大文件的AES加密

Question

大文件的AES加密

21

我需要加密和解密大文件（~1GB）。我尝试使用这个例子：http://www.codeproject.com/Articles/769741/Csharp-AES-bits-Encryption-Library-with-Salt。但我的问题是，由于文件非常大，我遇到了OutOfMemory异常。因此，我需要用文件流替换内存流，但我不确定如何操作...

(附上我的代码：)

private static void AES_Encrypt(string srcFile, string encryptedFile,  byte[] passwordBytes)
    {


        // Set your salt here, change it to meet your flavor:
        // The salt bytes must be at least 8 bytes.
        byte[] saltBytes = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8};

        FileStream fsInput = new FileStream(srcFile,
            FileMode.Open,
            FileAccess.Read);

        FileStream fsEncrypted = new FileStream(encryptedFile,
                        FileMode.Create,
                        FileAccess.Write);

        using (RijndaelManaged AES = new RijndaelManaged())
        {
            AES.KeySize = 256;
            AES.BlockSize = 128;

            var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000);
            AES.Key = key.GetBytes(AES.KeySize / 8);
            AES.IV = key.GetBytes(AES.BlockSize / 8);

            AES.Mode = CipherMode.CBC;

            using (var cs = new CryptoStream(fsEncrypted, AES.CreateEncryptor(), CryptoStreamMode.Write))
            {
                byte[] bytearrayinput = new byte[fsInput.Length - 1];
                fsInput.Read(bytearrayinput, 0, bytearrayinput.Length);
                cs.Write(bytearrayinput, 0, bytearrayinput.Length);
                cs.Close();
                fsInput.Flush();
                fsInput.Close();
                fsEncrypted.Close();
            }

        }


    }

    public static void AES_Decrypt(string encryptedFile, string decryptedFile, byte[] passwordBytes)
    {
        byte[] decryptedBytes = null;

        // Set your salt here, change it to meet your flavor:
        // The salt bytes must be at least 8 bytes.
        byte[] saltBytes = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8};

        FileStream fsread = new FileStream(encryptedFile,
                               FileMode.Open,
                               FileAccess.Read);

        using (RijndaelManaged AES = new RijndaelManaged())
        {
            AES.KeySize = 256;
            AES.BlockSize = 128;

            var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000);
            AES.Key = key.GetBytes(AES.KeySize / 8);
            AES.IV = key.GetBytes(AES.BlockSize / 8);

            AES.Mode = CipherMode.CBC;

            FileStream fsDecrypted = new FileStream(decryptedFile,
                        FileMode.Create,
                        FileAccess.Write);

            using (var cs = new CryptoStream(fsDecrypted, AES.CreateDecryptor(), CryptoStreamMode.Write))
            {
                byte[] bytearrayinput = new byte[fsread.Length - 1];
                fsread.Read(bytearrayinput, 0, bytearrayinput.Length);
                cs.Write(bytearrayinput, 0, bytearrayinput.Length);
                cs.Close();
                fsread.Close();
                fsDecrypted.Close();
            }

        }
    }

- Sharas

我已经编辑了你的标题。请参考“问题的标题应该包含“标签”吗？”，在那里达成共识是“不应该”。 - John Saunders

不要从密钥中提取IV。这会破坏AES！ - mafu

4个回答

10

因此，我创建了一个相当快速且低内存消耗的版本：
我使用了一个“临时缓冲区”，还“使用随机盐并将其与密文一起存储” 。
加密方法：

private void AES_Encrypt(string inputFile, string password)
    {
        //https://dev59.com/_V4c5IYBdhLWcg3wsb_I

        //generate random salt
        byte[] salt = GenerateRandomSalt();

        //create output file name
        FileStream fsCrypt = new FileStream(inputFile + ".aes", FileMode.Create);

        //convert password string to byte arrray
        byte[] passwordBytes = System.Text.Encoding.UTF8.GetBytes(password);

        //Set Rijndael symmetric encryption algorithm
        RijndaelManaged AES = new RijndaelManaged();
        AES.KeySize = 256;
        AES.BlockSize = 128;
        AES.Padding = PaddingMode.PKCS7;

        //https://dev59.com/vHE85IYBdhLWcg3wr1ke
        //"What it does is repeatedly hash the user password along with the salt." High iteration counts.
        var key = new Rfc2898DeriveBytes(passwordBytes, salt, 50000);
        AES.Key = key.GetBytes(AES.KeySize / 8);
        AES.IV = key.GetBytes(AES.BlockSize / 8);

