# °²È«À©Õ¹ SecurityHelper ## ¸ÅÊö `SecurityHelper` ÊÇ NewLife.Core ÖеݲȫËã·¨¹¤¾ßÀ࣬Ìṩ³£ÓõĹþÏ£Ëã·¨¡¢¶Ô³Æ¼ÓÃÜ¡¢·Ç¶Ô³Æ¼ÓÃܵȹ¦ÄܵÄÀ©Õ¹·½·¨¡£Ö§³Ö MD5¡¢SHA ϵÁС¢CRC¡¢AES¡¢DES¡¢RSA µÈÖ÷Á÷¼ÓÃÜËã·¨¡£ **ÃüÃû¿Õ¼ä**£º`NewLife` **ÎĵµµØÖ·**£ºhttps://newlifex.com/core/security_helper ## ºËÐÄÌØÐÔ - **¹þÏ£Ëã·¨**£ºMD5¡¢SHA1¡¢SHA256¡¢SHA384¡¢SHA512¡¢CRC16¡¢CRC32¡¢Murmur128 - **¶Ô³Æ¼ÓÃÜ**£ºAES¡¢DES¡¢3DES¡¢RC4¡¢SM4 - **·Ç¶Ô³Æ¼ÓÃÜ**£ºRSA¡¢DSA - **¸ßÐÔÄÜ**£ºÊ¹ÓÃÏ߳̾²Ì¬±äÁ¿»º´æË㷨ʵÀý£¬±ÜÃâÖظ´´´½¨ - **Ò×ÓÃÐÔ**£ºËùÓÐËã·¨¶¼ÒÔÀ©Õ¹·½·¨ÐÎʽÌṩ ## ¿ìËÙ¿ªÊ¼ ```csharp using NewLife; // MD5 ¹þÏ£ var hash = "password".MD5(); // 32λʮÁù½øÖÆ×Ö·û´® var hash16 = "password".MD5_16(); // 16λʮÁù½øÖÆ×Ö·û´® // SHA256 ¹þÏ£ var sha = data.SHA256(); // ·µ»Ø×Ö½ÚÊý×é var shaHex = data.SHA256().ToHex(); // תΪʮÁù½øÖÆ×Ö·û´® // AES ¼ÓÃÜ var encrypted = data.Encrypt(Aes.Create(), key); var decrypted = encrypted.Decrypt(Aes.Create(), key); // CRC УÑé var crc32 = data.Crc(); var crc16 = data.Crc16(); ``` ## API ²Î¿¼ ### ¹þÏ£Ëã·¨ #### MD5 ```csharp public static Byte[] MD5(this Byte[] data) public static String MD5(this String data, Encoding? encoding = null) public static String MD5_16(this String data, Encoding? encoding = null) public static Byte[] MD5(this FileInfo file) ``` ¼ÆËã MD5 É¢ÁÐÖµ¡£ **ʾÀý**£º ```csharp // ×Ö·û´® MD5£¨32룩 "password".MD5() // "5F4DCC3B5AA765D61D8327DEB882CF99" // ×Ö·û´® MD5£¨16λ£¬È¡Öмä8×Ö½Ú£© "password".MD5_16() // "5AA765D61D8327DE" // ×Ö½ÚÊý×é MD5 var data = Encoding.UTF8.GetBytes("hello"); var hash = data.MD5(); // ·µ»Ø 16 ×Ö½ÚÊý×é // Îļþ MD5 var fileHash = "large-file.zip".AsFile().MD5().ToHex(); ``` #### SHA ϵÁÐ ```csharp public static Byte[] SHA1(this Byte[] data, Byte[]? key) public static Byte[] SHA256(this Byte[] data, Byte[]? key = null) public static Byte[] SHA384(this Byte[] data, Byte[]? key) public static Byte[] SHA512(this Byte[] data, Byte[]? key) ``` ¼ÆËã SHA ϵÁÐÉ¢ÁÐÖµ£¬¿ÉÑ¡ HMAC ÃÜÔ¿¡£ **ʾÀý**£º ```csharp var data = Encoding.UTF8.GetBytes("hello"); // ÆÕͨ¹þÏ£ var sha256 = data.SHA256(); // 32 ×Ö½Ú var sha512 = data.SHA512(null); // 64 ×Ö½Ú // HMAC ¹þÏ££¨´øÃÜÔ¿£© var key = Encoding.UTF8.GetBytes("secret"); var hmac256 = data.SHA256(key); var hmac512 = data.SHA512(key); ``` #### CRC УÑé ```csharp public static UInt32 Crc(this