C# .NET 和 Javascript 中的简单字符串加密
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/746347/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Simple string encryption in .NET and Javascript
提问by Jonathan
I'm developing an ASP.NET MVC application in which I want to encrypt a short string on the server, using C#, and send it to the client-side.
我正在开发一个 ASP.NET MVC 应用程序,我想在其中使用 C# 在服务器上加密一个短字符串,并将其发送到客户端。
Then on the client-side it will be decrypted through Javascript code.
然后在客户端,它将通过 Javascript 代码解密。
Any thoughts on how to implement this?
关于如何实现这一点的任何想法?
Do you know of a simple encryption algorithm (doesn't have to be bullet-proof secure) that can be easily translated from C# to Javascript or vice-versa?
您是否知道可以轻松地从 C# 转换为 Javascript 或反之亦然的简单加密算法(不必是防弹安全的)?
NOTE: I could do this entirely in C# and do the decryption through Ajax, but I'd prefer not to do it this way, as I want to reduce website traffic as much as possible.
注意:我可以完全在 C# 中完成此操作并通过 Ajax 进行解密,但我不想这样做,因为我想尽可能减少网站流量。
采纳答案by Sam Saffron
The System.Security.Cryptographyhas a bunch of symetric (and asymetric) encrytion algorithms ready to use. (For something super secure use aes)
该System.Security.Cryptography具有准备使用一堆对称的(和不对称的)encrytion算法。(对于超级安全的使用aes)
You should be able to find matching Javascript implementation for most (here are a few aes implementations in JS)
您应该能够找到大多数匹配的 Javascript 实现(这里有一些 JS 中的 aes 实现)
Note: If you are planning to use private key based encryption then keep in mind, your web page is going to have the key embedded in it and that means that it all becomes kind of pointless cause anyone with access to the page can do the decryption, at best you would be making the life of the screen scrapers a little bit harder. If making screen scrapers life harder is your goal you could just use an obsfucation algorithm. Any trivial implementation would make very impractical for screen scrapers that do not have a javascript engine:
注意:如果您打算使用基于私钥的加密,那么请记住,您的网页将嵌入密钥,这意味着这一切都变得毫无意义,因为任何有权访问该页面的人都可以进行解密,充其量你会让屏幕刮刀的生活变得更难一点。如果您的目标是让屏幕抓取器的生活更难,那么您可以使用混淆算法。对于没有 javascript 引擎的屏幕抓取工具,任何微不足道的实现都会变得非常不切实际:
Eg.
例如。
function samObsfucated()
{
return("s" + "a" + "m" + "@" + "s" + "." + "com");
}
Then onload populate your email fields with the output of these functions.
然后使用这些函数的输出 onload 填充您的电子邮件字段。
Javascript encryption has a really good use case for software that stores passwords for users ala clipperz
Javascript 加密对于为用户 ala clipperz存储密码的软件有一个非常好的用例
回答by JoshBerke
Can you use HTTPS to encrypt all traffic between the client and server? This is probally the most secure method that you will find.
您可以使用 HTTPS 来加密客户端和服务器之间的所有流量吗?这可能是您会发现的最安全的方法。
回答by Bevan
In terms of the simplest thing that could possibly work, it seems that you want a simple form of obfuscation, rather than anything really secure.
就可能工作的最简单的事情而言,您似乎想要一种简单的混淆形式,而不是任何真正安全的东西。
Rot-13might be enough, provided that you're dealing with an audience with ASCII email addresses. If you need to support Unicode, then you might need something slightly more sophisticated.
Rot-13可能就足够了,前提是您要与使用 ASCII 电子邮件地址的受众打交道。如果您需要支持 Unicode,那么您可能需要更复杂的东西。
回答by CMS
What about a simple XOR Cipher?
一个简单的异或密码怎么样?
These two implementations are fully compatible:
这两种实现完全兼容:
回答by John Rasch
It sounds like you want an obfuscation or encoding, not encryption. Base64 encodingshould work well here. The result will look nothing like an email address, and the encoding process is fast.
听起来您想要混淆或编码,而不是加密。Base64 编码在这里应该可以很好地工作。结果看起来与电子邮件地址完全不同,并且编码过程很快。
In C#, you can use:
在 C# 中,您可以使用:
string emailAddress = "[email protected]";
string encoded = Convert.ToBase64String(Encoding.UTF8.GetBytes(emailAddress));
And you can use this JavaScript function to decode it:
你可以使用这个 JavaScript 函数来解码它:
function Base64Decode(encoded) {
var keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
var output = "";
var chr1, chr2, chr3;
var enc1, enc2, enc3, enc4;
var i = 0;
do {
enc1 = keyStr.indexOf(encoded.charAt(i++));
enc2 = keyStr.indexOf(encoded.charAt(i++));
enc3 = keyStr.indexOf(encoded.charAt(i++));
enc4 = keyStr.indexOf(encoded.charAt(i++));
chr1 = (enc1 << 2) | (enc2 >> 4);
chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
chr3 = ((enc3 & 3) << 6) | enc4;
output = output + String.fromCharCode(chr1);
if (enc3 != 64) {
output = output + String.fromCharCode(chr2);
}
if (enc4 != 64) {
output = output + String.fromCharCode(chr3);
}
} while (i < encoded.length);
return output;
}
The C# application encodes the string [email protected]into YWJjQGV4YW1wbGUuY29t, and the JavaScript version will decode YWJjQGV4YW1wbGUuY29tback into [email protected].
C#应用程序编码串[email protected]入YWJjQGV4YW1wbGUuY29t,以及JavaScript版本将解码YWJjQGV4YW1wbGUuY29t回[email protected]。
回答by Omi
Very Simple Functions,
非常简单的功能,
function?Encrypt(value)?
{
var result="";
??for(i=0;i<value.length;i++)
??{
if(i<value.length-1)
{
result+=value.charCodeAt(i)+10;
result+="-";
}
else
{
result+=value.charCodeAt(i)+10;
}
??}
??return?result;
}
function?Decrypt(value)
{
var result="";
var array = value.split("-");
??for(i=0;i<array.length;i++)
??{
????result+=String.fromCharCode(array[i]-10);
??}
??return?result;
}
