加密服务Cryptographic Services

公共网络(如 Internet)不提供实体之间安全通信的方式。Public networks such as the Internet do not provide a means of secure communication between entities. 此类网络上的通信易被读取或甚至被未经授权的第三方修改。Communication over such networks is susceptible to being read or even modified by unauthorized third parties. 加密有助于防止数据被查看,提供检测数据是否已修改的方法,并帮助提供一种跨不安全通道安全通信的方式。Cryptography helps protect data from being viewed, provides ways to detect whether data has been modified, and helps provide a secure means of communication over otherwise nonsecure channels. 例如,数据可通过使用加密算法进行加密、以加密状态进行传输并在稍后由预期方进行解密。For example, data can be encrypted by using a cryptographic algorithm, transmitted in an encrypted state, and later decrypted by the intended party. 如果某个第三方截获了加密数据,将很难解密此数据。If a third party intercepts the encrypted data, it will be difficult to decipher.

在 .NET Framework 中, System.Security.Cryptography 命名空间中的类将为你管理很多有关加密的详细信息。In the .NET Framework, the classes in the System.Security.Cryptography namespace manage many details of cryptography for you. 一些类是非托管的 Microsoft 加密 API (CryptoAPI) 的包装,而其他类则是纯托管实现。Some are wrappers for the unmanaged Microsoft Cryptography API (CryptoAPI), while others are purely managed implementations. 无需是加密方面的专家,即可使用这些类。You do not need to be an expert in cryptography to use these classes. 在创建其中一个加密算法类的新实例时,为易于使用,将自动生成密钥,并且默认属性将尽可能地安全可靠。When you create a new instance of one of the encryption algorithm classes, keys are autogenerated for ease of use, and default properties are as safe and secure as possible.

本概述提供 .NET Framework 支持的加密方法和实践的概要,包括 .NET Framework 3.5 中引入的 ClickOnce 清单、Suite B 和加密下一代加密技术(CNG)支持。This overview provides a synopsis of the encryption methods and practices supported by the .NET Framework, including the ClickOnce manifests, Suite B, and Cryptography Next Generation (CNG) support introduced in the .NET Framework 3.5.

有关加密以及允许向应用程序添加加密安全的 Microsoft 服务、组件和工具的其他信息,请参阅本文档的“Win32 和 COM 开发、安全”部分。For additional information about cryptography and about Microsoft services, components, and tools that enable you to add cryptographic security to your applications, see the Win32 and COM Development, Security section of this documentation.

加密基元Cryptographic Primitives

在使用加密的典型情况下,两方(Alice 和 Bob)均通过非安全通道进行通信。In a typical situation where cryptography is used, two parties (Alice and Bob) communicate over a nonsecure channel. Alice 和 Bob 想要确保其通信不可为任何可能正在侦听的人理解。Alice and Bob want to ensure that their communication remains incomprehensible by anyone who might be listening. 此外,由于 Alice 和 Bob 处于远程位置,所以 Alice 必须确保她从 Bob 处收到的信息在传输期间未被任何人修改。Furthermore, because Alice and Bob are in remote locations, Alice must make sure that the information she receives from Bob has not been modified by anyone during transmission. 此外,她必须确保此信息确实来自 Bob 本人,而不是模仿 Bob 的人。In addition, she must make sure that the information really does originate from Bob and not from someone who is impersonating Bob.

加密用于实现以下目标:Cryptography is used to achieve the following goals:

  • 保密性:有助于防止用户的身份或数据被读取。Confidentiality: To help protect a user's identity or data from being read.

  • 数据完整性:有助于防止数据被更改。Data integrity: To help protect data from being changed.

  • 身份验证:确保数据来自于特定方。Authentication: To ensure that data originates from a particular party.

  • 不可否认性:防止特定方否认其发送过消息。Non-repudiation: To prevent a particular party from denying that they sent a message.

若要实现这些目标,可以使用称为加密基元的算法和惯例的组合来创建加密方案。To achieve these goals, you can use a combination of algorithms and practices known as cryptographic primitives to create a cryptographic scheme. 下表列出了加密基元以及其用途。The following table lists the cryptographic primitives and their uses.

