您的位置: 首页  >  技术问答  >  如何使用hmac-sha256加密和解密字符串?

如何使用hmac-sha256加密和解密字符串?

分类: 技术问答 2022-06-05 17:57:44
问题描述:

我一直在我的控制台客户端使用HMAC-SHA256加密Userdata(用户名和密码)。当我将加密生成的令牌传递给服务器端时,它必须解密令牌才能验证。



出于测试目的,我在控制台应用程序中尝试加密以及在同一类中进行解密。可以帮助我如何解密加密方法生成的令牌?



I have been using HMAC-SHA256 to encrypt Userdata(username and password),in my console client.When i pass the token generated from encryption to the serverside it must decrypt the token to validate.

For test purpose i am trying encryption as well as decryption in same class in console application.Can someone Help me out how to decrypt the token generated by encrypt method?

    Console.WriteLine("Enter Username:");
    string username = Console.ReadLine();
    Console.WriteLine("Enter Password:");
    string password = Console.ReadLine();
    string data = string.Join(",", username, password);
    string hmactoken = HMACSHA256Class.Encrypt(username, password,data);

public class HMACSHA256Class
{
    static string hashLeft = "";
    static string hashRight = "";
    public static string Encrypt(string uname,string password,string data)
    {
        using (HMAC hmac = HMACSHA256.Create(_alg))
        {
            hmac.Key = Encoding.UTF8.GetBytes(GetHashedPassword(password));
            hmac.ComputeHash(Encoding.UTF8.GetBytes(data));

            hashLeft = Convert.ToBase64String(hmac.Hash);
            hashRight = uname;
            string hash = string.Join(",", hashLeft, hashRight);
            return Convert.ToBase64String(Encoding.UTF8.GetBytes(hash));

        }
    }
}
public static string GetHashedPassword(string password)
{
    string key = string.Join(",", new string[] { password, _salt });

    using (HMAC hmac = HMACSHA256.Create(_alg))
    {
        // Hash the key.
        hmac.Key = Encoding.UTF8.GetBytes(_salt);
        hmac.ComputeHash(Encoding.UTF8.GetBytes(key));

        return Convert.ToBase64String(hmac.Hash);
    }
}





如果有人能解决这个问题,对我来说将是一个很大的帮助



我尝试了什么:



我试过以下代码,我已经走了一半来解密令牌。



It will be a great help for me if anyone can resolve this

What I have tried:

I tried the building following code,I have went half way to decrypt the token.

public static string Decrypt(string token)
            {
                string hash = Encoding.UTF8.GetString(Convert.FromBase64String(token));
                string[] parts = hash.Split(new char[] { ',' });
                string a = "null";
                if (parts.Length == 2)
                {
                    string hashLeft = parts[1];
                    string hashRight = parts[0];
                    GetPassword(hashRight);
   
                }
                return a;
            }
        }

 public static string GetPassword(string hashedpwd)
        {
            byte[] b = Encoding.UTF8.GetBytes(hashedpwd);
            string key = Convert.ToBase64String(b);

            return "sa";//just to avoid errror
        }

你可以T。 SHA不是加密算法 - 它是一种散列算法。区别在于加密可以反转,而散列则不能。



你是正确的使用哈希 - 但你不试图解密它 - 存储散列值并将新散列的用户输入与存储的散列值进行比较。



请参见:密码存储:怎么做。 [ ^ ]
You can't. SHA is not an encryption algorithm - it's a hashing algorithm. The difference is that encryption can be reversed, and hashing can't.

You are right to use hashing though - but you don't try to "decrypt" it - you store the hashed value and compare the freshly-hashed user input to that stored hash value.

See here: Password Storage: How to do it.[^]


相关推荐