EncryptedXml DecryptDocument方法抛出“Bad Data”exception

在尝试解密另一台PC时，解密function抛出“坏数据”exception的原因是CspParameters链接到运行加密的PC上的会话。

需要在XML中嵌入和加密cspParams对象，以便在另一台PC上启用Decryption。 幸运的是，我们可以使用EncryptionProperty。

 private static MemoryStream EncryptStream(XmlDocument xmlDoc, XmlElement elementToEncrypt, string password) { CspParameters cspParams = new CspParameters(); cspParams.KeyContainerName = password; RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(cspParams); RijndaelManaged sessionKey = null; try { if (xmlDoc == null) throw new ArgumentNullException("xmlDoc"); if (rsaKey == null) throw new ArgumentNullException("rsaKey"); if (elementToEncrypt == null) throw new ArgumentNullException("elementToEncrypt"); sessionKey = new RijndaelManaged(); sessionKey.KeySize = 256; EncryptedXml eXml = new EncryptedXml(); byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false); EncryptedData edElement = new EncryptedData(); edElement.Type = EncryptedXml.XmlEncElementUrl; edElement.Id = EncryptionElementID; edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); EncryptedKey ek = new EncryptedKey(); byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, rsaKey, false); ek.CipherData = new CipherData(encryptedKey); ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url); // Save some more information about the key using the EncryptionProperty element. // Create a new "EncryptionProperty" XmlElement object. var property = new XmlDocument().CreateElement("EncryptionProperty", EncryptedXml.XmlEncNamespaceUrl); // Set the value of the EncryptionProperty" XmlElement object. property.InnerText = RijndaelManagedEncryption.EncryptRijndael(Convert.ToBase64String(rsaKey.ExportCspBlob(true)), "Your Salt string here"); // Create the EncryptionProperty object using the XmlElement object. var encProperty = new EncryptionProperty(property); // Add the EncryptionProperty object to the EncryptedKey object. ek.AddProperty(encProperty); edElement.KeyInfo = new KeyInfo(); KeyInfoName kin = new KeyInfoName(); kin.Value = KeyName; ek.KeyInfo.AddClause(kin); edElement.CipherData.CipherValue = encryptedElement; edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek)); EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false); if (sessionKey != null) { sessionKey.Clear(); } rsaKey.Clear(); MemoryStream stream = new MemoryStream(); xmlDoc.Save(stream); stream.Position = 0; Encoding encodeing = System.Text.UnicodeEncoding.Default; return stream; } catch (Exception) { if (sessionKey != null) { sessionKey.Clear(); } rsaKey.Clear(); throw; } } private static MemoryStream DecryptStream(XmlDocument xmlDoc, string password) { CspParameters cspParams = new CspParameters(); cspParams.KeyContainerName = password; RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(cspParams); var keyInfo = xmlDoc.GetElementsByTagName("EncryptionProperty")[0].InnerText; rsaKey.ImportCspBlob( Convert.FromBase64String(RijndaelManagedEncryption.DecryptRijndael(keyInfo, "Your Salt string here"))); EncryptedXml exml = null; try { if (xmlDoc == null) throw new ArgumentNullException("xmlDoc"); if (rsaKey == null) throw new ArgumentNullException("rsaKey"); exml = new EncryptedXml(xmlDoc); exml.AddKeyNameMapping(KeyName, rsaKey); exml.DecryptDocument(); rsaKey.Clear(); MemoryStream outStream = new MemoryStream(); xmlDoc.Save(outStream); outStream.Position = 0; return outStream; } catch (Exception) { rsaKey.Clear(); throw; } } 

看看RijndaelManagedEncryption类。

不要重新发明加密协议。 你会弄错的 。 例如，error handling存储在CSP中的RSA密钥并期望它们神奇地出现在任何机器上。

要加密传输中的数据，请使用SSL / TLS。 .Net提供与SslStream开箱即用的function。 对于WCF，请参见如何：使用SSL配置IIS托管的WCF服务 。