Byte[] data) public static UInt16 Crc16(this Byte[] data) ``` ¼ÆËã CRC УÑéÖµ¡£ **ʾÀý**£º ```csharp var data = new Byte[] { 1, 2, 3, 4, 5 }; var crc32 = data.Crc(); // UInt32 УÑéÖµ var crc16 = data.Crc16(); // UInt16 УÑéÖµ ``` #### Murmur128 ```csharp public static Byte[] Murmur128(this Byte[] data, UInt32 seed = 0) ``` ¼ÆËã Murmur128 ·Ç¼ÓÃܹþÏ££¬ÊÊÓÃÓÚ¹þÏ£±íµÈ³¡¾°£¬ËÙ¶È±È MD5 ¿ìºÜ¶à¡£ **ʾÀý**£º ```csharp var hash = data.Murmur128(); // ĬÈÏÖÖ×Ó var hashWithSeed = data.Murmur128(12345); // Ö¸¶¨ÖÖ×Ó ``` ### ¶Ô³Æ¼ÓÃÜ #### Encrypt / Decrypt ```csharp public static Byte[] Encrypt(this SymmetricAlgorithm sa, Byte[] data, Byte[]? pass = null, CipherMode mode = CipherMode.CBC, PaddingMode padding = PaddingMode.PKCS7) public static Byte[] Decrypt(this SymmetricAlgorithm sa, Byte[] data, Byte[]? pass = null, CipherMode mode = CipherMode.CBC, PaddingMode padding = PaddingMode.PKCS7) ``` ¶Ô³Æ¼ÓÃÜ/½âÃÜÊý¾Ý¡£ **²ÎÊý˵Ã÷**£º - `pass`£ºÃÜÂ루»á×Ô¶¯Ìî³äµ½ºÏÊʵÄÃÜÔ¿³¤¶È£© - `mode`£º¼ÓÃÜģʽ£¨CBC/ECB µÈ£©£¬.NET ĬÈÏ CBC£¬Java ĬÈÏ ECB - `padding`£ºÌî³äģʽ£¬Ä¬ÈÏ PKCS7£¨µÈͬ Java µÄ PKCS5£© **ʾÀý**£º ```csharp var data = Encoding.UTF8.GetBytes("Hello World!"); var key = Encoding.UTF8.GetBytes("my-secret-key-16"); // AES ¼ÓÃÜ£¨CBC ģʽ£© var encrypted = Aes.Create().Encrypt(data, key); // AES ½âÃÜ var decrypted = Aes.Create().Decrypt(encrypted, key); // ECB ģʽ£¨Óë Java ¼æÈÝ£© var encryptedEcb = Aes.Create().Encrypt(data, key, CipherMode.ECB); var decryptedEcb = Aes.Create().Decrypt(encryptedEcb, key, CipherMode.ECB); // DES ¼ÓÃÜ var desKey = Encoding.UTF8.GetBytes("12345678"); var desEncrypted = DES.Create().Encrypt(data, desKey); // 3DES ¼ÓÃÜ var tripleDesKey = Encoding.UTF8.GetBytes("123456789012345678901234"); var tripleDesEncrypted = TripleDES.Create().Encrypt(data, tripleDesKey); ``` #### Á÷ʽ¼ÓÃÜ ```csharp public static SymmetricAlgorithm Encrypt(this SymmetricAlgorithm sa, Stream instream, Stream outstream) public static SymmetricAlgorithm Decrypt(this SymmetricAlgorithm sa, Stream instream, Stream outstream) ``` ¶ÔÊý¾ÝÁ÷½øÐмÓÃÜ/½âÃÜ£¬Êʺϴ¦Àí´óÎļþ¡£ **ʾÀý**£º ```csharp using var input = File.OpenRead("large-file.bin"); using var output = File.Create("large-file.enc"); var aes = Aes.Create(); aes.Key = key; aes.IV = iv; aes.Encrypt(input, output); ``` #### Transform ```csharp public static Byte[] Transform(this ICryptoTransform transform, Byte[] data) ``` ʹÓà `ICryptoTransform` Ö±½Óת»»Êý¾Ý¡£ **ʾÀý**£º ```csharp var aes = Aes.Create(); aes.Key = key; aes.IV = iv; using var encryptor = aes.CreateEncryptor(); var encrypted = encryptor.Transform(data); using var decryptor = aes.CreateDecryptor(); var decrypted = decryptor.Transform(encrypted); ``` #### RC4 ```csharp public static Byte[] RC4(this Byte[] data, Byte[] pass) ``` RC4 Á÷ÃÜÂë¼ÓÃÜ¡£RC4 ¼ÓÃܺͽâÃÜʹÓÃÏàͬµÄ·½·¨¡£ **ʾÀý**£º ```csharp var data = Encoding.UTF8.GetBytes("Hello"); var key = Encoding.UTF8.GetBytes("secret"); // ¼ÓÃÜ var encrypted = data.RC4(key); // ½âÃÜ£¨Í¬ÑùµÄ·½·¨£© var decrypted = encrypted.RC4(key); ``` ## ÆäËû°²È«Àà ### RSAHelper RSA ·Ç¶Ô³Æ¼ÓÃܸ¨ÖúÀà¡£ ```csharp using NewLife.Security; // Éú³ÉÃÜÔ¿¶Ô var (publicKey, privateKey) = RSAHelper.GenerateKey(2048); // ¼ÓÃÜ var encrypted = RSAHelper.Encrypt(data, publicKey); // ½âÃÜ var decrypted = RSAHelper.Decrypt(encrypted, privateKey); // Ç©Ãû var signature = RSAHelper.Sign(data, privateKey, "SHA256"); // ÑéÇ© var isValid = RSAHelper.Verify(data, signature, publicKey, "SHA256"); ``` ### DSAHelper DSA Êý×ÖÇ©Ãû¸¨ÖúÀà¡£ ```csharp using NewLife.Security; // Ç©Ãû var signature = DSAHelper.Sign(data, privateKey); // ÑéÇ© var isValid = DSAHelper.Verify(data, signature, publicKey); ``` ### Rand Ëæ»úÊýÉú³ÉÆ÷¡£ ```csharp using NewLife.Security; // Éú³ÉËæ»ú×Ö½Ú var bytes = Rand.NextBytes(16); // Éú³ÉËæ»úÕûÊý var num = Rand.Next(1, 100); // Éú³ÉËæ»ú×Ö·û´® var str = Rand.NextString(16); // °üº¬Êý×ÖºÍ×Öĸ var strWithSpecial = Rand.NextString(16, true); // °üº¬ÌØÊâ×Ö·û ``` ## ʹÓó¡¾° ### 1. ÃÜÂë¹þÏ£´æ´¢ ```csharp public class PasswordHelper { public String HashPassword(String password, String salt) { // ʹÓà SHA256 + ÑÎÖµ var data = Encoding.UTF8.GetBytes(password + salt); return data.SHA256().ToHex(); } public Boolean VerifyPassword(String password, String salt, String hash) { return HashPassword(password, salt).EqualIgnoreCase(hash); } } ``` ### 2. API Ç©ÃûÑéÖ¤ ```csharp public class ApiSignature { public String Sign(String data, String secret) { var key = Encoding.UTF8.GetBytes(secret); var content = Encoding.UTF8.GetBytes(data); return