密碼編譯服務Cryptographic Services

公用網路(例如網際網路)無法在兩實體之間提供一種可安全通訊的方式。Public networks such as the Internet do not provide a means of secure communication between entities. 這類網路上的通訊很容易被人讀取,或是被未經授權的協力廠商所修改。Communication over such networks is susceptible to being read or even modified by unauthorized third parties. 密碼編譯有助於保護資料不受人檢視,可提供一種方式來偵測資料是否已遭修改,比起其他非安全的通道,它有助提供安全的通訊方式。Cryptography helps protect data from being viewed, provides ways to detect whether data has been modified, and helps provide a secure means of communication over otherwise nonsecure channels. 比方說,可以利用密碼編譯演算法來加密資料,並以加密的狀態傳送,而稍後由指定的一方解密資料。For example, data can be encrypted by using a cryptographic algorithm, transmitted in an encrypted state, and later decrypted by the intended party. 假使第三方攔截到加密資料,也難以破解。If a third party intercepts the encrypted data, it will be difficult to decipher.

在 .NET Framework 中,在 System.Security.Cryptography 類別的命名空間可為您管理許多密碼編譯的細節。In the .NET Framework, the classes in the System.Security.Cryptography namespace manage many details of cryptography for you. 其中某些類別是 Unmanaged Microsoft CryptoAPI 的包裝函式,其他則純粹是 Managed 實作。Some are wrappers for the unmanaged Microsoft Cryptography API (CryptoAPI), while others are purely managed implementations. 您不用是加密專家才能使用這些類別。You do not need to be an expert in cryptography to use these classes. 當您在其中一個加密演算法類別中建立新執行個體時,會自動產生金鑰以便於使用,而且預設屬性盡可能以安全為主。When you create a new instance of one of the encryption algorithm classes, keys are autogenerated for ease of use, and default properties are as safe and secure as possible.

本總覽提供 .NET Framework 支援的加密方法和做法的概要,包括 .NET Framework 3.5 中引進的 ClickOnce 資訊清單、Suite B 和新一代密碼編譯(CNG)支援。This overview provides a synopsis of the encryption methods and practices supported by the .NET Framework, including the ClickOnce manifests, Suite B, and Cryptography Next Generation (CNG) support introduced in the .NET Framework 3.5.

如需有關密碼編譯、Microsoft 服務、元件,以及可讓您新增密碼編譯安全性至應用程式之工具的相關資訊,請參閱此文件安全性之<Win32 和 COM 開發>一節。For additional information about cryptography and about Microsoft services, components, and tools that enable you to add cryptographic security to your applications, see the Win32 and COM Development, Security section of this documentation.

密碼編譯基本類型Cryptographic Primitives

通常會使用密碼編譯情況是,兩方 (Alice 和 Bob) 透過不安全的通道通訊時。In a typical situation where cryptography is used, two parties (Alice and Bob) communicate over a nonsecure channel. Alice 和 Bob 想確保兩人間的通訊,不被可能正在接聽的任何人所理解。Alice and Bob want to ensure that their communication remains incomprehensible by anyone who might be listening. 不僅如此,由於 Alice 和 Bob 兩人身處遠端,Alice 必須確保在傳輸期間,她所接收到來自 Bob 的資訊未被任何人竄改。Furthermore, because Alice and Bob are in remote locations, Alice must make sure that the information she receives from Bob has not been modified by anyone during transmission. 此外,她必須確保資訊的確來自 Bob,而非假扮成他的人。In addition, she must make sure that the information really does originate from Bob and not from someone who is impersonating Bob.

密碼編譯的用途為達成下列目標:Cryptography is used to achieve the following goals:

  • 機密性:協助保護使用者的身分或資料不被他人讀取。Confidentiality: To help protect a user's identity or data from being read.

  • 資料完整性:協助保護資料不遭人變更。Data integrity: To help protect data from being changed.

  • 驗證:確保資料來自特定對象。Authentication: To ensure that data originates from a particular party.

  • 不可否認性:防止特定對象否認自己曾傳送訊息。Non-repudiation: To prevent a particular party from denying that they sent a message.

若要達成這些目標,您可以將演算法與稱為密碼編譯基本類型的做法搭配組合,以創造密碼編譯的配置。To achieve these goals, you can use a combination of algorithms and practices known as cryptographic primitives to create a cryptographic scheme. 下表列出密碼編譯基本類型以及它們的用法。The following table lists the cryptographic primitives and their uses.

密碼編譯基本類型Cryptographic primitive 使用Use
私密金鑰加密 (對稱密碼編譯)Secret-key encryption (symmetric cryptography) 執行資料轉換,以防止第三方讀取。Performs a transformation on data to keep it from being read by third parties. 這類加密使用單一共用的私密金鑰來加密和解密資料。This type of encryption uses a single shared, secret key to encrypt and decrypt data.
公開金鑰加密 (非對稱密碼編譯)Public-key encryption (asymmetric cryptography) 執行資料轉換,以防止第三方讀取。Performs a transformation on data to keep it from being read by third parties. 這類加密使用公開/私密金鑰組來加密和解密資料。This type of encryption uses a public/private key pair to encrypt and decrypt data.
密碼編譯簽署Cryptographic signing 可以透過專屬於該對象數位簽章,確認資料來自特定對象。Helps verify that data originates from a specific party by creating a digital signature that is unique to that party. 此程序也會使用雜湊函式。This process also uses hash functions.
密碼編譯雜湊Cryptographic hashes 將資料從任何長度對應至固定長度的位元組序列。Maps data from any length to a fixed-length byte sequence. 雜湊是統計上唯一一種不同兩個位元組序列,而且不會出現相同值的雜湊。Hashes are statistically unique; a different two-byte sequence will not hash to the same value.

私密金鑰加密Secret-Key Encryption

私密金鑰加密演算法使用單一私密金鑰來加密或解密資料。Secret-key encryption algorithms use a single secret key to encrypt and decrypt data. 您必須確認未經授權的代理程式無法存取金鑰,因為任何具有金鑰的一方可用它來解密您的資料或加密自己的資料,並宣告資料來自於您。You must secure the key from access by unauthorized agents, because any party that has the key can use it to decrypt your data or encrypt their own data, claiming it originated from you.

私密金鑰加密也稱為對稱式加密,因為加密和解密可用相同的金鑰。Secret-key encryption is also referred to as symmetric encryption because the same key is used for encryption and decryption. 相較於公開金鑰演算法,秘密金鑰加密演算法十分迅速,並且適用於執行大型流量資料的密碼編譯轉換。Secret-key encryption algorithms are very fast (compared with public-key algorithms) and are well suited for performing cryptographic transformations on large streams of data. 例如 RSA 的非對稱式加密演算法,在多少資料可以加密的數學相關方面則受到限制。Asymmetric encryption algorithms such as RSA are limited mathematically in how much data they can encrypt. 對稱式加密演算法通常不具備這些問題。Symmetric encryption algorithms do not generally have those problems.

一種稱為區塊編碼器的私密金鑰演算法,可用來一次加密一個資料區塊。A type of secret-key algorithm called a block cipher is used to encrypt one block of data at a time. 像是資料加密標準 (DES)、TripleDES、進階加密標準 (AES) 這類區塊編碼器,會以密碼編譯方式將 n 個位元組的輸入區塊轉換成加密位元組輸出區塊。Block ciphers such as Data Encryption Standard (DES), TripleDES, and Advanced Encryption Standard (AES) cryptographically transform an input block of n bytes into an output block of encrypted bytes. 如果您想要加密或解密位元組序列,就必以區塊為單位進行。If you want to encrypt or decrypt a sequence of bytes, you have to do it block by block. 因為 n 很小 (DES 和 TripleDES 為 8 個位元組;AES 為 16 個位元組 [預設值]、24 個位元組或 32 個位元組),所以大於 n 的資料值必須一次以一個區塊為單位加密。Because n is small (8 bytes for DES and TripleDES; 16 bytes [the default], 24 bytes, or 32 bytes for AES), data values that are larger than n have to be encrypted one block at a time. 資料值小於 n 必須展開成 n 以便進行處理。Data values that are smaller than n have to be expanded to n in order to be processed.

有一種簡易的區塊編碼器型式,稱為電子碼書 (ECB) 模式。One simple form of block cipher is called the electronic codebook (ECB) mode. ECB 模式並不算安全,因為它不會使用初始化向量來初始化第一個純文字區塊。ECB mode is not considered secure, because it does not use an initialization vector to initialize the first plaintext block. 對於某個指定的私密金鑰 k,不使用初始化向量的簡單區塊編碼器會將同一個純文字輸入區塊加密成同一個加密文字輸出區塊。For a given secret key k, a simple block cipher that does not use an initialization vector will encrypt the same input block of plaintext into the same output block of ciphertext. 因此,如果您的輸入純文字資料流中有重複的區塊,在輸出加密文字資料流中也會有重複區塊。Therefore, if you have duplicate blocks in your input plaintext stream, you will have duplicate blocks in your output ciphertext stream. 這些重複的輸出區塊會警示未經授權的使用者,可能已採用弱式加密之演算法,以及可能的攻擊模式。These duplicate output blocks alert unauthorized users to the weak encryption used the algorithms that might have been employed, and the possible modes of attack. 因此 ECB Cipher 模式比較容易對分析,以及最終的金鑰探索受到攻擊。The ECB cipher mode is therefore quite vulnerable to analysis, and ultimately, key discovery.