加密基元Cryptographic primitive 使用“管理”工作区中的“连接的管理组”Use
私钥加密(对称加密)Secret-key encryption (symmetric cryptography) 在数据上执行转换,以防止其被第三方读取。Performs a transformation on data to keep it from being read by third parties. 此类型的加密使用单个共享的密钥来加密和解密数据。This type of encryption uses a single shared, secret key to encrypt and decrypt data.
公钥加密(非对称加密)Public-key encryption (asymmetric cryptography) 在数据上执行转换,以防止其被第三方读取。Performs a transformation on data to keep it from being read by third parties. 此类型的加密使用公钥/私钥对来加密和解密数据。This type of encryption uses a public/private key pair to encrypt and decrypt data.
加密签名Cryptographic signing 通过创建特定于参与方的数字签名,帮助验证数据是否来自此特定方。Helps verify that data originates from a specific party by creating a digital signature that is unique to that party. 此流程也使用哈希函数。This process also uses hash functions.
加密哈希Cryptographic hashes 将任意长度的数据映射到固定长度的字节序列。Maps data from any length to a fixed-length byte sequence. 哈希值在统计上是唯一的;不同的双字节序列不会有哈希处理为同一个值。Hashes are statistically unique; a different two-byte sequence will not hash to the same value.

私钥加密Secret-Key Encryption

密钥加密算法使用单个密钥来加密和解密数据。Secret-key encryption algorithms use a single secret key to encrypt and decrypt data. 必须确保密钥不被未经授权的代理访问,因为具有此密钥的任意方均可使用此密钥解密你的数据或者加密自己的数据,而声称此数据来自于你。You must secure the key from access by unauthorized agents, because any party that has the key can use it to decrypt your data or encrypt their own data, claiming it originated from you.

密钥加密也称为对称加密,因为加密和解密所用的密码相同。Secret-key encryption is also referred to as symmetric encryption because the same key is used for encryption and decryption. 密钥加密算法非常迅速(相比于公钥算法),也非常适合在大型数据流上执行加密转换。Secret-key encryption algorithms are very fast (compared with public-key algorithms) and are well suited for performing cryptographic transformations on large streams of data. 非对称加密算法(例如 RSA)从数学上来说在可加密的数据量方面存在限制。Asymmetric encryption algorithms such as RSA are limited mathematically in how much data they can encrypt. 对称加密算法通常没有这些问题。Symmetric encryption algorithms do not generally have those problems.

一种名为分组加密的密钥算法用于一次加密一个数据块。A type of secret-key algorithm called a block cipher is used to encrypt one block of data at a time. 分组加密(例如数据加密标准 (DES)、TripleDES 和高级加密标准 (AES))可将 n 字节的输入块通过加密转换为由加密字节构成的输出块。Block ciphers such as Data Encryption Standard (DES), TripleDES, and Advanced Encryption Standard (AES) cryptographically transform an input block of n bytes into an output block of encrypted bytes. 如果想要加密或解密字节序列,则必须逐块执行。If you want to encrypt or decrypt a sequence of bytes, you have to do it block by block. 由于 n 很小(DES 和 TripleDES 为 8 字节;AES 为 16 字节 [默认值]、24 字节或 32 字节),所以对于大于 n 的数据值,必须一次加密一个数据块。Because n is small (8 bytes for DES and TripleDES; 16 bytes [the default], 24 bytes, or 32 bytes for AES), data values that are larger than n have to be encrypted one block at a time. 小于 n 的数据值则必须扩展为 n 才能进行处理。Data values that are smaller than n have to be expanded to n in order to be processed.

分组加密的一种简单形式被称为电子密码本 (ECB) 模式。One simple form of block cipher is called the electronic codebook (ECB) mode. ECB 模式被视为不安全,因为它不使用初始化向量来初始化第一个纯文本块。ECB mode is not considered secure, because it does not use an initialization vector to initialize the first plaintext block. 对于给定的密钥 k,不使用初始化向量的简单分组加密会将相同的纯文本输入块加密为相同的已加密文本的输出块。For a given secret key k, a simple block cipher that does not use an initialization vector will encrypt the same input block of plaintext into the same output block of ciphertext. 因此,如果输入的纯文本流中存在重复的块,则输出密码文本流中也会有重复的块。Therefore, if you have duplicate blocks in your input plaintext stream, you will have duplicate blocks in your output ciphertext stream. 这些重复的输出块会警告未经授权的用户使用了可能被采用的算法访问不可靠的加密以及可能的攻击模式。These duplicate output blocks alert unauthorized users to the weak encryption used the algorithms that might have been employed, and the possible modes of attack. 因此,ECB 密码模式非常易于分析,最终导致密钥易于被发现。The ECB cipher mode is therefore quite vulnerable to analysis, and ultimately, key discovery.

