏈接

RSA 是經常使用的非對稱加密算法。最近使用時卻出現了「不正確的長度」的異常，研究發現是因爲待加密的數據超長所致。

.NET Framework 中提供的 RSA 算法規定：html

待加密的字節數不能超過密鑰的長度值除以 8 再減去 11（即：RSACryptoServiceProvider.KeySize / 8 - 11），而加密後獲得密文的字節數，正好是密鑰的長度值除以 8（即：RSACryptoServiceProvider.KeySize / 8）。算法

因此，若是要加密較長的數據，則能夠採用分段加解密的方式，實現方式以下：ide

namespace Macroresolute.RSACryptoService
    {
        public static class RSACrypto
        {
            private static readonly Encoding Encoder = Encoding.UTF8;

            public static String Encrypt(this String plaintext)
            {
                X509Certificate2 _X509Certificate2 = RSACrypto.RetrieveX509Certificate();
                using (RSACryptoServiceProvider RSACryptography = _X509Certificate2.PublicKey.Key as RSACryptoServiceProvider)
                {
                    Byte[] PlaintextData = RSACrypto.Encoder.GetBytes(plaintext);
                    int MaxBlockSize = RSACryptography.KeySize / 8 - 11;    //加密塊最大長度限制

                    if (PlaintextData.Length <= MaxBlockSize)
                        return Convert.ToBase64String(RSACryptography.Encrypt(PlaintextData, false));

                    using (MemoryStream PlaiStream = new MemoryStream(PlaintextData))
                    using (MemoryStream CrypStream = new MemoryStream())
                    {
                        Byte[] Buffer = new Byte[MaxBlockSize];
                        int BlockSize = PlaiStream.Read(Buffer, 0, MaxBlockSize);

                        while (BlockSize > 0)
                        {
                            Byte[] ToEncrypt = new Byte[BlockSize];
                            Array.Copy(Buffer, 0, ToEncrypt, 0, BlockSize);

                            Byte[] Cryptograph = RSACryptography.Encrypt(ToEncrypt, false);
                            CrypStream.Write(Cryptograph, 0, Cryptograph.Length);

                            BlockSize = PlaiStream.Read(Buffer, 0, MaxBlockSize);
                        }

                        return Convert.ToBase64String(CrypStream.ToArray(), Base64FormattingOptions.None);
                    }
                }
            }

            public static String Decrypt(this String ciphertext)
            {
                X509Certificate2 _X509Certificate2 = RSACrypto.RetrieveX509Certificate();
                using (RSACryptoServiceProvider RSACryptography = _X509Certificate2.PrivateKey as RSACryptoServiceProvider)
                {
                    Byte[] CiphertextData = Convert.FromBase64String(ciphertext);
                    int MaxBlockSize = RSACryptography.KeySize / 8;    //解密塊最大長度限制

                    if (CiphertextData.Length <= MaxBlockSize)
                        return RSACrypto.Encoder.GetString(RSACryptography.Decrypt(CiphertextData, false));

                    using (MemoryStream CrypStream = new MemoryStream(CiphertextData))
                    using (MemoryStream PlaiStream = new MemoryStream())
                    {
                        Byte[] Buffer = new Byte[MaxBlockSize];
                        int BlockSize = CrypStream.Read(Buffer, 0, MaxBlockSize);

                        while (BlockSize > 0)
                        {
                            Byte[] ToDecrypt = new Byte[BlockSize];
                            Array.Copy(Buffer, 0, ToDecrypt, 0, BlockSize);

                            Byte[] Plaintext = RSACryptography.Decrypt(ToDecrypt, false);
                            PlaiStream.Write(Plaintext, 0, Plaintext.Length);

                            BlockSize = CrypStream.Read(Buffer, 0, MaxBlockSize);
                        }

                        return RSACrypto.Encoder.GetString(PlaiStream.ToArray());
                    }
                }
            }

            private static X509Certificate2 RetrieveX509Certificate()
            {
                return null;    //檢索用於 RSA 加密的 X509Certificate2 證書
            }
        }
    }