CipherMode 列舉

定義

指定要用來加密的區塊加密模式。Specifies the block cipher mode to use for encryption.

public enum class CipherMode
public enum CipherMode
[System.Serializable]
public enum CipherMode
[System.Runtime.InteropServices.ComVisible(true)]
[System.Serializable]
public enum CipherMode
type CipherMode = 
Public Enum CipherMode
繼承
CipherMode
屬性

欄位

CBC 1

密碼區塊鏈結 (Cipher Block Chaining,CBC) 模式會引用回饋。The Cipher Block Chaining (CBC) mode introduces feedback. 在每個純文字區塊被加密之前,會以位元互斥 OR 運算將它與前一個區塊的密碼文字相結合。Before each plain text block is encrypted, it is combined with the cipher text of the previous block by a bitwise exclusive OR operation. 這樣可以確保即使純文字含有許多相同的區塊,也會各自被加密成為不同的密碼文字區塊。This ensures that even if the plain text contains many identical blocks, they will each encrypt to a different cipher text block. 初始化向量在區塊被加密之前,會與第一個純文字區塊以位元互斥 OR 運算結合。The initialization vector is combined with the first plain text block by a bitwise exclusive OR operation before the block is encrypted. 如果密碼文字區塊的單一位元受損,對應的純文字區塊也會受損。If a single bit of the cipher text block is mangled, the corresponding plain text block will also be mangled. 此外,在後續區塊中,與原來受損位元在同一位置的位元也會受損。In addition, a bit in the subsequent block, in the same position as the original mangled bit, will be mangled.

CFB 4

密碼回饋 (Cipher Feedback,CFB) 模式會將純文字以小量的增量方式處理成密碼文字,而不是一次處理整個區塊。The Cipher Feedback (CFB) mode processes small increments of plain text into cipher text, instead of processing an entire block at a time. 這個模式會使用移位 (Shift) 暫存器,它的長度為一個區塊並且分成若干個區段。This mode uses a shift register that is one block in length and is divided into sections. 舉例來說,如果區塊的大小為 8 個位元組,每次處理一個位元組,那麼位移暫存器就會分成八個區段。For example, if the block size is 8 bytes, with one byte processed at a time, the shift register is divided into eight sections. 如果密碼文字中某個位元受損,那麼就會有一個純文字位元受損,而且位移暫存器也就損毀了。If a bit in the cipher text is mangled, one plain text bit is mangled and the shift register is corrupted. 這樣會造成接下來的幾個純文字增量也跟著受損,直到損壞的位元被位移到位移暫存器之外為止。This results in the next several plain text increments being mangled until the bad bit is shifted out of the shift register. 預設的回饋大小可能因演算法而異,但通常是 8 個位元或是區塊大小的位元數。The default feedback size can vary by algorithm, but is typically either 8 bits or the number of bits of the block size. 您可以使用 FeedbackSize 屬性來變更回饋的位元數。You can alter the number of feedback bits by using the FeedbackSize property. 支援 CFB 的演算法會使用這個屬性來設定回饋。Algorithms that support CFB use this property to set the feedback.

CTS 5

密碼文字竊取 (Cipher Text Stealing,CTS) 模式可處理任何長度的純文字,並且會產生與純文字長度相符的密碼文字。The Cipher Text Stealing (CTS) mode handles any length of plain text and produces cipher text whose length matches the plain text length. 這個模式的行為除了純文字的最後兩個區塊之外,其餘都很像是 CBC 模式。This mode behaves like the CBC mode for all but the last two blocks of the plain text.

ECB 2

電子密碼書 (Electronic Codebook,ECB) 模式會個別加密每一個區塊。The Electronic Codebook (ECB) mode encrypts each block individually. 任何相同且在同一訊息中 (或在不同訊息中而以相同金鑰加密) 的純文字區塊,都會被轉換成相同的密碼文字區塊。Any blocks of plain text that are identical and in the same message, or that are in a different message encrypted with the same key, will be transformed into identical cipher text blocks. 重要資訊:不建議您使用這個模式,因為這會使系統門戶洞開,讓許多安全性入侵程式有機可趁。Important: This mode is not recommended because it opens the door for multiple security exploits. 如果要加密的純文字含有相當多的重複,那麼密碼文字有可能一次被破解一個區塊。If the plain text to be encrypted contains substantial repetition, it is feasible for the cipher text to be broken one block at a time. 也有可能使用區塊分析來判斷加密金鑰。It is also possible to use block analysis to determine the encryption key. 此外,積極的入侵者還可以取代和交換個別區塊而不被察覺,也就是可以在不知不覺中將區塊儲存並插入至資料流的其他位置。Also, an active adversary can substitute and exchange individual blocks without detection, which allows blocks to be saved and inserted into the stream at other points without detection.

OFB 3

輸出回饋 (Output Feedback,OFB) 模式會將純文字以小量的增量方式處理成密碼文字,而不是一次處理整個區塊。The Output Feedback (OFB) mode processes small increments of plain text into cipher text instead of processing an entire block at a time. 這個模式很類似 CFB;這兩個模式唯一的差異在於填入位移暫存器的方式。This mode is similar to CFB; the only difference between the two modes is the way that the shift register is filled. 如果密碼文字中某個位元受損,對應的純文字位元也會受損。If a bit in the cipher text is mangled, the corresponding bit of plain text will be mangled. 但是,如果密碼文字中有多出來的或遺失的位元,那麼從該處開始的純文字都會受損。However, if there are extra or missing bits from the cipher text, the plain text will be mangled from that point on.

備註

區塊密碼演算法會以區塊單位來加密資料,而不是一次以單一位元組來加密。Block cipher algorithms encrypt data in block units, rather than a single byte at a time. 最常見的區塊大小是8個位元組。The most common block size is 8 bytes. 因為每個區塊會進行大量處理,所以區塊加密提供的安全性層級比串流密碼更高。Because each block is heavily processed, block ciphers provide a higher level of security than stream ciphers. 不過,區塊加密演算法的執行速度會比串流密碼來得慢。However, block cipher algorithms tend to execute more slowly than stream ciphers.

區塊密碼對每個區塊使用相同的加密演算法。Block ciphers use the same encryption algorithm for each block. 因此,純文字區塊在使用相同的金鑰和演算法加密時,一律會傳回相同的加密文字。Because of this, a block of plain text will always return the same cipher text when encrypted with the same key and algorithm. 因為此行為可以用來破解加密,所以會引進加密模式,以根據舊版區塊加密的意見反應來修改加密程式。Because this behavior can be used to crack a cipher, cipher modes are introduced that modify the encryption process based on feedback from earlier block encryptions. 產生的加密提供比簡單的區塊加密更高層級的安全性。The resulting encryption provides a higher level of security than a simple block encryption.

適用於

另請參閱