基类库中提供的分组加密类使用称为加密块链接 (CBC) 的默认链接模式,但可随意更改此默认设置。The block cipher classes that are provided in the base class library use a default chaining mode called cipher-block chaining (CBC), although you can change this default if you want.

通过使用初始化向量 (IV) 加密第一个纯文本块,CBC 密码克服了与 ECB 密码关联的问题。CBC ciphers overcome the problems associated with ECB ciphers by using an initialization vector (IV) to encrypt the first block of plaintext. 每个后续纯文本块在加密之前,都将与之前的密码文本块进行位异或 (XOR) 运算。Each subsequent block of plaintext undergoes a bitwise exclusive OR (XOR) operation with the previous ciphertext block before it is encrypted. 因此,每个密码文本块均依赖于之前所有的块。Each ciphertext block is therefore dependent on all previous blocks. 使用此系统时,可能已为未经授权的用户所知的常见消息头不可用来对密钥进行反向工程处理。When this system is used, common message headers that might be known to an unauthorized user cannot be used to reverse-engineer a key.

一种泄露以 CBC 密码加密的数据的方式是对每个可能的密钥执行详尽搜索。One way to compromise data that is encrypted with a CBC cipher is to perform an exhaustive search of every possible key. 具体取决于用来执行加密的密钥大小,这种搜索即使是使用最快的计算机也非常耗时,因此不可行。Depending on the size of the key that is used to perform encryption, this kind of search is very time-consuming using even the fastest computers and is therefore infeasible. 密钥大小更大,解密更难。Larger key sizes are more difficult to decipher. 虽然从理论上来说,加密并未使攻击者检索加密数据变得不可能,但它确实增加了执行此操作的成本。Although encryption does not make it theoretically impossible for an adversary to retrieve the encrypted data, it does raise the cost of doing this. 如果花费三个月的时间执行详尽搜索来检索仅在几天之内有意义的数据,则详尽搜索方法不切实际。If it takes three months to perform an exhaustive search to retrieve data that is meaningful only for a few days, the exhaustive search method is impractical.

密钥加密的缺点是它假定双方已商定密钥和 IV,并互相传达了密钥和 IV 的值。The disadvantage of secret-key encryption is that it presumes two parties have agreed on a key and IV, and communicated their values. IV 不被视为机密,并可以以纯文本的形式通过消息传输。The IV is not considered a secret and can be transmitted in plaintext with the message. 但是,密钥必须对未经授权的用户保密。However, the key must be kept secret from unauthorized users. 由于存在这些问题,密钥加密通常与公钥加密一起使用,以秘密地传达密钥和 IV 的值。Because of these problems, secret-key encryption is often used together with public-key encryption to privately communicate the values of the key and IV.

假定 Alice 和 Bob 是想通过非安全通道进行通信的双方,则他们可能按如下所示使用密钥加密:Alice 和 Bob 同意使用某种具有特定密钥和 IV 的特定算法(例如 AES)。Assuming that Alice and Bob are two parties who want to communicate over a nonsecure channel, they might use secret-key encryption as follows: Alice and Bob agree to use one particular algorithm (AES, for example) with a particular key and IV. Alice 撰写一条消息,并创建要在其上发送消息的网络流(可能为命名管道或网络电子邮件)。Alice composes a message and creates a network stream (perhaps a named pipe or network email) on which to send the message. 接下来,她使用密钥和 IV 对文本进行加密,然后通过 intranet 向 Bob 发送加密的消息和 IV。Next, she encrypts the text using the key and IV, and sends the encrypted message and IV to Bob over the intranet. Bob 收到加密文本并使用 IV 和之前商定的密钥对其进行解密。Bob receives the encrypted text and decrypts it by using the IV and previously agreed upon key. 如果传输遭到截获,侦听者无法恢复原始消息,因为他不知道密钥。If the transmission is intercepted, the interceptor cannot recover the original message, because he does not know the key. 在此方案中,只有密钥必须保持机密。In this scenario, only the key must remain secret. 在实际方案中,Alice 和 Bob 都可以生成密钥并使用公钥(非对称)加密将密钥(对称)传递给另一方。In a real world scenario, either Alice or Bob generates a secret key and uses public-key (asymmetric) encryption to transfer the secret (symmetric) key to the other party. 有关公钥加密的详细信息,请参阅下一节。For more information about public-key encryption, see the next section.

.NET Framework 提供以下实现密钥加密算法的类:The .NET Framework provides the following classes that implement secret-key encryption algorithms:

公钥加密Public-Key Encryption

公钥加密使用必须对从未经授权的用户保密的私钥和可以公开给任何人的公钥。Public-key encryption uses a private key that must be kept secret from unauthorized users and a public key that can be made public to anyone. 从数学上来讲,公钥和私钥是相互链接的;使用公钥加密的数据只能用私钥解密,而使用私钥签名的数据只能使用公钥进行验证。The public key and the private key are mathematically linked; data that is encrypted with the public key can be decrypted only with the private key, and data that is signed with the private key can be verified only with the public key. 公钥可供任何人使用;它用加密要发到送私钥所有者的数据。The public key can be made available to anyone; it is used for encrypting data to be sent to the keeper of the private key. 公钥加密算法也称为非对称算法,因为加密数据需要一个密钥,而解密数据需要另一个密钥。Public-key cryptographic algorithms are also known as asymmetric algorithms because one key is required to encrypt data, and another key is required to decrypt data. 基本加密规则禁止密钥重复使用,并且每个通信会话的两个密钥应该是独有的。A basic cryptographic rule prohibits key reuse, and both keys should be unique for each communication session. 但是,在实践中,非对称密钥的生存期通常很长。However, in practice, asymmetric keys are generally long-lived.

双方(Alice 和 Bob)可能按如下所示使用公钥加密:首先,Alice 生成公钥/私钥对。Two parties (Alice and Bob) might use public-key encryption as follows: First, Alice generates a public/private key pair. 如果 Bob 想要向 Alice 发送一条已加密的消息,他会向她索要公钥。If Bob wants to send Alice an encrypted message, he asks her for her public key. Alice 通过非安全网络向 Bob 发送她的公钥,然后 Bob 使用此密钥对消息进行加密。Alice sends Bob her public key over a nonsecure network, and Bob uses this key to encrypt a message. Bob 将加密的消息发送给 Alice,然后她将使用自己的私钥对其进行解密。Bob sends the encrypted message to Alice, and she decrypts it by using her private key. 如果 Bob 通过非安全通道收到 Alice 的密钥(例如,公用网络),则 Bob 容易受到中间人攻击。If Bob received Alice's key over a nonsecure channel, such as a public network, Bob is open to a man-in-the-middle attack. 因此,Bob 必须与 Alice 确认他具有其公钥的正确副本。Therefore, Bob must verify with Alice that he has a correct copy of her public key.

在 Alice 公钥的传输期间,未经授权的代理可能会截获此密钥。During the transmission of Alice's public key, an unauthorized agent might intercept the key. 此外,同一代理可能会截获来自 Bob 的加密消息。Furthermore, the same agent might intercept the encrypted message from Bob. 不过,此代理不能使用公钥解密此消息。However, the agent cannot decrypt the message with the public key. 该消息只能用 Alice 的私钥进行解密,而该私钥没有进行传输。The message can be decrypted only with Alice's private key, which has not been transmitted. Alice 不使用她的私钥加密给 Bob 的回复消息,因为任何具有公钥的人都可以解密此消息。Alice does not use her private key to encrypt a reply message to Bob, because anyone with the public key could decrypt the message. 如果 Alice 想要将消息回复给 Bob,她会向 Bob 索要他的公钥,并使用此公钥加密消息。If Alice wants to send a message back to Bob, she asks Bob for his public key and encrypts her message using that public key. 然后,Bob 将使用自己的关联私钥解密消息。Bob then decrypts the message using his associated private key.

在此方案中,Alice 和 Bob 使用公钥(非对称)加密来传输密钥(对称)并使用密钥加密对双方会话的其余部分进行加密。In this scenario, Alice and Bob use public-key (asymmetric) encryption to transfer a secret (symmetric) key and use secret-key encryption for the remainder of their session.

下表提供了公钥和密钥加密算法之间的比较:The following list offers comparisons between public-key and secret-key cryptographic algorithms:

  • 公钥加密算法使用固定的缓冲区大小,而密钥加密算法使用长度可变的缓冲区。Public-key cryptographic algorithms use a fixed buffer size, whereas secret-key cryptographic algorithms use a variable-length buffer.

  • 公钥算法不能用于以密钥算法可用的方式将数据一起链接到流中,因为只可以加密少量数据。Public-key algorithms cannot be used to chain data together into streams the way secret-key algorithms can, because only small amounts of data can be encrypted. 因此,不对称操作不使用与对称操作相同的流式处理模型。Therefore, asymmetric operations do not use the same streaming model as symmetric operations.

  • 相对于密钥加密,公钥加密具有大得多的密钥空间(密钥的可能值的范围)。Public-key encryption has a much larger keyspace (range of possible values for the key) than secret-key encryption. 因此,公钥加密更不易遭受尝试每个可能的密钥的穷举攻击。Therefore, public-key encryption is less susceptible to exhaustive attacks that try every possible key.

  • 公钥易于分发,因为它们不必要进行保护,前提是存在一些用来验证发件人身份的方式。Public keys are easy to distribute because they do not have to be secured, provided that some way exists to verify the identity of the sender.

  • 一些公钥算法(例如 RSA 和 DSA,但不是 Diffie-Hellman)可用于创建数字签名以验证数据发件人的身份。Some public-key algorithms (such as RSA and DSA, but not Diffie-Hellman) can be used to create digital signatures to verify the identity of the sender of data.

  • 公钥算法与密钥算法相比非常慢,且其设计目的不是用于加密大量数据。Public-key algorithms are very slow compared with secret-key algorithms, and are not designed to encrypt large amounts of data. 公钥算法仅对传输极少量的数据很有用。Public-key algorithms are useful only for transferring very small amounts of data. 通常情况下,公钥加密用于加密密钥算法要使用的密钥和 IV。Typically, public-key encryption is used to encrypt a key and IV to be used by a secret-key algorithm. 在密钥和 IV 传输完成后,密钥加密将用于对会话的其余部分加密。After the key and IV are transferred, secret-key encryption is used for the remainder of the session.

.NET Framework 提供了以下实现公钥加密算法的类:The .NET Framework provides the following classes that implement public-key encryption algorithms:

RSA 允许加密和签名,但 DSA 仅可用于签名,而 Diffie-Hellman 仅可用于生成密钥。RSA allows both encryption and signing, but DSA can be used only for signing, and Diffie-Hellman can be used only for key generation. 一般情况下,公钥算法的使用比私钥算法的更受限制。In general, public-key algorithms are more limited in their uses than private-key algorithms.

数字签名Digital Signatures

公钥算法还可用于构成数字签名。Public-key algorithms can also be used to form digital signatures. 数字签名会验证发件人的身份(如果信任发件人的公钥),并有助于保护数据的完整性。Digital signatures authenticate the identity of a sender (if you trust the sender's public key) and help protect the integrity of data. 使用 Alice 生成的公钥,Alice 的数据的收件人可通过将数字签名与 Alice 的数据及其公钥进行比较来验证数据是否由 Alice 发送。Using a public key generated by Alice, the recipient of Alice's data can verify that Alice sent it by comparing the digital signature to Alice's data and Alice's public key.

若要使用公钥加密以数字方式签署一条消息,Alice 首先要将哈希算法应用于此消息,以创建消息摘要。To use public-key cryptography to digitally sign a message, Alice first applies a hash algorithm to the message to create a message digest. 消息摘要是数据紧凑且唯一的表示形式。The message digest is a compact and unique representation of data. 然后,Alice 使用她的私钥加密此消息摘要,以创建她的个人签名。Alice then encrypts the message digest with her private key to create her personal signature. 在收到消息和签名后,Bob 将使用 Alice 的公钥解密签名,以恢复此消息摘要,并且将使用 Alice 所使用的同一个哈希算法对消息进行哈希运算。Upon receiving the message and signature, Bob decrypts the signature using Alice's public key to recover the message digest and hashes the message using the same hash algorithm that Alice used. 如果 Bob 计算的消息摘要与从 Alice 处收到的消息摘要完全匹配,Bob 就可以确定此消息来自私钥的持有人且数据不曾被修改。If the message digest that Bob computes exactly matches the message digest received from Alice, Bob is assured that the message came from the possessor of the private key and that the data has not been modified. 如果 Bob 信任 Alice 就是私钥的持有人,他就会知道此消息来自 Alice。If Bob trusts that Alice is the possessor of the private key, he knows that the message came from Alice.


任何人都可以验证签名,因为发件人的公钥众所周知,并且通常包含在数字签名格式中。A signature can be verified by anyone because the sender's public key is common knowledge and is typically included in the digital signature format. 此方法不会保留消息的秘密性;对于机密消息,它也必须加密。This method does not retain the secrecy of the message; for the message to be secret, it must also be encrypted.

.NET Framework 提供以下实现数字签名算法的类:The .NET Framework provides the following classes that implement digital signature algorithms:

哈希值Hash Values

哈希算法将任意长度的二进制值映射到较小的固定长度的二进制值,称为哈希值。Hash algorithms map binary values of an arbitrary length to smaller binary values of a fixed length, known as hash values. 哈希值是一段数据的数值表示形式。A hash value is a numerical representation of a piece of data. 如果对一段纯文本进行哈希处理,甚至只更改段落的一个字母,随后的哈希运算都将产生不同的值。If you hash a paragraph of plaintext and change even one letter of the paragraph, a subsequent hash will produce a different value. 如果哈希是加密型强哈希,则其值将有明显的更改。If the hash is cryptographically strong, its value will change significantly. 例如,如果更改了消息中的一个位,强哈希函数可能会生成相差 50% 的输出。For example, if a single bit of a message is changed, a strong hash function may produce an output that differs by 50 percent. 许多输入值可能哈希处理为相同的输出值。Many input values may hash to the same output value. 但是,它无法以计算方式找到哈希处理为同一值的两个不同的输入。However, it is computationally infeasible to find two distinct inputs that hash to the same value.

双方(Alice 和 Bob)可以使用哈希函数来确保消息的完整性。Two parties (Alice and Bob) could use a hash function to ensure message integrity. 他们会选择要对其消息进行签名的哈希算法。They would select a hash algorithm to sign their messages. Alice 将编写一条消息,然后使用所选的算法为此消息创建一个哈希值。Alice would write a message, and then create a hash of that message by using the selected algorithm. 然后,他们将按以下方法之一执行操作:They would then follow one of the following methods:

  • Alice 向 Bob 发送纯文本消息和经过哈希处理的消息(数字签名)。Alice sends the plaintext message and the hashed message (digital signature) to Bob. Bob 接收消息并进行哈希处理,然后将其哈希值与从 Alice 处接收到的哈希值进行比较。Bob receives and hashes the message and compares his hash value to the hash value that he received from Alice. 如果哈希值相同,则消息未更改。If the hash values are identical, the message was not altered. 如果值不同,则消息在 Alice 编写后遭到更改。If the values are not identical, the message was altered after Alice wrote it.

    遗憾的是,此方法不会确定发件人的真伪。Unfortunately, this method does not establish the authenticity of the sender. 任何人都可以模仿 Alice 并向 Bob 发送消息。Anyone can impersonate Alice and send a message to Bob. 他们可以使用相同的哈希算法来签署消息,而 Bob 可确定的只是消息与它的签名相匹配。They can use the same hash algorithm to sign their message, and all Bob can determine is that the message matches its signature. 这是中间人攻击的一种形式。This is one form of a man-in-the-middle attack. 有关详细信息,请参阅下一代加密技术(CNG)安全通信示例For more information, see Cryptography Next Generation (CNG) Secure Communication Example.

