更新时间:2022-11-09 12:09:28
最简单的方法是使用图书馆作为斯坦福Javascript加密库,实施标准(在这种情况下为AES),在C#中使用相同的密码(通过 AesManaged
或 AesCryptoServiceProvider
)。
The simplest way is to use a library as the Stanford Javascript Crypto Library that implement a standard (AES in this case) and to use the same cipher in C# (via AesManaged
or AesCryptoServiceProvider
).
您将获得一个对称的密码,但是几乎不能有一个参数(关键)设置为两个库都可以工作。
You'll get a symmetrical cipher but there nearly no more than one parameter (the key) to set for both libs to work.
您也可以使用非对称(公钥)密码。一个攻击者得到它的JavaScript代码将能够发送精心设计的请求到您的服务器,但不能拦截其他请求。
You could also use an asymmetrical (Public-Key) cipher instead. An attacker getting it's hand on the javascript code would be able to send crafted requests to your server but won't be able to intercept other requests.
有一个实现 JavaScript中的RSA 和 RSACryptoServiceProvider
类提供支持in .Net
There is an implementation of RSA in javascript and the RSACryptoServiceProvider
class provide the support in .Net
完整示例在代码项目中可用,其中包含一个路径到JavaScript中的RSA,以支持填充(使用.Net实现时必需)
A full example is available in Code project including a path to the RSA in javascript lib to support padding (mandatory when using the .Net implementation)
这两个解决方案本身都容易受到重播(攻击者拦截字符串,并稍后(可能多次发送到服务器))
Both of theses solutions by themselves are vulnerable to replay (an attacker intercepting a string and sending it back later -- potentially multiple times -- to the server)