在基底類別程式庫中提供的的區塊編碼器類別會使用稱為 Cipher 區塊鏈結 (CBC) 的預設鏈結模式,但是若您想變更,也可以變更此預設值。The block cipher classes that are provided in the base class library use a default chaining mode called cipher-block chaining (CBC), although you can change this default if you want.

CBC 加密使用初始化向量 (IV) 來加密純文字的第一個區塊,克服了與 ECB 加密相關的問題。CBC ciphers overcome the problems associated with ECB ciphers by using an initialization vector (IV) to encrypt the first block of plaintext. 每個後續純文字區塊會經歷位元互斥,或是 (XOR) 在加密前與先前的加密文字區塊作業。Each subsequent block of plaintext undergoes a bitwise exclusive OR (XOR) operation with the previous ciphertext block before it is encrypted. 因此每個加密文字區塊都會與先前的所有區塊相依。Each ciphertext block is therefore dependent on all previous blocks. 當使用此系統時,可能會讓未授權使用者知道的通用訊息標頭,不能用來在金鑰上進行反向工程。When this system is used, common message headers that might be known to an unauthorized user cannot be used to reverse-engineer a key.

可能危及 CBC 加密資料的一種方法是徹底搜索每種可能的金鑰。One way to compromise data that is encrypted with a CBC cipher is to perform an exhaustive search of every possible key. 依據用來執行加密的金鑰大小而定,即使使用最迅速的電腦,這種搜尋仍然非常耗時,因此並不可行。Depending on the size of the key that is used to perform encryption, this kind of search is very time-consuming using even the fastest computers and is therefore infeasible. 較大的金鑰會更難破解。Larger key sizes are more difficult to decipher. 雖然理論上加密並非可讓對手完全無法擷取加密的資料,但是它卻會增加擷取資料的成本。Although encryption does not make it theoretically impossible for an adversary to retrieve the encrypted data, it does raise the cost of doing this. 如果需要花三個月的時間執行徹底搜尋,卻只擷取到在幾天內才具有意義的資料,則徹底搜尋就變得不切實際。If it takes three months to perform an exhaustive search to retrieve data that is meaningful only for a few days, the exhaustive search method is impractical.

私密金鑰加密的缺點是,它假設兩方都已同意一個金鑰與 IV,並且通訊過其值。The disadvantage of secret-key encryption is that it presumes two parties have agreed on a key and IV, and communicated their values. IV 不算是機密,而且能用訊息以純文字傳輸。The IV is not considered a secret and can be transmitted in plaintext with the message. 不過,金鑰必須保持機密,不可讓未授權使用者知道。However, the key must be kept secret from unauthorized users. 由於這些問題,私密金鑰加密通常會與公開金鑰加密搭配使用,以利私下通訊金鑰和 IV 的值。Because of these problems, secret-key encryption is often used together with public-key encryption to privately communicate the values of the key and IV.

假設 Alice 和 Bob 是想要透過非安全通道進行通訊的兩方,它們可使用私密金鑰加密,如下所示:Alice 和 Bob 同意將特定金鑰和特定 IV 與一種特定演算法 (例如 AES) 搭配使用。Assuming that Alice and Bob are two parties who want to communicate over a nonsecure channel, they might use secret-key encryption as follows: Alice and Bob agree to use one particular algorithm (AES, for example) with a particular key and IV. Alice 撰寫一則訊息,並建立要傳送訊息的網路串流(可能是具名管道或網路電子郵件)。Alice composes a message and creates a network stream (perhaps a named pipe or network email) on which to send the message. 接下來,她使用金鑰和 IV 將文字加密,並透過內部網路傳送加密訊息和 IV 給 Bob。Next, she encrypts the text using the key and IV, and sends the encrypted message and IV to Bob over the intranet. Bob 收到加密文字,並使用該 IV 和先前同意的金鑰解密文字。Bob receives the encrypted text and decrypts it by using the IV and previously agreed upon key. 如果傳輸遭到攔截,攔截器就無法復原原始訊息,因為它們不知道金鑰。If the transmission is intercepted, the interceptor cannot recover the original message, because they do not know the key. 在此案例中,要保持機密的僅有金鑰。In this scenario, only the key must remain secret. 在真實案例中,Alice 或 Bob 兩方都沒有產生私密金鑰,而是使用公開金鑰 (非對稱式) 加密來傳輸私密 (對稱) 金鑰至其他對象。In a real world scenario, either Alice or Bob generates a secret key and uses public-key (asymmetric) encryption to transfer the secret (symmetric) key to the other party. (如需公開金鑰加密的詳細資訊,請參閱下一節)。For more information about public-key encryption, see the next section.

