.NET C# 实现国密算法加解密
- 概述
- 1. SM1
- 2. SM2
- 3. SM3
- 4. SM4
- 5. SM7
- 6. SM9
- 7. ZUC
- C#代码实现
- 1 SM2
- 2 SM3
- 3 SM4
概述
国密算法(SM算法)是中国国家密码管理局制定的一系列密码算法标准。这些算法被广泛应用于各种信息安全领域,包括通信、电子商务、金融等。以下是主要的国密算法概述:
1. SM1
- 类型: 对称加密算法
- 特性: SM1是一种分组加密算法,具体的算法细节未公开,仅供特定用途。
- 用途: 主要用于国内敏感信息的加密,通常应用在需要高安全级别的场景。
2. SM2
- 类型: 公钥密码算法
- 特性: 基于椭圆曲线的公钥加密算法,支持数据加密和数字签名。相比于RSA,SM2在提供相同安全级别的同时,密钥长度更短,计算效率更高。
- 用途: 广泛应用于电子商务、电子政务、金融等领域,进行数据加密和数字签名。
3. SM3
- 类型: 哈希算法
- 特性: SM3是一种密码散列函数,用于生成数据的固定长度的哈希值。其设计参考了SHA-256,但在结构和安全性上有所改进。
- 用途: 数据完整性验证、数字签名中的哈希操作、信息摘要生成等。
4. SM4
- 类型: 对称加密算法
- 特性: SM4是一种分组密码算法,块大小为128位,密钥长度为128位。SM4的设计类似于AES,但具有独特的结构和算法特点。
- 用途: 用于无线局域网(WLAN)中的数据加密,以及其他需要对称加密的场景。
5. SM7
- 类型: 对称加密算法
- 特性: SM7是一种对称分组加密算法,具体的算法细节未公开,属于非公开标准。
- 用途: 主要用于特定的高安全需求场景。
6. SM9
- 类型: 身份基加密算法(IBE)
- 特性: SM9基于双线性对(pairing-based)的公钥密码算法,允许使用身份信息(如电子邮件地址)作为公钥进行加密和签名操作,简化了公钥基础设施(PKI)的管理。
- 用途: 适用于需要简化密钥管理的应用场景,如邮件加密、身份验证等。
7. ZUC
- 类型: 流加密算法
- 特性: ZUC是3GPP(第三代合作伙伴计划)标准的一部分,被用于LTE(长期演进)中的加密和完整性保护。ZUC算法提供高效的流加密操作,适用于高速数据传输环境。
- 用途: 主要用于移动通信中的数据加密和完整性保护,如4G和5G网络。
这些算法的共同特点是,设计时充分考虑了安全性、效率和适应性,能够满足现代信息系统中对加密和安全的需求。随着信息技术的发展,这些算法将在越来越多的领域中发挥重要作用。
C#代码实现
框架:.NET 6
依赖库:BouncyCastle.Cryptography 2.4.0
using Org.BouncyCastle.Asn1.GM;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Digests;
using Org.BouncyCastle.Crypto.Engines;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Modes;
using Org.BouncyCastle.Crypto.Paddings;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Security;
using System.Text;
1 SM2
static void SM2Test()
{// 生成SM2密钥对var keyPair = GenerateSm2KeyPair();var privateKey = (ECPrivateKeyParameters)keyPair.Private;var publicKey = (ECPublicKeyParameters)keyPair.Public;Console.WriteLine("Private Key: " + privateKey);Console.WriteLine("Public Key: " + publicKey);// 原文string plainText = "Hello SM2!";Console.WriteLine("Original Text: " + plainText);// 加密byte[] cipherText = Sm2Encrypt(publicKey, Encoding.UTF8.GetBytes(plainText));Console.WriteLine("Encrypted Text: " + BitConverter.ToString(cipherText).Replace("-", ""));// 解密byte[] decryptedText = Sm2Decrypt(privateKey, cipherText);Console.WriteLine("Decrypted Text: " + Encoding.UTF8.GetString(decryptedText));
}public static AsymmetricCipherKeyPair GenerateSm2KeyPair()
{var keyGen = new ECKeyPairGenerator();var secureRandom = new SecureRandom();var domainParams = new ECDomainParameters(GMNamedCurves.GetByName("sm2p256v1"));var keyGenParam = new ECKeyGenerationParameters(domainParams, secureRandom);keyGen.Init(keyGenParam);return keyGen.GenerateKeyPair();
}public static byte[] Sm2Encrypt(ECPublicKeyParameters publicKey, byte[] data)
{var engine = new SM2Engine();engine.Init(true, new ParametersWithRandom(publicKey, new SecureRandom()));return engine.ProcessBlock(data, 0, data.Length);
}public static byte[] Sm2Decrypt(ECPrivateKeyParameters privateKey, byte[] encryptedData)
{var engine = new SM2Engine();engine.Init(false, privateKey);return engine.ProcessBlock(encryptedData, 0, encryptedData.Length);
}
2 SM3
static void SM3Test()
{string plainText = "Hello SM3!";Console.WriteLine("Original Text: " + plainText);byte[] hash = Sm3Hash(Encoding.UTF8.GetBytes(plainText));Console.WriteLine("Hash: " + BitConverter.ToString(hash).Replace("-", ""));
}public static byte[] Sm3Hash(byte[] data)
{SM3Digest digest = new SM3Digest();digest.BlockUpdate(data, 0, data.Length);byte[] result = new byte[digest.GetDigestSize()];digest.DoFinal(result, 0);return result;
}
3 SM4
static void Sm4Test()