content.SHA256(key).ToHex(); } public Boolean Verify(String data, String signature, String secret) { return Sign(data, secret).EqualIgnoreCase(signature); } } ``` ### 3. Êý¾Ý¼ÓÃÜ´«Êä ```csharp public class SecureTransport { private readonly Byte[] _key; public SecureTransport(String password) { // ʹÓÃÃÜÂëÅÉÉúÃÜÔ¿ _key = password.MD5().ToHex().GetBytes()[..16]; } public Byte[] Encrypt(Byte[] data) { return Aes.Create().Encrypt(data, _key); } public Byte[] Decrypt(Byte[] data) { return Aes.Create().Decrypt(data, _key); } } ``` ### 4. ÎļþÍêÕûÐÔУÑé ```csharp public class FileVerifier { public String ComputeHash(String filePath) { return filePath.AsFile().MD5().ToHex(); } public Boolean Verify(String filePath, String expectedHash) { var actualHash = ComputeHash(filePath); return actualHash.EqualIgnoreCase(expectedHash); } } ``` ## ×î¼Ñʵ¼ù ### 1. Ñ¡ÔñºÏÊʵÄËã·¨ ```csharp // ÃÜÂë¹þÏ££ºÊ¹Óà SHA256 »ò¸üÇ¿µÄËã·¨ var passwordHash = (password + salt).GetBytes().SHA256().ToHex(); // Êý¾ÝÍêÕûÐÔ£ºMD5 ×ã¹»¿ìËÙ var checksum = data.MD5().ToHex(); // ¸ßÐÔÄܹþÏ£±í£ºÊ¹Óà Murmur128 var hash = data.Murmur128(); ``` ### 2. ×¢Òâ¼ÓÃÜģʽ¼æÈÝÐÔ ```csharp // Óë Java ϵͳ½»»¥Ê±Ê¹Óà ECB ģʽ var encrypted = Aes.Create().Encrypt(data, key, CipherMode.ECB); // °²È«ÐÔÒªÇó¸ßʱʹÓà CBC ģʽ£¨Ä¬ÈÏ£© var encrypted = Aes.Create().Encrypt(data, key, CipherMode.CBC); ``` ### 3. ÃÜÔ¿¹ÜÀí ```csharp // ²»ÒªÓ²±àÂëÃÜÔ¿ var key = Environment.GetEnvironmentVariable("ENCRYPTION_KEY")?.ToHex(); // ʹÓð²È«µÄËæ»úÊýÉú³ÉÃÜÔ¿ var randomKey = Rand.NextBytes(32); ``` ## Ëã·¨¶Ô±È | Ëã·¨ | Êä³ö³¤¶È | ËÙ¶È | °²È«ÐÔ | ÓÃ; | |------|---------|------|--------|------| | MD5 | 16×Ö½Ú | ºÜ¿ì | µÍ | УÑéºÍ¡¢·Ç°²È«¹þÏ£ | | SHA1 | 20×Ö½Ú | ¿ì | ÖÐ | ¼æÈݾÉϵͳ | | SHA256 | 32×Ö½Ú | ÖÐ | ¸ß | ͨÓð²È«¹þÏ£ | | SHA512 | 64×Ö½Ú | ½ÏÂý | ºÜ¸ß | ¸ß°²È«ÒªÇó | | CRC32 | 4×Ö½Ú | ¼«¿ì | ÎÞ | Êý¾ÝУÑé | | Murmur128 | 16×Ö½Ú | ¼«¿ì | ÎÞ | ¹þÏ£±í | ## Ïà¹ØÁ´½Ó - [ÀàÐÍת»» Utility](/NewLife/X/Blob/dev/Doc/utility-ÀàÐÍת»»Utility.md) - [Êý¾ÝÀ©Õ¹ IOHelper](/NewLife/X/Blob/dev/Doc/io_helper-Êý¾ÝÀ©Õ¹IOHelper.md) - [WebͨÓÃÁîÅÆ JwtBuilder](/NewLife/X/Blob/dev/Doc/jwt-WebͨÓÃÁîÅÆJwtBuilder.md) - [·Ö²¼Ê½Êý×ÖÇ©ÃûÁîÅÆ TokenProvider](/NewLife/X/Blob/dev/Doc/token_provider-·Ö²¼Ê½Êý×ÖÇ©ÃûÁîÅÆTokenProvider.md)