.NET Framework 提供下列可執行秘密金鑰加密演算法的類別:The .NET Framework provides the following classes that implement secret-key encryption algorithms:

公開金鑰加密Public-Key Encryption

公開金鑰需要使用一個需對未授權使用者保持機密的私密金鑰,以及一個可以對任何人公開的公開金鑰。Public-key encryption uses a private key that must be kept secret from unauthorized users and a public key that can be made public to anyone. 公開金鑰和私密金鑰以數學方式相連,以公開金鑰加密的資料只能用私密金鑰解密,而且以私密金鑰簽署的資料只能以公開金鑰驗證。The public key and the private key are mathematically linked; data that is encrypted with the public key can be decrypted only with the private key, and data that is signed with the private key can be verified only with the public key. 公開金鑰可開放給任何人;它是用來加密要傳送給私密金鑰持有者的資料。The public key can be made available to anyone; it is used for encrypting data to be sent to the keeper of the private key. 公開金鑰密碼編譯演算法也稱為非對稱演算法,因為一個金鑰需要用來加密資料,而另一個金鑰需要用來解密資料。Public-key cryptographic algorithms are also known as asymmetric algorithms because one key is required to encrypt data, and another key is required to decrypt data. 基本密碼編譯規則禁止重複使用金鑰,而且每個通訊工作階段中應有專屬的兩個金鑰。A basic cryptographic rule prohibits key reuse, and both keys should be unique for each communication session. 不過在實務上,非對稱金鑰通常存留較久。However, in practice, asymmetric keys are generally long-lived.

兩方 (Alice 和 Bob) 可能會使用公開金鑰加密,如下所示:首先 Alice 產生公開/私密金鑰組。Two parties (Alice and Bob) might use public-key encryption as follows: First, Alice generates a public/private key pair. 如果 Bob 想要傳送 Alice 加密訊息,他會像她要求她的公開金鑰。If Bob wants to send Alice an encrypted message, he asks her for her public key. Alice 透過非安全的網路將公開金鑰傳送 Bob,他會使用這個金鑰來加密訊息。Alice sends Bob her public key over a nonsecure network, and Bob uses this key to encrypt a message. Bob 將加密訊息傳送給 Alice,然後她會使用自己的私密金鑰解密。Bob sends the encrypted message to Alice, and she decrypts it by using her private key. 如果 Bob 透過非安全的通道收到 Alice 的金鑰,例如在公用網路,Bob 等於開放給攔截攻擊。If Bob received Alice's key over a nonsecure channel, such as a public network, Bob is open to a man-in-the-middle attack. 因此,Bob 必須與 Alice 確認他有她的公開金鑰正確副本。Therefore, Bob must verify with Alice that he has a correct copy of her public key.

在 Alice 使用公開金鑰傳輸的過程中,未經授權的代理程式可能會攔截到此金鑰。During the transmission of Alice's public key, an unauthorized agent might intercept the key. 此外,相同的代理程式可能會從 Bob 攔截到加密訊息。Furthermore, the same agent might intercept the encrypted message from Bob. 不過,代理程式無法使用公開金鑰解密訊息。However, the agent cannot decrypt the message with the public key. 若要解密訊息,只能搭配 Alice 未傳送的私用金鑰。The message can be decrypted only with Alice's private key, which has not been transmitted. Alice 並未使用她的私密金鑰來加密回覆訊息給 Bob,因為任何知道公開金鑰的人都能解密訊息。Alice does not use her private key to encrypt a reply message to Bob, because anyone with the public key could decrypt the message. 如果 Alice 想要將訊息回傳給 Bob,她會向他要求他的公開金鑰,並用該公開金鑰加密她的訊息。If Alice wants to send a message back to Bob, she asks Bob for his public key and encrypts her message using that public key. 然後 Bob 會使用他相關聯的私密金鑰解密訊息。Bob then decrypts the message using his associated private key.

