AES 前後端加密互通

JavaScript, C#, AES, encrtyption, encrypt, 加密,

引言

因需求需在 Web App 前後端加解密加通。就是前端加密後端解密。後端加密前端解密。

開發平台

	前端	後端
程式語言	JavaScript/TypeScript	C#
執行平台	node.js/react 18	NET Framework 4.8
加密方法	AES CBC 256	AES CBC 256
加密套件	"crypto-js": "^4.2.0"	System.Security.Cryptography;

關鍵程式碼

前端

aesHelper.ts

import * as CryptoJS from 'crypto-js'

/**
 * AES 256 CBC 加密器
 * @param plaintext 明文
 * @param key 金鑰，需 64 個 HEX 數字
 * @param iv 初始向量，需 32 個 HEX 數字 
 * @returns
 */
export function encrypt(plaintext: string, key: string, iv: string) {
	const keyBytes = CryptoJS.enc.Hex.parse(key)
	const ivBytes = CryptoJS.enc.Hex.parse(iv)

	const encodeAdv = generateRandom32String() + plaintext;
	const plainBlob = CryptoJS.enc.Utf8.parse(encodeAdv)
	const cipherBlob = CryptoJS.AES.encrypt(plainBlob, keyBytes, { mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7, iv: ivBytes })
	const ciphertext = cipherBlob.toString()
	return ciphertext
}

/**
 * AES 256 CBC 解密器
 * @param ciphertext 密文
 * @param key 金鑰，需 64 個 HEX 數字
 * @param iv 初始向量，需 32 個 HEX 數字 
 * @returns
 */
export function decrypt(ciphertext: string, key: string, iv: string) {
	const keyBytes = CryptoJS.enc.Hex.parse(key)
	const ivBytes = CryptoJS.enc.Hex.parse(iv)

	const decryptedBlob = CryptoJS.AES.decrypt(ciphertext, keyBytes, { mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7, iv: ivBytes })
	const decryptedText = CryptoJS.enc.Utf8.stringify(decryptedBlob)
	const decodeAdv = decryptedText.slice(32)
	return decodeAdv
}

/**
 * 生成一個 32 字元長度的隨機字串
 * @returns
 */
function generateRandom32String() {
	const randomWords = CryptoJS.lib.WordArray.random(24);
	return randomWords.toString(CryptoJS.enc.Base64);
}

後端

AesHelper.cs

using System;
using System.Configuration;
using System.IO;
using System.Security.Cryptography;
using System.Text;

internal static class AesHelper
{
  /// <summary>
  /// AES 256 CBC 加密器
  /// </summary>
  /// <param name="plaintext">明文</param>
  /// <param name="key">HEX64數字</param>
  /// <param name="iv">HEX32數字</param>
  public static string Encrypt(string plaintext, string key = null, string iv = null)
  {
    byte[] keyBytes = HexStringToByteArray(key ?? ConfigurationManager.AppSettings["AES_KEY"]);
    byte[] ivBytes = HexStringToByteArray(iv ?? ConfigurationManager.AppSettings["AES_IV"]);

    var encodeAdv = GenerateRandom32String() + plaintext;
    byte[] plainBlob = Encoding.UTF8.GetBytes(encodeAdv);

    using (Aes aes = Aes.Create())
    {
      aes.Mode = CipherMode.CBC;
      aes.Padding = PaddingMode.PKCS7;
      aes.Key = keyBytes;
      aes.IV = ivBytes;

      using (ICryptoTransform encryptor = aes.CreateEncryptor(aes.Key, aes.IV))
      using (MemoryStream ms = new MemoryStream())
      using (CryptoStream cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write))
      {
        cs.Write(plainBlob, 0, plainBlob.Length);
        cs.FlushFinalBlock();
        return Convert.ToBase64String(ms.ToArray());
      }
    }
  }

  /// <summary>
  /// AES 256 CBC 加密器
  /// </summary>
  /// <param name="ciphertext">密文</param>
  /// <param name="key">HEX64數字</param>
  /// <param name="iv">HEX32數字</param>
  public static string Decrypt(string ciphertext, string key = null, string iv = null)
  {
    byte[] keyBytes = HexStringToByteArray(key ?? ConfigurationManager.AppSettings["AES_KEY"]);
    byte[] ivBytes = HexStringToByteArray(iv ?? ConfigurationManager.AppSettings["AES_IV"]);

    using (Aes aes = Aes.Create())
    {
      aes.Mode = CipherMode.CBC;
      aes.Padding = PaddingMode.PKCS7;
      aes.Key = keyBytes;
      aes.IV = ivBytes;

      byte[] cipherBytes = Convert.FromBase64String(ciphertext);
      using (ICryptoTransform decryptor = aes.CreateDecryptor(aes.Key, aes.IV))
      using (MemoryStream ms = new MemoryStream(cipherBytes))
      using (CryptoStream cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Read))
      using (StreamReader reader = new StreamReader(cs, Encoding.UTF8))
      {
          var decryptedText = reader.ReadToEnd();
          var decodeAdv = decryptedText.Substring(32);
          return decodeAdv;
      }
    }
  }

  private static byte[] HexStringToByteArray(string hex)
  {
    int numberChars = hex.Length;
    byte[] bytes = new byte[numberChars / 2];
    for (int i = 0; i < numberChars; i += 2)
      bytes[i / 2] = Convert.ToByte(hex.Substring(i, 2), 16);
    return bytes;
  }

  private static string GenerateRandom32String()
  {
    using (var rng = new RNGCryptoServiceProvider())
    {
      byte[] byteArray = new byte[24];
      rng.GetBytes(byteArray);
      var randomWords = Convert.ToBase64String(byteArray);
      return randomWords;
    }
  }
}

密碼格式

本例密碼選用 HEX 字串，所以 Key 長度 64；IV 長度 32。

(EOF)