有些項目尤其是WinForm或者是WPF項目,針對一些工具形式的小項目,不想軟件流出去之后,懂程序的的拿到手之后一看配置文件就知道了我們數據庫的用戶名和密碼,如果外網能訪問的話,那就麻煩大了。所以這里為了防止項目外泄之后這些信息不被別人看到,我們就需要對鏈接字符串或者其他重要信息進行加密,用的時候在解密。
思路:使用兩個數對連接字符串進行加密,再用這兩個數進行解密。
<add key="ConfigString" value="4HsXBRNXTkeN0ZoKdEwFE501TKSqLZUyJ0Zf+C7s5+gPd1SbWBiuh4PG6jeFgcnCTFr0QFW8FN40m/S8xmQq+8srL8taMLO23z6GSmaQJoM="/>
直接上代碼:
1:定義一個初始化源數據的類。
public class ConfigInformation
{
private static ConfigInformation _configInformation;
public ConfigInformation Instance
{
get
{
if (_configInformation == null)
{
_configInformation = new ConfigInformation();
}
return _configInformation;
}
}
// 數據庫鏈接字符串加解密 Key Value
public static String Key = "27e167e9-2660-4bc1-bea0-c8781a9f01cb";
public static String Vector = "8280d587-f9bf-4127-bbfa-5e0b4b672958";
}
2:加解密方法:
/// <summary>
/// 加密 解密
/// </summary>
public class DecryptAndEncryptionHelper
{
private readonly SymmetricAlgorithm _symmetricAlgorithm;
private const String DefKey = "qazwsxedcrfvtgb!@#$%^&*(tgbrfvedcwsxqaz)(*&^%$#@!";
private String _key = "";
public String Key
{
get { return _key; }
set
{
if (!String.IsNullOrEmpty(value))
{
_key = value;
}
else
{
_key = DefKey;
}
}
}
private const String DefIV = "tgbrfvedcwsxqaz)(*&^%$#@!qazwsxedcrfvtgb!@#$%^&*(";
private String _iv = "";
public String IV
{
get { return _iv; }
set
{
if (!String.IsNullOrEmpty(value))
{
_iv = value;
}
else
{
_iv = DefIV;
}
}
}
public DecryptAndEncryptionHelper()
{
_symmetricAlgorithm = new RijndaelManaged();
}
public DecryptAndEncryptionHelper(String Key, String IV)
{
_symmetricAlgorithm = new RijndaelManaged();
_key = String.IsNullOrEmpty(Key) ? DefKey : Key;
_iv = String.IsNullOrEmpty(IV) ? DefIV : IV;
}
/// <summary>
/// Get Key
/// </summary>
/// <returns>密鑰</returns>
private byte[] GetLegalKey()
{
_symmetricAlgorithm.GenerateKey();
byte[] bytTemp = _symmetricAlgorithm.Key;
int KeyLength = bytTemp.Length;
if (_key.Length > KeyLength)
_key = _key.Substring(0, KeyLength);
else if (_key.Length < KeyLength)
_key = _key.PadRight(KeyLength, '#');
return ASCIIEncoding.ASCII.GetBytes(_key);
}
/// <summary>
/// Get IV
/// </summary>
private byte[] GetLegalIV()
{
_symmetricAlgorithm.GenerateIV();
byte[] bytTemp = _symmetricAlgorithm.IV;
int IVLength = bytTemp.Length;
if (_iv.Length > IVLength)
_iv = _iv.Substring(0, IVLength);
else if (_iv.Length < IVLength)
_iv = _iv.PadRight(IVLength, '#');
return ASCIIEncoding.ASCII.GetBytes(_iv);
}
/// <summary>
/// Encrypto 加密
/// </summary>
public string Encrypto(string Source)
{
byte[] bytIn = UTF8Encoding.UTF8.GetBytes(Source);
MemoryStream ms = new MemoryStream();
_symmetricAlgorithm.Key = GetLegalKey();
_symmetricAlgorithm.IV = GetLegalIV();
ICryptoTransform encrypto = _symmetricAlgorithm.CreateEncryptor();
CryptoStream cs = new CryptoStream(ms, encrypto, CryptoStreamMode.Write);
cs.Write(bytIn, 0, bytIn.Length);
cs.FlushFinalBlock();
ms.Close();
byte[] bytOut = ms.ToArray();
return Convert.ToBase64String(bytOut);
}
/// <summary>
/// Decrypto 解密
/// </summary>
public string Decrypto(string Source)
{
byte[] bytIn = Convert.FromBase64String(Source);
MemoryStream ms = new MemoryStream(bytIn, 0, bytIn.Length);
_symmetricAlgorithm.Key = GetLegalKey();
_symmetricAlgorithm.IV = GetLegalIV();
ICryptoTransform encrypto = _symmetricAlgorithm.CreateDecryptor();
CryptoStream cs = new CryptoStream(ms, encrypto, CryptoStreamMode.Read);
StreamReader sr = new StreamReader(cs);
return sr.ReadToEnd();
}
}
3:使用
// 獲取加密的鏈接字符串,然后解密 string enString = ConfigurationManager.AppSettings["ConfigString"]; DecryptAndEncryptionHelper helper = new DecryptAndEncryptionHelper(ConfigInformation.Key, ConfigInformation.Vector); // 明文 var configStr = helper.Decrypto(enString); return configStr;
這樣至少保證了數據的不外泄。
注意:這個加密和解密的算法方法,應該放在服務器。通過請求加解密方法。不應該放在本地代碼里,技術牛的的人,把你的項目反編譯一樣可以看到源代碼。
我們在把加密源數據找出來。
所以這個加解密代碼不能寫在本地,必須部署到安全的服務器上。