在此案例中,Alice 和 Bob 使用公開金鑰 (非對稱) 加密来傳送私密 (對稱) 金鑰,並在工作階段的其餘部分使用私密金鑰加密。In this scenario, Alice and Bob use public-key (asymmetric) encryption to transfer a secret (symmetric) key and use secret-key encryption for the remainder of their session.

下列清單提供公開金鑰和私密金鑰密碼編譯演算法之間的比較:The following list offers comparisons between public-key and secret-key cryptographic algorithms:

  • 公開金鑰密碼編譯演算法會使用固定的緩衝區大小,而私密金鑰密碼編譯演算法使用可變長度的緩衝區。Public-key cryptographic algorithms use a fixed buffer size, whereas secret-key cryptographic algorithms use a variable-length buffer.

  • 公開金鑰演算法無法像私密金鑰演算法一樣,可將資料鏈結成資料流,因為只有小量資料可以被加密。Public-key algorithms cannot be used to chain data together into streams the way secret-key algorithms can, because only small amounts of data can be encrypted. 因此,非對稱作業不像對稱作業一樣,可使用相同的資料流模型。Therefore, asymmetric operations do not use the same streaming model as symmetric operations.

  • 公開金鑰加密與私密金鑰加密相比,有一個較大的金鑰空間 (金鑰可能值的範圍)。Public-key encryption has a much larger keyspace (range of possible values for the key) than secret-key encryption. 因此,公開金鑰加密較不易受到徹底搜索每個可能金鑰的攻擊。Therefore, public-key encryption is less susceptible to exhaustive attacks that try every possible key.

  • 公開金鑰不需要受到保護,所以可輕鬆地散發,前提是有已知方法來驗證寄件者。Public keys are easy to distribute because they do not have to be secured, provided that some way exists to verify the identity of the sender.

  • 有些公開金鑰演算法 (例如 RSA 和 DSA,但非 Diffie-hellman) 可用來建立數位簽章,以驗證資料寄件者的身份識別。Some public-key algorithms (such as RSA and DSA, but not Diffie-Hellman) can be used to create digital signatures to verify the identity of the sender of data.

  • 相較於私密金鑰演算法,公開金鑰演算法速度很慢,並非設計來加密大量資料。Public-key algorithms are very slow compared with secret-key algorithms, and are not designed to encrypt large amounts of data. 公開金鑰演算法只適合傳送非常少量的資料。Public-key algorithms are useful only for transferring very small amounts of data. 通常,公開金鑰加密是用來加密要使用私密金鑰演算法來加密的金鑰和 IV。Typically, public-key encryption is used to encrypt a key and IV to be used by a secret-key algorithm. 金鑰和 IV 傳送之後,其餘的工作階段會使用私密金鑰加密。After the key and IV are transferred, secret-key encryption is used for the remainder of the session.

.NET Framework 提供下列執行公開金鑰加密演算法的類別:The .NET Framework provides the following classes that implement public-key encryption algorithms:

RSA 允許加密和簽章,但是 DSA 只能用於簽章,而且 Diffie-hellman 僅用於產生金鑰。RSA allows both encryption and signing, but DSA can be used only for signing, and Diffie-Hellman can be used only for key generation. 一般來說,公開金鑰演算法在用途上比私密金鑰演算法更受到限制。In general, public-key algorithms are more limited in their uses than private-key algorithms.

數位簽章Digital Signatures

公開金鑰演算法也可用於形成數位簽章。Public-key algorithms can also be used to form digital signatures. 數位簽章驗證的寄件者的身份識別 (如果您信任該寄件者的公開金鑰),並協助保護資料的完整性。Digital signatures authenticate the identity of a sender (if you trust the sender's public key) and help protect the integrity of data. 使用 Alice 所產生的公開金鑰,Alice 資料的收件者可以藉由比較 Alice 資料與其公開金鑰的數位簽章,確認傳送者為 Alice。Using a public key generated by Alice, the recipient of Alice's data can verify that Alice sent it by comparing the digital signature to Alice's data and Alice's public key.

