- 加密 和 哈希 不是一回事 !!!
- 加密后的结果一定是可以解密的,也就是说可以根据结果得到加密前的输入内容
- 哈希又称为单向散列,是一种计算消息摘要的方法,过程不可逆,不能根据结果得到哈希前的输入
- 常见的哈希算法有:md5, sha1, sha256, sha512
- 加密算法分为:对称加密算法 和 非对称加密算法
- 常见的对称加密算法有:3DES, AES
- 常见的非对称加密算法有:RSA
- RSA算法的用途有:加密,解密,计算签名,验证签名
- RSA算法的密钥分为:公钥(用于加密/计算签名), 私钥(用于解密/验证签名)
- RSA算法的 公钥通常用 cer 文件存储,或者直接在代码中硬编码多行的BASE64密钥文本
- RSA算法的 私钥通常用 pfx 文件存储,此文件需要密码才能被加载到内存
- RSA的密钥可以导入操作系统的证书管理器,然后通过指纹引用,此时不需要密码(即使是私钥)
- RSA的私钥通常不随客户端程序公开发布,私钥一定要保留在服务端,否则可以考虑使用 对称加密算法
- RSA的加密算法只能加密小文本,通常是密码之类的敏感内容,长文本要结合对称加密算法做二次加密
/// <summary>
/// 对AES算法封装的工具类
/// </summary>
public static class AesHelper
{
/// <summary>
/// 使用AES算法加密字符串
/// </summary>
/// <param name="text"></param>
/// <param name="password"></param>
/// <returns></returns>
public static string Encrypt(string text, string password)
/// <summary>
/// 使用AES算法加密字节数组
/// </summary>
/// <param name="input"></param>
/// <param name="password"></param>
/// <returns></returns>
public static byte[] Encrypt(byte[] input, string password)
/// <summary>
/// 使用AES算法解密一个以Base64编码的加密字符串
/// </summary>
/// <param name="base64"></param>
/// <param name="password"></param>
/// <returns></returns>
public static string Decrypt(string base64, string password)
/// <summary>
/// 使用AES算法解密字节数组
/// </summary>
/// <param name="input"></param>
/// <param name="password"></param>
/// <returns></returns>
public static byte[] Decrypt(byte[] input, string password)
}
/// <summary>
/// 封装常用的HASH算法
/// </summary>
public static class HashHelper
{
/// <summary>
/// 计算字符串的 SHA1 签名
/// </summary>
/// <param name="text"></param>
/// <param name="encoding"></param>
/// <returns></returns>
public static string Sha1(this string text, Encoding encoding = null)
/// <summary>
/// 计算字符串的 SHA256 签名
/// </summary>
/// <param name="text"></param>
/// <param name="encoding"></param>
/// <returns></returns>
public static string Sha256(this string text, Encoding encoding = null)
/// <summary>
/// 计算字符串的 SHA512 签名
/// </summary>
/// <param name="text"></param>
/// <param name="encoding"></param>
/// <returns></returns>
public static string Sha512(this string text, Encoding encoding = null)
/// <summary>
/// 计算文件的SHA1值
/// </summary>
/// <param name="filePath"></param>
/// <returns></returns>
public static string FileSha1(string filePath)
/// <summary>
/// 计算字符串的 MD5 签名
/// </summary>
/// <param name="text"></param>
/// <param name="encoding"></param>
/// <returns></returns>
public static string Md5(this string text, Encoding encoding = null)
/// <summary>
/// 计算文件的MD5值
/// </summary>
/// <param name="filePath"></param>
/// <returns></returns>
public static string FileMD5(string filePath)
}
/// <summary>
/// 包含一些查找X509证书的工具方法
/// </summary>
public static class X509Finder
{
/// <summary>
/// 根据证书指纹查找X509证书,优先查找LocalMachine存储区域,如果失败则再查找CurrentUser
/// </summary>
/// <param name="thumbprint">证书指纹</param>
/// <param name="ifNotFoundThrowException">如果没有找到证书是否需要抛出异常</param>
/// <returns></returns>
public static X509Certificate2 FindByThumbprint(string thumbprint, bool ifNotFoundThrowException)
/// <summary>
/// 根据指定的证书指纹和位置,查找证书。
/// </summary>
/// <param name="thumbprint">证书指纹</param>
/// <param name="storeLocation"></param>
/// <param name="storeName"></param>
/// <returns></returns>
public static X509Certificate2 FindByThumbprint(string thumbprint,
StoreLocation storeLocation = StoreLocation.LocalMachine,
StoreName storeName = StoreName.My)
/// <summary>
/// 从一个公钥字符串中加载X509证书
/// </summary>
/// <param name="publicKey"></param>
/// <returns></returns>
public static X509Certificate2 LoadFromPublicKey(byte[] publicKey)
/// <summary>
/// 从一个公钥字符串中加载X509证书
/// </summary>
/// <param name="publicKeyText"></param>
/// <returns></returns>
public static X509Certificate2 LoadFromPublicKey(string publicKeyText)
/// <summary>
/// 从一个公钥文件中加载X509Certificate2
/// </summary>
/// <param name="publicKeyFilePath"></param>
/// <returns></returns>
public static X509Certificate2 LoadPublicKeyFile(string publicKeyFilePath)
/// <summary>
/// 从pfx文件内容中加载一个X509Certificate2对象
/// </summary>
/// <param name="pfxBody"></param>
/// <param name="password"></param>
/// <returns></returns>
public static X509Certificate2 LoadPfx(byte[] pfxBody, string password)
/// <summary>
/// 从pfx文件内容中加载一个X509Certificate2对象
/// </summary>
/// <param name="pfxFilePath"></param>
/// <param name="password"></param>
/// <returns></returns>
public static X509Certificate2 LoadPfx(string pfxFilePath, string password)
}
/// <summary>
/// RSA算法(签名/验证签名/加密/解密)的封装工具类
/// </summary>
public static class X509Extensions
{
/// <summary>
/// 用X509证书对数据做签名
/// </summary>
/// <param name="cert"></param>
/// <param name="data"></param>
/// <returns></returns>
public static string Sign(this X509Certificate2 cert, byte[] data)
/// <summary>
/// 用X509证书验证数据签名
/// </summary>
/// <param name="cert"></param>
/// <param name="data"></param>
/// <param name="signature"></param>
/// <returns></returns>
public static bool Verify(this X509Certificate2 cert, byte[] data, string signature)
/// <summary>
/// 用X509证书加密数据。
/// 注意:这个方法只能加密比较短的内容(一般是密钥)
/// </summary>
/// <param name="cert"></param>
/// <param name="data"></param>
/// <returns></returns>
public static byte[] Encrypt(this X509Certificate2 cert, byte[] data)
/// <summary>
/// 用X509证书解密数据
/// </summary>
/// <param name="cert"></param>
/// <param name="data"></param>
/// <returns></returns>
public static byte[] Decrypt(this X509Certificate2 cert, byte[] data)
}