aes解密和加密

o2rvlv0m  于 2021-06-20  发布在  Mysql
关注(0)|答案(1)|浏览(532)

我用这个代码来加密我的数据。不幸的是,总是有这样的错误:
输入不是有效的基64字符串,因为它包含非基64字符、两个以上的空格或空格中的无效字符。
这是我的代码-->

public static string IV = "abababababababab";  // 16 chars = 128 bytes
    public static string Key = "abababababababababababababababab";   // 32 chars = 256 bytes
    public static string Encrypt(string decrypted)
    {
        byte[] textbytes = ASCIIEncoding.ASCII.GetBytes(decrypted);
        AesCryptoServiceProvider encdec = new AesCryptoServiceProvider();
        encdec.BlockSize = 128;
        encdec.KeySize = 256;
        encdec.Key = ASCIIEncoding.ASCII.GetBytes(Key);
        encdec.IV = ASCIIEncoding.ASCII.GetBytes(IV);
        encdec.Padding = PaddingMode.PKCS7;
        encdec.Mode = CipherMode.CBC;

        ICryptoTransform icrypt = encdec.CreateEncryptor(encdec.Key, encdec.IV);

        byte[] enc = icrypt.TransformFinalBlock(textbytes, 0, textbytes.Length);
        icrypt.Dispose();

        return Convert.ToBase64String(enc);
    }

    public static string Decrypt(string encrypted)
    {
        byte[] encbytes = Convert.FromBase64String(encrypted);
        AesCryptoServiceProvider encdec = new AesCryptoServiceProvider();
        encdec.BlockSize = 128;
        encdec.KeySize = 256;
        encdec.Key = ASCIIEncoding.ASCII.GetBytes(Key);
        encdec.IV = ASCIIEncoding.ASCII.GetBytes(IV);
        encdec.Padding = PaddingMode.PKCS7;
        encdec.Mode = CipherMode.CBC;

        ICryptoTransform icrypt = encdec.CreateDecryptor(encdec.Key, encdec.IV);

        byte[] dec = icrypt.TransformFinalBlock(encbytes, 0, encbytes.Length);
        icrypt.Dispose();

        return ASCIIEncoding.ASCII.GetString(dec);
    }

这是我的登录表-->

private void buttonlogin_Click(object sender, EventArgs ex)
    {
        if (textboxusername.Text.Length < 2 || textboxpassword.Text.Length < 4)
        {
            FormMsbOk.Show("Username or Password is too short!","Ok");
        }
        else
        {
            MySqlConnection con;
            con = new MySqlConnection(myConnectionString);
            try
            {
                con.Open();
                string exists = $"CREATE TABLE IF NOT EXISTS `userlogin`.`userlogin` " +
                $"( `id` INT NOT NULL AUTO_INCREMENT , `username` VARCHAR(64)" +
                $" NOT NULL , `password` VARCHAR(64) NOT NULL , `prename` VARCHAR(64)" +
                $" NOT NULL , `surname` VARCHAR(64) NOT NULL , `emailadress` VARCHAR(64)" +
                $" NOT NULL , PRIMARY KEY (`id`)) ENGINE = InnoDB;";
                MySqlCommand cmd = new MySqlCommand(exists, con);
                cmd.ExecuteNonQuery();

                string user = AesCrypt.Encrypt(textboxusername.Text);
                string pass = AesCrypt.Encrypt(textboxpassword.Text);
                string encusr = $"SELECT * FROM userlogin WHERE username='{user}';";
                string encpass = $"SELECT * FROM userlogin WHERE password='{pass}';";

                string decusr = AesCrypt.Decrypt(encusr);
                string decpass = AesCrypt.Decrypt(encpass);

                if (decusr == textboxusername.Text && decpass == textboxpassword.Text)
                {
                    FormMsbOk.Show("You logged in successfully as user: " + textboxusername.Text, "Ok");
                    con.Close();
                    this.Hide();
                    var main = new FormMain();
                    main.Closed += (s, args) => this.Close();
                    main.Show();
                }
                else
                {
                    textboxusername.Clear();
                    textboxpassword.Clear();
                    FormMsbOk.Show("Error Username or password is wrong!", "Ok");
                }
            }
            catch (Exception nocon)
            {
                textboxusername.Clear();
                textboxpassword.Clear();
                FormMsbOk.Show("Can not open connection! " + nocon.Message,"Ok");
            }

