C# 谷歌KMS解密数据时出错
当我试图用谷歌KMS解密我的数据时,我得到了这个错误。下面是我的解密代码。错误发生在有C# 谷歌KMS解密数据时出错,c#,asp.net,encryption,google-cloud-platform,google-cloud-kms,C#,Asp.net,Encryption,Google Cloud Platform,Google Cloud Kms,当我试图用谷歌KMS解密我的数据时,我得到了这个错误。下面是我的解密代码。错误发生在有字符串明文的行上。提前谢谢 代码 public static string Encrypt(string plaintext) { KeyManagementServiceClient client = KeyManagementServiceClient.Create(); //projects/progforthecloudt2020/locations/gl
字符串明文的行上。提前谢谢
代码
public static string Encrypt(string plaintext)
{
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
//projects/progforthecloudt2020/locations/global/keyRings/pfckeyring001/cryptoKeys/pfckeys
CryptoKeyName kn = CryptoKeyName.FromUnparsed(new
Google.Api.Gax.UnparsedResourceName("GOOGLE RESOURCE ID REMOVED"));
string cipher = client.Encrypt(kn, ByteString.CopyFromUtf8(plaintext)).Ciphertext.ToBase64();
return cipher;
}
public static string Decrypt(string cipher)
{
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
CryptoKeyName kn = CryptoKeyName.FromUnparsed(new Google.Api.Gax.UnparsedResourceName("GOOGLE RESOURCE ID REMOVED"));
string plaintext = client.Decrypt(kn, ByteString.CopyFromUtf8(cipher)).Plaintext.ToBase64();
return plaintext;
}
错误
Grpc.Core.RpcException: 'Status(StatusCode=InvalidArgument, Detail="Decryption failed: the ciphertext is invalid.")'
您正在对加密调用的结果进行base64编码,但在解密调用中没有对其进行base64解码。您不需要对数据进行base64编码
public static void Encrypt(string projectId, string locationId, string keyRingId, string cryptoKeyId, string plaintextFile, string ciphertextFile)
{
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
CryptoKeyName cryptoKeyName =
new CryptoKeyName(projectId, locationId, keyRingId, cryptoKeyId);
byte[] plaintext = File.ReadAllBytes(plaintextFile);
EncryptResponse result = client.Encrypt(cryptoKeyName, ByteString.CopyFrom(plaintext));
// Output encrypted data to a file.
File.WriteAllBytes(ciphertextFile, result.Ciphertext.ToByteArray());
Console.Write($"Encrypted file created: {ciphertextFile}");
}
public static void Decrypt(string projectId, string locationId, string keyRingId, string cryptoKeyId, string ciphertextFile, string plaintextFile)
{
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
CryptoKeyName cryptoKeyName =
new CryptoKeyName(projectId, locationId, keyRingId, cryptoKeyId);
byte[] ciphertext = File.ReadAllBytes(ciphertextFile);
DecryptResponse result = client.Decrypt(cryptoKeyName, ByteString.CopyFrom(ciphertext));
// Output decrypted data to a file.
File.WriteAllBytes(plaintextFile, result.Plaintext.ToByteArray());
Console.Write($"Decrypted file created: {plaintextFile}");
}
您正在对加密调用的结果进行base64编码,但在解密调用中没有对其进行base64解码。您不需要对数据进行base64编码
public static void Encrypt(string projectId, string locationId, string keyRingId, string cryptoKeyId, string plaintextFile, string ciphertextFile)
{
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
CryptoKeyName cryptoKeyName =
new CryptoKeyName(projectId, locationId, keyRingId, cryptoKeyId);
byte[] plaintext = File.ReadAllBytes(plaintextFile);
EncryptResponse result = client.Encrypt(cryptoKeyName, ByteString.CopyFrom(plaintext));
// Output encrypted data to a file.
File.WriteAllBytes(ciphertextFile, result.Ciphertext.ToByteArray());
Console.Write($"Encrypted file created: {ciphertextFile}");
}
public static void Decrypt(string projectId, string locationId, string keyRingId, string cryptoKeyId, string ciphertextFile, string plaintextFile)
{
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
CryptoKeyName cryptoKeyName =
new CryptoKeyName(projectId, locationId, keyRingId, cryptoKeyId);
byte[] ciphertext = File.ReadAllBytes(ciphertextFile);
DecryptResponse result = client.Decrypt(cryptoKeyName, ByteString.CopyFrom(ciphertext));
// Output decrypted data to a file.
File.WriteAllBytes(plaintextFile, result.Plaintext.ToByteArray());
Console.Write($"Decrypted file created: {plaintextFile}");
}
请看一看第节中的文档和C#的检查示例。请看一看第节中的文档和C#的检查示例。您能告诉我需要添加什么或更改什么,因为我已经看到了谷歌的示例。谢谢你,我不是base64。您使用的是双基64编码。因此,我删除了部分PlainText.ToBase64()
将返回类型从string更改为byte[]并删除所有base64,或者将decrypt函数更改为base64先对输入值进行解码,然后再尝试解密。您能告诉我需要添加什么吗?或者更改,因为我已经看到了Google示例。谢谢你,我不是base64。您使用的是双基64编码。因此,我删除了部分PlainText.ToBase64()
将返回类型从string更改为byte[]并删除所有base64,或者将decrypt函数更改为base64,在尝试解密之前先对输入值进行解码。