  • Alice 通过非安全的公共通道向 Bob 发送纯文本消息。Alice sends the plaintext message to Bob over a nonsecure public channel. Alice 通过安全的专用通道向 Bob 发送经过哈希处理的消息。She sends the hashed message to Bob over a secure private channel. Bob 接收纯文本消息,对其进行哈希处理并将此哈希值与私下交换的哈希值进行比较。Bob receives the plaintext message, hashes it, and compares the hash to the privately exchanged hash. 如果哈希值匹配,则 Bob 知道两件事:If the hashes match, Bob knows two things:

    • 消息未被更改。The message was not altered.

    • 消息的发件人 (Alice) 是可信的。The sender of the message (Alice) is authentic.

    为使此系统发挥作用,Alice 必须对 Bob 之外的所有方隐藏她的原始哈希值。For this system to work, Alice must hide her original hash value from all parties except Bob.

  • Alice 通过非安全的公共通道向 Bob 发送纯文本消息,并将经过哈希处理的消息放置在其公开可见的网站上。Alice sends the plaintext message to Bob over a nonsecure public channel and places the hashed message on her publicly viewable Web site.

    此方法可以通过防止任何人修改哈希值,从而防止消息遭到篡改。This method prevents message tampering by preventing anyone from modifying the hash value. 尽管任何人都可读取此消息及其哈希值,但只有 Alice 可以更改哈希值。Although the message and its hash can be read by anyone, the hash value can be changed only by Alice. 想要模仿 Alice 的攻击者将需要访问 Alice 的网站。An attacker who wants to impersonate Alice would require access to Alice's Web site.

之前的方法都无法防止他人读取 Alice 的消息,因为消息是以纯文本的形式传输的。None of the previous methods will prevent someone from reading Alice's messages, because they are transmitted in plaintext. 完整安全模式通常要求数字签名(消息签名)和加密。Full security typically requires digital signatures (message signing) and encryption.

.NET Framework 提供了以下实现哈希算法的类:The .NET Framework provides the following classes that implement hashing algorithms:


MD5 的设计缺陷发现于 1996 年,并建议改用 SHA-1。MD5 design flaws were discovered in 1996, and SHA-1 was recommended instead. 在 2004 年,发现了其他缺陷,MD5 算法被认为不再安全。In 2004, additional flaws were discovered, and the MD5 algorithm is no longer considered secure. Sha-1 算法也发现不安全,现在建议改用 SHA-2。The SHA-1 algorithm has also been found to be insecure, and SHA-2 is now recommended instead.

随机数生成Random Number Generation

随机数生成是很多加密操作的必要组成部分。Random number generation is integral to many cryptographic operations. 例如,加密密钥需要尽可能的随机,以便使其很难再现。For example, cryptographic keys need to be as random as possible so that it is infeasible to reproduce them. 加密随机数生成器必须生成在计算上预测的可能性不可大于 50% 的输出。Cryptographic random number generators must generate output that is computationally infeasible to predict with a probability that is better than one half. 因此,预测下一个输出位的任何方法均不能比随机推测执行地更好。Therefore, any method of predicting the next output bit must not perform better than random guessing. .NET Framework 中的类使用随机数生成器来生成加密密钥。The classes in the .NET Framework use random number generators to generate cryptographic keys.

RNGCryptoServiceProvider 类是随机数生成器算法的一个实现。The RNGCryptoServiceProvider class is an implementation of a random number generator algorithm.

ClickOnce 清单ClickOnce Manifests

在 .NET Framework 3.5 中,以下加密类使你可以获取并验证有关使用ClickOnce 技术部署的应用程序的清单签名的信息:In the .NET Framework 3.5, the following cryptography classes let you obtain and verify information about manifest signatures for applications that are deployed using ClickOnce technology:

此外,以下类提供特定的签名信息:In addition, the following classes provide specific signature information:

Suite B 支持Suite B Support

.NET Framework 3.5 支持国家安全局(NSA)发布的 Suite B 一组加密算法。The .NET Framework 3.5 supports the Suite B set of cryptographic algorithms published by the National Security Agency (NSA). 有关 Suite B 的详细信息,请参阅 NSA Suite B 加密一览表For more information about Suite B, see the NSA Suite B Cryptography Fact Sheet.

包括以下算法:The following algorithms are included:

  • 用于加密的密钥大小为 128、192 和 256 位的高级加密标准 (AES) 算法。Advanced Encryption Standard (AES) algorithm with key sizes of 128, 192, , and 256 bits for encryption.