        //Cipher modes: http://security.stackexchange.com/questions/52665/which-is-the-best-cipher-mode-and-padding-mode-for-aes-encryption
        AES.Mode = CipherMode.CFB;

        //write salt to the begining of the output file, so in this case can be random every time
        fsCrypt.Write(salt, 0, salt.Length);

        CryptoStream cs = new CryptoStream(fsCrypt, AES.CreateEncryptor(), CryptoStreamMode.Write);

        FileStream fsIn = new FileStream(inputFile, FileMode.Open);

        //create a buffer (1mb) so only this amount will allocate in the memory and not the whole file
        byte[] buffer = new byte[1048576];
        int read;

        try
        {
            while ((read = fsIn.Read(buffer, 0, buffer.Length)) > 0)
            {
                Application.DoEvents(); // -> for responsive GUI, using Task will be better!
                cs.Write(buffer, 0, read);
            }

            //close up
            fsIn.Close();

        }
        catch (Exception ex)
        {
            Debug.WriteLine("Error: " + ex.Message);
        }
        finally
        {
            cs.Close();
            fsCrypt.Close();
        }
    }

解密：

private void AES_Decrypt(string inputFile, string password)
    {
        //todo:
        // - create error message on wrong password
        // - on cancel: close and delete file
        // - on wrong password: close and delete file!
        // - create a better filen name
        // - could be check md5 hash on the files but it make this slow

        byte[] passwordBytes = System.Text.Encoding.UTF8.GetBytes(password);
        byte[] salt = new byte[32];

        FileStream fsCrypt = new FileStream(inputFile, FileMode.Open);
        fsCrypt.Read(salt, 0, salt.Length);

        RijndaelManaged AES = new RijndaelManaged();
        AES.KeySize = 256;
        AES.BlockSize = 128;
        var key = new Rfc2898DeriveBytes(passwordBytes, salt, 50000);
        AES.Key = key.GetBytes(AES.KeySize / 8);
        AES.IV = key.GetBytes(AES.BlockSize / 8);
        AES.Padding = PaddingMode.PKCS7;
        AES.Mode = CipherMode.CFB;

        CryptoStream cs = new CryptoStream(fsCrypt, AES.CreateDecryptor(), CryptoStreamMode.Read);

        FileStream fsOut = new FileStream(inputFile + ".decrypted", FileMode.Create);

        int read;
        byte[] buffer = new byte[1048576];

        try
        {
            while ((read = cs.Read(buffer, 0, buffer.Length)) > 0)
            {
                Application.DoEvents();
                fsOut.Write(buffer, 0, read);
            }
        }
        catch (System.Security.Cryptography.CryptographicException ex_CryptographicException)
        {
            Debug.WriteLine("CryptographicException error: " + ex_CryptographicException.Message);
        }
        catch (Exception ex)
        {
            Debug.WriteLine("Error: " + ex.Message);
        }

        try
        {
            cs.Close();
        }
        catch (Exception ex)
        {
            Debug.WriteLine("Error by closing CryptoStream: " + ex.Message);
        }
        finally
        {
            fsOut.Close();
            fsCrypt.Close();
        }
    }

生成随机盐：

        public static byte[] GenerateRandomSalt()
    {
        //Source: http://www.dotnetperls.com/rngcryptoserviceprovider
        byte[] data = new byte[32];

        using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
        {
            // Ten iterations.
            for (int i = 0; i < 10; i++)
            {
                // Fill buffer.
                rng.GetBytes(data);
            }
        }
        return data;
    }

- Joe

3

为什么要进行十次迭代？你不信任 RNGCryptoServiceProvider 吗？ - hdev

嗯，好问题。当我添加这段代码到程序中时，我并不完全信任它，但我认为它可能会提供一点额外的安全性，并且成本很小，只需要一点CPU时间和内存。 - Joe

@Joe 我该如何避免解密方法末尾出现 NULL NULL NULL。 - Pablo Gonzalez

@PabloGonzalez，你找到如何删除解密文件末尾的null null null了吗？我也遇到了同样的问题，有人知道是什么原因吗？谢谢。 - Robin Leblond

@RobinLeblond，我认为这些空值是由加密过程中插入的填充引起的。 - Xiver

不要从密钥中获取IV。这会破坏AES加密。而且不要把那些随机数生成迭代的废话带进来... - mafu

4

如果您正在从文件中读取和写入文件，只需将内存流替换为IOStream或FileStream。

您需要稍微重构程序，使其不要期望/返回字节数组。

- DrKoch

嗨@DrKoch，感谢您的回答。我尝试了您的建议，但现在在解密时出现“要解密的数据长度无效”的异常。我编辑了我的问题并添加了我的加密和解密代码。您有什么想法我做错了什么吗？谢谢！ - Sharas

