我用这个代码来加密我的数据。不幸的是,总是有这样的错误:
输入不是有效的基64字符串,因为它包含非基64字符、两个以上的空格或空格中的无效字符。
这是我的代码-->
public static string IV = "abababababababab"; // 16 chars = 128 bytes
public static string Key = "abababababababababababababababab"; // 32 chars = 256 bytes
public static string Encrypt(string decrypted)
{
byte[] textbytes = ASCIIEncoding.ASCII.GetBytes(decrypted);
AesCryptoServiceProvider encdec = new AesCryptoServiceProvider();
encdec.BlockSize = 128;
encdec.KeySize = 256;
encdec.Key = ASCIIEncoding.ASCII.GetBytes(Key);
encdec.IV = ASCIIEncoding.ASCII.GetBytes(IV);
encdec.Padding = PaddingMode.PKCS7;
encdec.Mode = CipherMode.CBC;
ICryptoTransform icrypt = encdec.CreateEncryptor(encdec.Key, encdec.IV);
byte[] enc = icrypt.TransformFinalBlock(textbytes, 0, textbytes.Length);
icrypt.Dispose();
return Convert.ToBase64String(enc);
}
public static string Decrypt(string encrypted)
{
byte[] encbytes = Convert.FromBase64String(encrypted);
AesCryptoServiceProvider encdec = new AesCryptoServiceProvider();
encdec.BlockSize = 128;
encdec.KeySize = 256;
encdec.Key = ASCIIEncoding.ASCII.GetBytes(Key);
encdec.IV = ASCIIEncoding.ASCII.GetBytes(IV);
encdec.Padding = PaddingMode.PKCS7;
encdec.Mode = CipherMode.CBC;
ICryptoTransform icrypt = encdec.CreateDecryptor(encdec.Key, encdec.IV);
byte[] dec = icrypt.TransformFinalBlock(encbytes, 0, encbytes.Length);
icrypt.Dispose();
return ASCIIEncoding.ASCII.GetString(dec);
}
这是我的登录表-->
private void buttonlogin_Click(object sender, EventArgs ex)
{
if (textboxusername.Text.Length < 2 || textboxpassword.Text.Length < 4)
{
FormMsbOk.Show("Username or Password is too short!","Ok");
}
else
{
MySqlConnection con;
con = new MySqlConnection(myConnectionString);
try
{
con.Open();
string exists = $"CREATE TABLE IF NOT EXISTS `userlogin`.`userlogin` " +
$"( `id` INT NOT NULL AUTO_INCREMENT , `username` VARCHAR(64)" +
$" NOT NULL , `password` VARCHAR(64) NOT NULL , `prename` VARCHAR(64)" +
$" NOT NULL , `surname` VARCHAR(64) NOT NULL , `emailadress` VARCHAR(64)" +
$" NOT NULL , PRIMARY KEY (`id`)) ENGINE = InnoDB;";
MySqlCommand cmd = new MySqlCommand(exists, con);
cmd.ExecuteNonQuery();
string user = AesCrypt.Encrypt(textboxusername.Text);
string pass = AesCrypt.Encrypt(textboxpassword.Text);
string encusr = $"SELECT * FROM userlogin WHERE username='{user}';";
string encpass = $"SELECT * FROM userlogin WHERE password='{pass}';";
string decusr = AesCrypt.Decrypt(encusr);
string decpass = AesCrypt.Decrypt(encpass);
if (decusr == textboxusername.Text && decpass == textboxpassword.Text)
{
FormMsbOk.Show("You logged in successfully as user: " + textboxusername.Text, "Ok");
con.Close();
this.Hide();
var main = new FormMain();
main.Closed += (s, args) => this.Close();
main.Show();
}
else
{
textboxusername.Clear();
textboxpassword.Clear();
FormMsbOk.Show("Error Username or password is wrong!", "Ok");
}
}
catch (Exception nocon)
{
textboxusername.Clear();
textboxpassword.Clear();
FormMsbOk.Show("Can not open connection! " + nocon.Message,"Ok");
}
这是我的登记表-->
private void buttonregister_Click(object sender, EventArgs e)
{
if (textboxusername.Text.Length < 2 || textboxpassword.Text.Length < 4)
{
FormMsbOk.Show("Username or Password is too short! " +
"The minimum for the user name is 2 characters and for " +
"the password is 4 characters. ", "Ok");
}
else
{
MySqlConnection con;
con = new MySqlConnection(myConnectionString);
try
{
con.Open();
string exists = $"CREATE TABLE IF NOT EXISTS `userlogin`.`userlogin` " +
$"( `id` INT NOT NULL AUTO_INCREMENT , `username` VARCHAR(64)" +
$" NOT NULL , `password` VARCHAR(64) NOT NULL , `prename` VARCHAR(64)" +
$" NOT NULL , `surname` VARCHAR(64) NOT NULL , `emailadress` VARCHAR(64)" +
$" NOT NULL , PRIMARY KEY (`id`)) ENGINE = InnoDB;";
MySqlCommand emdexists = new MySqlCommand(exists, con);
emdexists.ExecuteNonQuery();
string encusr = AesCrypt.Encrypt(textboxusername.Text);
string encpass = AesCrypt.Encrypt(textboxpassword.Text);
string encprename = AesCrypt.Encrypt(textboxprename.Text);
string enclastname = AesCrypt.Encrypt(textboxlastname.Text);
string encemail = AesCrypt.Encrypt(textboxemail.Text);
string insert = $"INSERT INTO `userlogin`.`userlogin` " +
$"(`username`, `password`, `prename`, `surname`, `emailadress`) " +
$"VALUES ('" + encusr + "', '" + encpass + "', '" + encprename + "'," +
" '" + enclastname + "', '" + encemail + "');";
MySqlCommand cmdinsert = new MySqlCommand(insert, con);
cmdinsert.ExecuteNonQuery();
con.Close();
FormMsbOk.Show("Registriert", "Ok");
textboxusername.Clear();
textboxpassword.Clear();
textboxprename.Clear();
textboxlastname.Clear();
textboxrepeat.Clear();
textboxemail.Clear();
}
catch (Exception nocon)
{
FormMsbOk.Show("Can not open connection! " + nocon.Message, "Ok");
}
}
1条答案
按热度按时间ubbxdtey1#
看一看
string decusr = AesCrypt.Decrypt(encusr);
并在该行上使用断点查看encusr
在那一点上。您正在将包含sql查询的字符串传递给
AesCrypt.Decrypt
方法,该方法希望给定一个要解密的加密值。您可能希望它处理运行该查询的结果,而不是查询本身。其他提示:
MySqlConnection
以及MySqlCommand
两者都是IDisposable
所以每个都应该在一个using
阻止。一旦完成此操作,就不必担心关闭连接,因为退出using块将处理连接,这将调用close。注意,即使代码在块中抛出异常,它也会关闭它。如果使用字符串连接来构造查询,它很容易受到sql注入攻击(以及其他问题):请改用sql参数。
正如其他人在评论中提到的,存储密码的散列而不是加密是一种好的做法。加密是一个双向的过程,它允许某人通过解密来发现密码。散列是一个单向但可重复的过程。不是试图解密存储的密码,而是创建输入密码的哈希值,并检查哈希值是否与实际密码的存储哈希值相同。但一定要用腌土豆条。