{string plainText = "Hello SM4!";string key = "1234567890abcdef"; // 16 bytes key for SM4string iv = "abcdef1234567890"; // 16 bytes IV for CBC modeConsole.WriteLine("Original Text: " + plainText);// CBC Modebyte[] cbcCipherText = Sm4CbcEncrypt(Encoding.UTF8.GetBytes(plainText), Encoding.UTF8.GetBytes(key), Encoding.UTF8.GetBytes(iv));Console.WriteLine("CBC Encrypted Text: " + BitConverter.ToString(cbcCipherText).Replace("-", ""));byte[] cbcDecryptedText = Sm4CbcDecrypt(cbcCipherText, Encoding.UTF8.GetBytes(key), Encoding.UTF8.GetBytes(iv));Console.WriteLine("CBC Decrypted Text: " + Encoding.UTF8.GetString(cbcDecryptedText));// ECB Modebyte[] ecbCipherText = Sm4EcbEncrypt(Encoding.UTF8.GetBytes(plainText), Encoding.UTF8.GetBytes(key));Console.WriteLine("ECB Encrypted Text: " + BitConverter.ToString(ecbCipherText).Replace("-", ""));byte[] ecbDecryptedText = Sm4EcbDecrypt(cbcCipherText, Encoding.UTF8.GetBytes(key));Console.WriteLine("ECB Decrypted Text: " + Encoding.UTF8.GetString(ecbDecryptedText));// CFB Modebyte[] cfbCipherText = Sm4CfbEncrypt(Encoding.UTF8.GetBytes(plainText), Encoding.UTF8.GetBytes(key), Encoding.UTF8.GetBytes(iv));Console.WriteLine("CFB Encrypted Text: " + BitConverter.ToString(cfbCipherText).Replace("-", ""));byte[] cfbDecryptedText = Sm4CfbDecrypt(cfbCipherText, Encoding.UTF8.GetBytes(key), Encoding.UTF8.GetBytes(iv));Console.WriteLine("CFB Decrypted Text: " + Encoding.UTF8.GetString(cfbDecryptedText));// OFB Modebyte[] ofbCipherText = Sm4OfbEncrypt(Encoding.UTF8.GetBytes(plainText), Encoding.UTF8.GetBytes(key), Encoding.UTF8.GetBytes(iv));Console.WriteLine("OFB Encrypted Text: " + BitConverter.ToString(ofbCipherText).Replace("-", ""));byte[] ofbDecryptedText = Sm4OfbDecrypt(ofbCipherText, Encoding.UTF8.GetBytes(key), Encoding.UTF8.GetBytes(iv));Console.WriteLine("OFB Decrypted Text: " + Encoding.UTF8.GetString(ofbDecryptedText));
}public static byte[] Sm4OfbEncrypt(byte[] data, byte[] key, byte[] iv)
{var engine = new PaddedBufferedBlockCipher(new OfbBlockCipher(new SM4Engine(), 128), new Pkcs7Padding());engine.Init(true, new ParametersWithIV(new KeyParameter(key), iv));return engine.DoFinal(data);
}public static byte[] Sm4OfbDecrypt(byte[] cipherData, byte[] key, byte[] iv)
{var engine = new PaddedBufferedBlockCipher(new OfbBlockCipher(new SM4Engine(), 128), new Pkcs7Padding());engine.Init(false, new ParametersWithIV(new KeyParameter(key), iv));return engine.DoFinal(cipherData);
}public static byte[] Sm4CfbEncrypt(byte[] data, byte[] key, byte[] iv)
{var engine = new PaddedBufferedBlockCipher(new CfbBlockCipher(new SM4Engine(), 128), new Pkcs7Padding());engine.Init(true, new ParametersWithIV(new KeyParameter(key), iv));return engine.DoFinal(data);
}public static byte[] Sm4CfbDecrypt(byte[] cipherData, byte[] key, byte[] iv)
{var engine = new PaddedBufferedBlockCipher(new CfbBlockCipher(new SM4Engine(), 128), new Pkcs7Padding());engine.Init(false, new ParametersWithIV(new KeyParameter(key), iv));return engine.DoFinal(cipherData);
}public static byte[] Sm4EcbEncrypt(byte[] data, byte[] key)
{var engine = new PaddedBufferedBlockCipher(new EcbBlockCipher(new SM4Engine()), new Pkcs7Padding());engine.Init(true, new KeyParameter(key));return engine.DoFinal(data);
}public static byte[] Sm4EcbDecrypt(byte[] cipherData, byte[] key)
{var engine = new PaddedBufferedBlockCipher(new EcbBlockCipher(new SM4Engine()), new Pkcs7Padding());engine.Init(false, new KeyParameter(key));return engine.DoFinal(cipherData);
}public static byte[] Sm4CbcEncrypt(byte[] data, byte[] key, byte[] iv)
{var engine = new SM4Engine();var blockCipher = new CbcBlockCipher(engine);var cipher = new PaddedBufferedBlockCipher(blockCipher);cipher.Init(true, new ParametersWithIV(new KeyParameter(key), iv));return cipher.DoFinal(data);
}public static byte[] Sm4CbcDecrypt(byte[] cipherData, byte[] key, byte[] iv)
{var engine = new SM4Engine();var blockCipher = new CbcBlockCipher(engine);var cipher = new PaddedBufferedBlockCipher(blockCipher);cipher.Init(false, new ParametersWithIV(new KeyParameter(key), iv));return cipher.DoFinal(cipherData);
}