好的，你不应该使用字节数组（长度为完整文件）而是要“流式传输”数据。这就是流的作用。 - DrKoch

1

对于仍在研究此事并且不想将输出写入文件而是写入流的任何人，关键是确保调用cryptoStream.FlushFinalBlock(); 否则解密将会漏掉最后几个字符。

    public MemoryStream FileEncrypt(string inputFilePath, byte[] passwordBytes)
    {
        var saltBytes = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };

        var memoryStream = new MemoryStream();
        var aes = new RijndaelManaged {KeySize = 256, BlockSize = 128};

        var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000);
        aes.Key = key.GetBytes(aes.KeySize / 8);
        aes.IV = key.GetBytes(aes.BlockSize / 8);
        aes.Padding = PaddingMode.Zeros;
        aes.Mode = CipherMode.CBC;

        var cryptoStream = new CryptoStream(memoryStream,  aes.CreateEncryptor(),  CryptoStreamMode.Write);
        var fileStream = new FileStream(inputFilePath, FileMode.Open);

        int data;
        while ((data = fileStream.ReadByte()) != -1)
            cryptoStream.WriteByte((byte)data);

        cryptoStream.FlushFinalBlock();

        return memoryStream;
    }

    public MemoryStream FileDecrypt(Stream encryptedFileStream, byte[] passwordBytes)
    {
        var saltBytes = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };

        var AES = new RijndaelManaged {KeySize = 256, BlockSize = 128};
        var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000);
        AES.Key = key.GetBytes(AES.KeySize / 8);
        AES.IV = key.GetBytes(AES.BlockSize / 8);
        AES.Padding = PaddingMode.Zeros;
        AES.Mode = CipherMode.CBC;

        var cryptoStream = new CryptoStream(encryptedFileStream, AES.CreateDecryptor(), CryptoStreamMode.Read);
        var memoryStream = new MemoryStream();

        int data;
        while ((data = cryptoStream.ReadByte()) != -1)
            memoryStream.WriteByte((byte)data);

        return memoryStream;
    }

- Ricky Gummadi

IV必须是随机的，从密钥中获取是非法的。 - mafu

这只是一个例子，在这种情况下，第三方发送的文件已经在文件本身中编码了IV和密钥。是的，IV应该是随机的。 - Ricky Gummadi

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- Sharas · Accepted Answer

最终，这是对我有效的代码：

 private static void AES_Encrypt(string inputFile, string outputFile, byte[] passwordBytes)
 {
        byte[] saltBytes = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8};
        string cryptFile = outputFile;
        FileStream fsCrypt = new FileStream(cryptFile, FileMode.Create);

        RijndaelManaged AES = new RijndaelManaged();

        AES.KeySize = 256;
        AES.BlockSize = 128;


        var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000);
        AES.Key = key.GetBytes(AES.KeySize / 8);
        AES.IV = key.GetBytes(AES.BlockSize / 8);
        AES.Padding = PaddingMode.Zeros;

        AES.Mode = CipherMode.CBC;

        CryptoStream cs = new CryptoStream(fsCrypt,
             AES.CreateEncryptor(),
            CryptoStreamMode.Write);

        FileStream fsIn = new FileStream(inputFile, FileMode.Open);

        int data;
        while ((data = fsIn.ReadByte()) != -1)
            cs.WriteByte((byte)data);


        fsIn.Close();
        cs.Close();
        fsCrypt.Close();

    }

    private static void AES_Decrypt(string inputFile, string outputFile, byte[] passwordBytes)
    {



        byte[] saltBytes = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8};
        FileStream fsCrypt = new FileStream(inputFile, FileMode.Open);

        RijndaelManaged AES = new RijndaelManaged();

        AES.KeySize = 256;
        AES.BlockSize = 128;


        var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000);
        AES.Key = key.GetBytes(AES.KeySize / 8);
        AES.IV = key.GetBytes(AES.BlockSize / 8);
        AES.Padding = PaddingMode.Zeros;

        AES.Mode = CipherMode.CBC;

        CryptoStream cs = new CryptoStream(fsCrypt,
            AES.CreateDecryptor(),
            CryptoStreamMode.Read);

        FileStream fsOut = new FileStream(outputFile, FileMode.Create);

        int data;
        while ((data = cs.ReadByte()) != -1)
            fsOut.WriteByte((byte)data);

        fsOut.Close();
        cs.Close();
        fsCrypt.Close();

    }
}