这是我的登记表-->

private void buttonregister_Click(object sender, EventArgs e)
    {
        if (textboxusername.Text.Length < 2 || textboxpassword.Text.Length < 4)
        {
            FormMsbOk.Show("Username or Password is too short! " +
                "The minimum for the user name is 2 characters and for " +
                "the password is 4 characters. ", "Ok");
        }
        else
        {
            MySqlConnection con;
            con = new MySqlConnection(myConnectionString);
            try
            {
                con.Open();
                string exists = $"CREATE TABLE IF NOT EXISTS `userlogin`.`userlogin` " +
                $"( `id` INT NOT NULL AUTO_INCREMENT , `username` VARCHAR(64)" +
                $" NOT NULL , `password` VARCHAR(64) NOT NULL , `prename` VARCHAR(64)" +
                $" NOT NULL , `surname` VARCHAR(64) NOT NULL , `emailadress` VARCHAR(64)" +
                $" NOT NULL , PRIMARY KEY (`id`)) ENGINE = InnoDB;";
                MySqlCommand emdexists = new MySqlCommand(exists, con);
                emdexists.ExecuteNonQuery();
                string encusr = AesCrypt.Encrypt(textboxusername.Text);
                string encpass = AesCrypt.Encrypt(textboxpassword.Text);
                string encprename = AesCrypt.Encrypt(textboxprename.Text);
                string enclastname = AesCrypt.Encrypt(textboxlastname.Text);
                string encemail = AesCrypt.Encrypt(textboxemail.Text);
                string insert = $"INSERT INTO `userlogin`.`userlogin` " +
                    $"(`username`, `password`, `prename`, `surname`, `emailadress`) " +
                    $"VALUES ('" + encusr + "', '" + encpass + "', '" + encprename + "'," +
                    " '" + enclastname + "', '" + encemail + "');";
                MySqlCommand cmdinsert = new MySqlCommand(insert, con);
                cmdinsert.ExecuteNonQuery();
                con.Close();
                FormMsbOk.Show("Registriert", "Ok");
                textboxusername.Clear();
                textboxpassword.Clear();
                textboxprename.Clear();
                textboxlastname.Clear();
                textboxrepeat.Clear();
                textboxemail.Clear();
            }
            catch (Exception nocon)
            {
                FormMsbOk.Show("Can not open connection! " + nocon.Message, "Ok");
            }
        }
ubbxdtey

ubbxdtey1#

看一看 string decusr = AesCrypt.Decrypt(encusr); 并在该行上使用断点查看 encusr 在那一点上。
您正在将包含sql查询的字符串传递给 AesCrypt.Decrypt 方法,该方法希望给定一个要解密的加密值。您可能希望它处理运行该查询的结果,而不是查询本身。
其他提示: MySqlConnection 以及 MySqlCommand 两者都是 IDisposable 所以每个都应该在一个 using 阻止。一旦完成此操作,就不必担心关闭连接,因为退出using块将处理连接,这将调用close。注意,即使代码在块中抛出异常,它也会关闭它。
如果使用字符串连接来构造查询,它很容易受到sql注入攻击(以及其他问题):请改用sql参数。
正如其他人在评论中提到的,存储密码的散列而不是加密是一种好的做法。加密是一个双向的过程,它允许某人通过解密来发现密码。散列是一个单向但可重复的过程。不是试图解密存储的密码,而是创建输入密码的哈希值,并检查哈希值是否与实际密码的存储哈希值相同。但一定要用腌土豆条。

相关问题