The data to be decrypted exceeds the maximum for this modulus of 36 bytes

前端未结

关注

 2  957

时光说笑 2021-01-22 18:51

I\'m trying to make a password safe, but theres something wrong with how I use RSA. Heres my codes:

    private void testencodedecode()
    {
        string mehd


      
      
        
          2条回答        

        
                    
            
            
                         
                
              
              
                
                   感情败类
                                             
                
                
                (楼主)
            
              
              
                2021-01-22 19:30
              

            
            
                        
There are some major issues with the method here. The first, as you mentioned in a comment on another answer is that you're using a Guid to construct the RSA modulus, which is entirely invalid. You cannot use random data to construct the public key directly for a number of reasons:


The modulus must conform to a specific structure, i.e. it is the product of two large prime numbers, whereas your Guid in binary form generally will not be.
In order to decrypt the RSA-encrypted data, you must know the two primes used to generate the modulus. Even if your random modulus was magically the product of two large primes you wouldn't be able to determine them, since this would require factoring the modulus, which is an intentionally difficult thing to do (indeed, the difficulty is the entire basis of RSA's security).


You should be generating the RSA key using the RsaCryptoServiceProvider constructor e.g.:

// Construct the RsaCryptoServiceProvider, and create a new 2048bit key
var csp = new RsaCryptoServiceProvider(2048);


The parameters for this newly generated key can then be exported:

// Export the RSA parameters, including the private parameters
var parameters = csp.ExportParameters(true);


The parameters can then be stored (securely) and used to re-initialize the CSP for decryption later.

There are also other obvious problems, such as the fact that the amount of data you can actually encrypt with RSA is limited by the key size, so with a 2048 bit key as created above, you can encrypt 2048 / 8 - 11 = 245 bytes (where the 11 bytes is a result of the PKCS#1 v1.5 padding that is applied). If you want to encrypt more than this, the general method is to use a symmetric cipher (e.g. AES) to encrypt the data, and then use RSA only to encrypt the AES key.

Finally, whilst this may work, I still wouldn't rely on it for security as there are almost always issues with roll-your-own encryption schemes.
    
             
                                                        
            
            
              
                
                0
              
                   
                
               讨论(0)
              
                                                  
              
              
                          
             
       
          
              
                                       
     查看其它2个回答


            
                         
                    


               
            
    发布评论:
    
         
                        
    
    提交评论 
  
  

                    
                    
                    
                        
                        
                         加载中...
                        
                    
                
          
                              			
        
        
        
          
            
            
              
              
            
    


                                 
              
            
                          
    

        
         
                验证码
                
                  
                
                
                   看不清?
                
              
                                  
                    
   
                 
             
              提交回复