  • 用于哈希处理的安全哈希算法 SHA-1、SHA-256、SHA-384 和 SHA-512。Secure Hash Algorithms SHA-1, SHA-256, SHA-384, and SHA-512 for hashing. (最后三个通常分在一组,称为 SHA-2。)(The last three are generally grouped together and referred to as SHA-2.)

  • 使用 256 位、384 位和 521 位素数模数曲线进行签名的椭圆曲线数字签名算法 (ECDSA)。Elliptic Curve Digital Signature Algorithm (ECDSA), using curves of 256-bit, 384-bit, and 521-bit prime moduli for signing. NSA 文档具体定义了这些曲线并将其称为 P-256、P-384 和 P-521。The NSA documentation specifically defines these curves, and calls them P-256, P-384, and P-521. 此算法由 ECDsaCng 类提供。This algorithm is provided by the ECDsaCng class. 它允许你使用私钥进行签名并使用的公钥对签名进行验证。It enables you to sign with a private key and verify the signature with a public key.

  • 使用 256 位、384 位和 521 位素数模数曲线进行密钥交换和机密协议的椭圆曲线 Diffie-Hellman (ECDH) 算法。Elliptic Curve Diffie-Hellman (ECDH) algorithm, using curves of 256-bit, 384-bit, and 521-bit prime moduli for the key exchange and secret agreement. 此算法由 ECDiffieHellmanCng 类提供。This algorithm is provided by the ECDiffieHellmanCng class.

美国联邦信息处理标准 (FIPS) 认证实现的 AES、SHA-256、SHA-384 和 SHA-512 实现的托管代码包装在新的 AesCryptoServiceProviderSHA256CryptoServiceProviderSHA384CryptoServiceProviderSHA512CryptoServiceProvider 类中可用。Managed code wrappers for the Federal Information Processing Standard (FIPS) certified implementations of the AES, SHA-256, SHA-384, and SHA-512 implementations are available in the new AesCryptoServiceProvider, SHA256CryptoServiceProvider, SHA384CryptoServiceProvider, and SHA512CryptoServiceProvider classes.

下一代加密技术 (CNG) 类Cryptography Next Generation (CNG) Classes

下一代加密技术 (CNG) 类提供了围绕本机 CNG 函数的托管包装。The Cryptography Next Generation (CNG) classes provide a managed wrapper around the native CNG functions. (CNG 是 CryptoAPI 的替代。)这些类的名称中包含 "Cng"。(CNG is the replacement for CryptoAPI.) These classes have "Cng" as part of their names. “中心到 CNG”包装类是 CngKey 密钥容器类,它将提取 CNG 密钥的存储和用法。Central to the CNG wrapper classes is the CngKey key container class, which abstracts the storage and use of CNG keys. 此类允许安全地存储密钥对或公钥并使用简单的字符串名称对其进行引用。This class lets you store a key pair or a public key securely and refer to it by using a simple string name. 基于椭圆曲线的 ECDsaCng 签名类和 ECDiffieHellmanCng 加密类可以使用 CngKey 对象。The elliptic curve-based ECDsaCng signature class and the ECDiffieHellmanCng encryption class can use CngKey objects.

CngKey 类用于各种其他操作,包括打开、创建、删除和导出密钥。The CngKey class is used for a variety of additional operations, including opening, creating, deleting, and exporting keys. 在直接调用本机函数时,它还提供对要使用的基础密钥句柄的访问。It also provides access to the underlying key handle to use when calling native functions directly.

.NET Framework 3.5 还包括各种支持的 CNG 类,如下所示:The .NET Framework 3.5 also includes a variety of supporting CNG classes, such as the following:

TitleTitle 描述Description
加密模型Cryptography Model 介绍如何在基类库中实现加密。Describes how cryptography is implemented in the base class library.
演练:创建加密应用程序Walkthrough: Creating a Cryptographic Application 演示基本加密和解密任务。Demonstrates basic encryption and decryption tasks.
配置加密类Configuring Cryptography Classes 介绍如何将算法名称映射到加密类,以及如何将对象标识符映射到加密算法。Describes how to map algorithm names to cryptographic classes and map object identifiers to a cryptographic algorithm.