若要使用公開金鑰密碼編譯來數位簽署訊息,Alice 必須先在訊息中套用雜湊演算法來建立訊息摘要。To use public-key cryptography to digitally sign a message, Alice first applies a hash algorithm to the message to create a message digest. 訊息摘要是資料壓縮和獨特的表示方式。The message digest is a compact and unique representation of data. Alice 接著會使用她的私密金鑰來建立個人簽章,並加密訊息摘要。Alice then encrypts the message digest with her private key to create her personal signature. 收到訊息和簽章後,Bob 會使用 Alice 的公開金鑰來復原訊息摘要,並用與 Alice 所用的相同雜湊演算法來雜湊簽章。Upon receiving the message and signature, Bob decrypts the signature using Alice's public key to recover the message digest and hashes the message using the same hash algorithm that Alice used. 如果 Bob 所計算的訊息摘要符合從 Alice 收到的訊息摘要,Bob 就可以確信訊息來自私密金鑰的擁有人,且資料未被修改。If the message digest that Bob computes exactly matches the message digest received from Alice, Bob is assured that the message came from the possessor of the private key and that the data has not been modified. 如果 Bob 信任 Alice 就是私密金鑰的擁有人,他就知道訊息來自 Alice。If Bob trusts that Alice is the possessor of the private key, he knows that the message came from Alice.


任何人都可以驗證簽章,因為寄件者的公開金鑰是通用資訊,而且通常包含於數位簽章格式中。A signature can be verified by anyone because the sender's public key is common knowledge and is typically included in the digital signature format. 此方法不保留訊息的機密性,對於需要保密的訊息,還是必須經過加密。This method does not retain the secrecy of the message; for the message to be secret, it must also be encrypted.

.NET Framework 提供下列可執行數位簽章演算法的類別:The .NET Framework provides the following classes that implement digital signature algorithms:

雜湊值Hash Values

雜湊演算法會將任意長度的二進位值對應到固定長度較小的二進位值,又稱為雜湊值。Hash algorithms map binary values of an arbitrary length to smaller binary values of a fixed length, known as hash values. 雜湊值是一段資料的數值表示法。A hash value is a numerical representation of a piece of data. 如果您雜湊純文字段落,但只要變更了段落中的一個字母,後續的雜湊就會產生不同的值。If you hash a paragraph of plaintext and change even one letter of the paragraph, a subsequent hash will produce a different value. 如果雜湊密碼編譯的強度夠強,其值將會大幅變更。If the hash is cryptographically strong, its value will change significantly. 比方說,如果變更訊息的一小部份,強式雜湊函式可能會產生相異百分之 50 的輸出。For example, if a single bit of a message is changed, a strong hash function may produce an output that differs by 50 percent. 許多輸入的值可雜湊出相同的輸出值。Many input values may hash to the same output value. 不過,就運算資源而言,要找到兩個相異的輸入可雜湊處理至相同的值並不可行。However, it is computationally infeasible to find two distinct inputs that hash to the same value.

兩方 (Alice 和 Bob) 可以使用雜湊函式以確保訊息的完整性。Two parties (Alice and Bob) could use a hash function to ensure message integrity. 他們會選取雜湊演算法來簽署其訊息。They would select a hash algorithm to sign their messages. Alice 會寫入訊息,並使用所選的演算法建立該訊息的雜湊。Alice would write a message, and then create a hash of that message by using the selected algorithm. 接著他們會遵循下列方法之一:They would then follow one of the following methods:

  • Alice 傳送純文字訊息和雜湊訊息 (數位簽章) 給 Bob。Alice sends the plaintext message and the hashed message (digital signature) to Bob. Bob 收到後雜湊該訊息,並將他從 Alice 接收到的雜湊值與自己的雜湊值相比較。Bob receives and hashes the message and compares his hash value to the hash value that he received from Alice. 如果雜湊值完全相同,訊息未遭竄改。If the hash values are identical, the message was not altered. 如果值不相同,則 Alice 撰寫訊息後已遭修改。If the values are not identical, the message was altered after Alice wrote it.

    可惜這個方法無法確認寄件者的真實性。Unfortunately, this method does not establish the authenticity of the sender. 任何人都可以模擬 Alice 並傳送訊息給 Bob。Anyone can impersonate Alice and send a message to Bob. 他們可以使用相同的雜湊演算法來簽署訊息,而且 Bob 只能用符合其簽章的訊息來判斷。They can use the same hash algorithm to sign their message, and all Bob can determine is that the message matches its signature. 這是一種攔截攻擊的形式。This is one form of a man-in-the-middle attack. 如需詳細資訊,請參閱新一代密碼編譯(CNG)安全通訊範例For more information, see Cryptography Next Generation (CNG) Secure Communication Example.

