更新时间:2023-02-08 14:52:30
有一对夫妇的事情,我想看看:
There are a couple of things I'd look at:
请务必确保明文是在内容和编码是相同的。 IIRC,溪流默认为UTF-8,而如果你的 VarBinaryToBase64
函数取nvarchar的参数,这将是统一code。
Make absolutely sure that the plaintext is identical in content and encoding. IIRC, streams default to UTF-8 whereas if your VarBinaryToBase64
function take a nvarchar parameter, it will be Unicode.
确认这两个加密算法使用相同的块大小。在SQL中,您确定算法,当你调用 CREATE对称密钥
。如果没有指定一个算法,它采用AES256。在.NET中使用 RijndaelManaged的
,我相信默认块大小是128,但你可以将其设置为256(你不能,如果你使用爱依斯
类)。
Make sure both encryption algorithms use the same block size. In SQL, you determine the algorithm when you call CREATE SYMMETRIC KEY
. If you do not specify an algorithm, it uses AES256. In .NET using RijndaelManaged
, I believe the default block size is 128 but you can set it to 256 (you cannot if you use the Aes
class).
的最后一件事我会寻找是SQL Server如何处理初始化向量作为您在修订后提及。我想说的是,它使用了身份验证
参数对于这一点,但是这是一个疯狂的猜测。
The last thing I'd look for is how SQL Server deals with Initialization Vectors as you mentioned in your amended post. I want to say that it uses the authenticator
parameter for this, but that's a wild guess.
修改
我的路要走。鉴于我已经发现了,你不能使用.NET类来解密加密的SQL Server的内置加密文本,因为SQL Server添加了一堆粘粘什么被加密,包括随机初始化向量。从迈克尔·科尔的著作专业的T-SQL 2005程序员指南(虽然2008年这是否以同样的方式):
I was way off. Given what I have discovered, you cannot use a .NET class to decrypt text encrypted by SQL Server's built-in encryption because SQL Server adds a bunch of goo to what gets encrypted, including a random initialization vector. From Michael Cole's book "Pro T-SQL 2005 Programmer's Guide" (although 2008 does this the same way):
在SQL Server加密通过对称 键,它增加元数据到加密 结果,以及填充,使得 加密的结果大(有时 显著大于) 未加密的明文。对于格式 加密结果与元数据 遵循以下格式:
When SQL Server encrypts by symmetric key, it adds metadata to the encrypted result, as well as padding, making the encrypted result larger (sometimes significantly larger) than the unencrypted plain text. The format for the encrypted result with metadata follows this format: