CryptographicEngine.EncryptAndAuthenticate 方法

定义

执行经过身份验证的加密。

public:
 static EncryptedAndAuthenticatedData ^ EncryptAndAuthenticate(CryptographicKey ^ key, IBuffer ^ data, IBuffer ^ nonce, IBuffer ^ authenticatedData);
 static EncryptedAndAuthenticatedData EncryptAndAuthenticate(CryptographicKey const& key, IBuffer const& data, IBuffer const& nonce, IBuffer const& authenticatedData);
public static EncryptedAndAuthenticatedData EncryptAndAuthenticate(CryptographicKey key, IBuffer data, IBuffer nonce, IBuffer authenticatedData);
function encryptAndAuthenticate(key, data, nonce, authenticatedData)
Public Shared Function EncryptAndAuthenticate (key As CryptographicKey, data As IBuffer, nonce As IBuffer, authenticatedData As IBuffer) As EncryptedAndAuthenticatedData

参数

key
CryptographicKey

用于加密的对称密钥。

data
IBuffer

要加密和身份验证的数据。

nonce
IBuffer

要使用的 Nonce。 nonce 是重复的可能性最小的变量。 例如,可以使用每次使用时新生成的随机值、时间戳、序列号或这些组合。 Microsoft GCM 实现需要 12 字节的 nonce。 CCM 实现需要 7 到 13 字节的 nonce。

authenticatedData
IBuffer

经过身份验证的数据。 这可以为 Null

返回

加密和经过身份验证的数据。如果方法失败,身份验证将失败;如果方法成功,则身份验证也成功。

示例

public void AuthenticatedDecryption(
    String strAlgName,
    CryptographicKey key,
    EncryptedAndAuthenticatedData objEncrypted,
    BinaryStringEncoding encoding,
    IBuffer buffNonce)
{
    // Declare a buffer to contain the decrypted data.
    IBuffer buffDecrypted;

    // Open a SymmetricKeyAlgorithmProvider object for the specified algorithm.
    SymmetricKeyAlgorithmProvider objAlgProv = SymmetricKeyAlgorithmProvider.OpenAlgorithm(strAlgName);

    // The input key must be securely shared between the sender of the encrypted message
    // and the recipient. The nonce must also be shared but does not need to be shared
    // in a secure manner. If the sender encodes the message string to a buffer, the
    // binary encoding method must also be shared with the recipient.
    // The recipient uses the DecryptAndAuthenticate() method as follows to decrypt the 
    // message, authenticate it, and verify that it has not been altered in transit.
    buffDecrypted = CryptographicEngine.DecryptAndAuthenticate(
        key,
        objEncrypted.EncryptedData,
        buffNonce,
        objEncrypted.AuthenticationTag,
        null);

    // Convert the decrypted buffer to a string (for display). If the sender created the
    // original message buffer from a string, the sender must tell the recipient what 
    // BinaryStringEncoding value was used. Here, BinaryStringEncoding.Utf8 is used to
    // convert the message to a buffer before encryption and to convert the decrypted
    // buffer back to the original plaintext.
    String strDecrypted = CryptographicBuffer.ConvertBinaryToString(encoding, buffDecrypted);

}

注解

经过身份验证的加密在一个操作中加密和验证内容。 身份验证器(也称为标记)在加密期间使用,并且进程的输出包含标记密码文本对。 有关详细信息,请参阅 AuthenticationTagEncryptedData 属性。 解密过程针对 标记验证密码文本。

SymmetricKeyAlgorithmProvider 类上调用 OpenAlgorithm 方法并指定要打开的算法的名称后,可以使用经过身份验证的加密算法。 经过身份验证的加密和解密支持以下算法名称:

适用于

另请参阅