  • Alice 透過非安全的公用通道傳送純文字訊息給 Bob。Alice sends the plaintext message to Bob over a nonsecure public channel. Alice 透過安全的私用通道傳雜湊送息給 Bob。She sends the hashed message to Bob over a secure private channel. Bob 收到純文字訊息,然後進行雜湊,並將該雜湊與私下交換的雜湊相比。Bob receives the plaintext message, hashes it, and compares the hash to the privately exchanged hash. 如果雜湊相符,Bob 就知道兩件事:If the hashes match, Bob knows two things:

    • 訊息未經更改。The message was not altered.

    • 寄件者的訊息 (Alice) 已經過驗證。The sender of the message (Alice) is authentic.

    若要讓此系統成功運作,Alice 必須對 Bob 除外的所有對象隱藏原始雜湊值。For this system to work, Alice must hide her original hash value from all parties except Bob.

  • Alice 透過非安全的公用通道傳送純文字訊息給 Bob,並將已雜湊的訊息放在可讓人公開檢視的網站上。Alice sends the plaintext message to Bob over a nonsecure public channel and places the hashed message on her publicly viewable Web site.

    此方法藉由防止任何人修改雜湊值來預防訊息遭到竄改。This method prevents message tampering by preventing anyone from modifying the hash value. 雖然任何人都可以讀取訊息和其雜湊,但是只有 Alice 可以變更雜湊值。Although the message and its hash can be read by anyone, the hash value can be changed only by Alice. 若攻擊者想要模擬 Alice,就需要存取她的網站。An attacker who wants to impersonate Alice would require access to Alice's Web site.

先前的方法中,沒有一項能防止他人讀取 Alice 的訊息,因為它們會以純文字傳送。None of the previous methods will prevent someone from reading Alice's messages, because they are transmitted in plaintext. 完整的安全性通常需有數位簽章和加密 (訊息簽章)。Full security typically requires digital signatures (message signing) and encryption.

.NET Framework 提供下列可執行雜湊演算法的類別:The .NET Framework provides the following classes that implement hashing algorithms:


1996 年中發現了 MD5 設計的缺陷,並已建議改用 SHA-1。MD5 design flaws were discovered in 1996, and SHA-1 was recommended instead. 在 2004 年又發現其他缺陷,因此不再將 MD5 演算法視為安全。In 2004, additional flaws were discovered, and the MD5 algorithm is no longer considered secure. SHA-1 演算法也被發現具有危險性,目前建議改用 SHA-2。The SHA-1 algorithm has also been found to be insecure, and SHA-2 is now recommended instead.

產生變數Random Number Generation

對許多密碼編譯作業而言,亂數產生是不可或缺的項目。Random number generation is integral to many cryptographic operations. 例如,密碼編譯金鑰需要盡可能為隨機產生,以致於其他人無法重現金鑰。For example, cryptographic keys need to be as random as possible so that it is infeasible to reproduce them. 密碼編譯亂數產生器需產生在運算資源上,無法預測的機率必須大於一半之輸出。Cryptographic random number generators must generate output that is computationally infeasible to predict with a probability that is better than one half. 因此,任何預測下一個輸出位元的方法,必須不能優於隨機猜測的方式。Therefore, any method of predicting the next output bit must not perform better than random guessing. .NET Framework 中的類別會使用亂數產生器來產生密碼編譯金鑰。The classes in the .NET Framework use random number generators to generate cryptographic keys.

RNGCryptoServiceProvider 類別是亂數產生器演算法的一種實作。The RNGCryptoServiceProvider class is an implementation of a random number generator algorithm.

ClickOnce 資訊清單ClickOnce Manifests

在 .NET Framework 3.5 中,下列的密碼編譯類別可讓您取得並驗證使用ClickOnce 技術部署之應用程式的資訊清單簽章資訊:In the .NET Framework 3.5, the following cryptography classes let you obtain and verify information about manifest signatures for applications that are deployed using ClickOnce technology:

此外,下列類別會提供特定的簽章資訊:In addition, the following classes provide specific signature information:

Suite B 支援Suite B Support

.NET Framework 3.5 支援國家安全機構(NSA)所發佈的 Suite B 組密碼編譯演算法。The .NET Framework 3.5 supports the Suite B set of cryptographic algorithms published by the National Security Agency (NSA). 如需 Suite B 的詳細資訊,請參閱 NSA Suite B 密碼編譯說明書For more information about Suite B, see the NSA Suite B Cryptography Fact Sheet.

下列演算法包含:The following algorithms are included:

  • 進階加密標準 (AES) 演算法,其加密金鑰大小為 128、192,以及 256 位元。Advanced Encryption Standard (AES) algorithm with key sizes of 128, 192, , and 256 bits for encryption.

  • 安全雜湊演算法 SHA-1、SHA-256、SHA-384,以及 SHA-512 雜湊。Secure Hash Algorithms SHA-1, SHA-256, SHA-384, and SHA-512 for hashing. (最後三個是通常為一群組,並稱為 SHA-2。)(The last three are generally grouped together and referred to as SHA-2.)

  • Elliptic Curve Digital Signature Algorithm (ECDSA),使用曲線為 256 位元、384 位元和 521 位元的第一個模組來簽署。Elliptic Curve Digital Signature Algorithm (ECDSA), using curves of 256-bit, 384-bit, and 521-bit prime moduli for signing. NSA 文件特別定義了這些曲線,並稱它們為 P-256、P-384 以及 P-521。The NSA documentation specifically defines these curves, and calls them P-256, P-384, and P-521. 這個演算法由 ECDsaCng 類別提供。This algorithm is provided by the ECDsaCng class. 它可讓您使用私密金鑰簽署,並以公開金鑰來驗證簽章。It enables you to sign with a private key and verify the signature with a public key.

  • 橢圓曲線 Diffie-Hellman (ECDH) 演算法,使用曲線為 256 位元、384 位元和 521 位元的第一個模組作為金鑰交換和密碼協議。Elliptic Curve Diffie-Hellman (ECDH) algorithm, using curves of 256-bit, 384-bit, and 521-bit prime moduli for the key exchange and secret agreement. 這個演算法由 ECDiffieHellmanCng 類別提供。This algorithm is provided by the ECDiffieHellmanCng class.

美國聯邦資訊處理標準 (FIPS) 認證的 Managed 程式碼包裝函式為 AES、SHA-256、SHA-384,與 SHA-512 實作,現在可見於新的 AesCryptoServiceProviderSHA256CryptoServiceProviderSHA384CryptoServiceProvider,以及 SHA512CryptoServiceProvider 類別中。Managed code wrappers for the Federal Information Processing Standard (FIPS) certified implementations of the AES, SHA-256, SHA-384, and SHA-512 implementations are available in the new AesCryptoServiceProvider, SHA256CryptoServiceProvider, SHA384CryptoServiceProvider, and SHA512CryptoServiceProvider classes.

新一代密碼編譯 (CNG) 類別Cryptography Next Generation (CNG) Classes

新一代密碼編譯 (CNG) 類別提供可在原生 CNG 函式周圍的 Managed 包裝函式。The Cryptography Next Generation (CNG) classes provide a managed wrapper around the native CNG functions. (CNG 取代了 CryptoAPI)。這些類別具有 "Cng" 作為其名稱的一部分。(CNG is the replacement for CryptoAPI.) These classes have "Cng" as part of their names. CNG 包裝函式類別的中心是 CngKey 金鑰容器類別,其會擷取儲存體和使用 CNG 金鑰。Central to the CNG wrapper classes is the CngKey key container class, which abstracts the storage and use of CNG keys. 這個類別可讓您安全地儲存金鑰組或公開金鑰,並使用簡單的字串名稱參考它。This class lets you store a key pair or a public key securely and refer to it by using a simple string name. 橢圓曲線基礎 ECDsaCng 簽章類別和 ECDiffieHellmanCng 加密類別可以使用 CngKey 物件。The elliptic curve-based ECDsaCng signature class and the ECDiffieHellmanCng encryption class can use CngKey objects.

CngKey 類別用於各種其他作業,包括開啟、建立、刪除及匯出金鑰。The CngKey class is used for a variety of additional operations, including opening, creating, deleting, and exporting keys. 它也提供存取基礎金鑰控制代碼,以便在直接呼叫原生函式時使用。It also provides access to the underlying key handle to use when calling native functions directly.

.NET Framework 3.5 也包括各種支援的 CNG 類別,如下所示:The .NET Framework 3.5 also includes a variety of supporting CNG classes, such as the following:

TitleTitle 描述Description
加密模型Cryptography Model 描述基底類別程式庫中如何實作密碼編譯。Describes how cryptography is implemented in the base class library.
逐步解說: 建立密碼編譯的應用程式Walkthrough: Creating a Cryptographic Application 示範基本的加密和解密工作。Demonstrates basic encryption and decryption tasks.
設定密碼編譯類別Configuring Cryptography Classes 描述如何將演算法名稱對應到密碼編譯類別,並將物件識別碼對應至密碼編譯演算法。Describes how to map algorithm names to cryptographic classes and map object identifiers to a cryptographic algorithm.