如何在javascript中创建像Rfc2898DeriveBytes这样的加密函数
我在vb.net/Jquery中有一个项目。在这里,我使用加密功能验证与Intranet的连接如何在javascript中创建像Rfc2898DeriveBytes这样的加密函数,javascript,encryption,pbkdf2,Javascript,Encryption,Pbkdf2,我在vb.net/Jquery中有一个项目。在这里,我使用加密功能验证与Intranet的连接 Public Shared Function ValidatePassword(passwordToTest As String, passwordParam As paramPassword) As Boolean Dim hash() As Byte = passwordParam.hashByteArray Dim testHash() As Byte = PB
Public Shared Function ValidatePassword(passwordToTest As String, passwordParam As paramPassword) As Boolean
Dim hash() As Byte = passwordParam.hashByteArray
Dim testHash() As Byte = PBKDF2(passwordToTest, passwordParam.saltByteArray, passwordParam.iteration, passwordParam.hashByteArraySize)
Return SlowEquals(hash, testHash)
End Function
Private Shared Function SlowEquals(a() As Byte, b() As Byte) As Boolean
Dim diff As UInteger = CUInt(a.Length) Xor CUInt(b.Length)
For i As Integer = 0 To Math.Min(a.Length, b.Length) - 1
diff = CUInt(a(i) Xor b(i)) Or diff
Next
Return diff = 0
End Function
Private Shared Function PBKDF2(password As String, salt() As Byte, iterations As Integer, outputBytes As Integer) As Byte()
Dim PBKDF2_hasher As Rfc2898DeriveBytes = New Rfc2898DeriveBytes(password, salt)
PBKDF2_hasher.IterationCount = iterations
Return PBKDF2_hasher.GetBytes(outputBytes)
End Function
现在如果我脱机,我想检查indexdb的连接。然后我尝试模拟这个功能位,我一次又一次失败。
我明白了,但需要node.js。我没能适应,我不想仅仅为了适应而放node.js
我看到了另一个,但它很长,我没有把结果放在变量中,最糟糕的是结果和我的散列不同。。。
我在谷歌看到cryptojs,但不知道如何使用它。当我下载它时,我有两个文件夹:组件/汇总
有人可以帮助我找到一种使用加密库的简单方法以及如何使用它?我创建了一篇新文章,以清晰地使用cryptojs发布测试代码。 在aspx中 然后我试着把盐挤出来
Public Shared Function SetPassWord() As NewPwD
Dim ret As New NewPwD
Dim csprng As RNGCryptoServiceProvider = New RNGCryptoServiceProvider()
Dim originalsalt As String = "azertyuiop"
Dim salt As Byte() = System.Text.Encoding.Default.GetBytes(originalsalt)
Dim hash() As Byte = PBKDF2("Toto", salt, 10, 64)
ret.hash = Convert.ToBase64String(hash)
ret.salt = originalsalt
Return ret
End Function
但始终存在相同的问题不匹配我使用您的VB代码为哈希和salt获取以下(Base64编码)样本数据:
Hash:bAZiQwC3BDvAzUEp/9MJ2HqNPvsB24V5HUnz8YZA1sGP8BOK0H1UhiUSMV4jipPiZiiKXQE8g0jKJt+bzcwj1Q==
盐:ByMK17y9LCHLtX9+N6C9ULXKWV9R5Q9YPZVWQ1S1A4Z9R4VufF4EZQFN3IE+mt7cOl9CxGVxYMLXVbdOR83w==
由于我没有改变VB代码,剩余的PBKDF2参数是:
密码:Toto
迭代次数:10次
密钥大小:64字节
使用CryptoJS在JavaScript中进行密码验证的一个可能实现是:
函数ValidatePassWord(密码、hashedPwd、saltString、keylen、迭代){
var saltWA=CryptoJS.enc.Base64.parse(saltString);
var hashedPwdToCompareWA=CryptoJS.PBKDF2(密码,saltWA,{keySize:keylen/4,iterations:iterations});
var hashedPwdToCompare=CryptoJS.enc.Base64.stringify(hashedPwdToCompareWA);
//console.log(hashedPwdToCompare);
返回值(hashedPwd==hashedPwdToCompare);
}
//来自VB代码的数据
var password='Toto';
var-keylen=64;
var迭代次数=10;
var hashedPwd=‘bAZiQwC3BDvAzUEp/9MJ2HqNPvsB24V5HUnz8YZA1sGP8BOK0H1UhiUSMV4jipPiZiiKXQE8g0jKJt+bzcwj1Q=’;
var saltString='ByMK17y9LCHLtX9+N6C9ULXKWV9R5Q9YPZVWQ1S1A4Z9R4VufOfDEZQFN3IE+mt7cOl9CxGVxYMLXVbdOR83w=';
//成功验证
var verified=ValidatePassWord(密码、hashedPwd、saltString、keylen、迭代);
log('测试-成功验证:',已验证);
//验证失败
var otherHashedPwd='xAZiQwC3BDvAzUEp/9MJ2HqNPvsB24V5HUnz8YZA1sGP8BOK0H1UhiUSMV4jipPiZiiKXQE8g0jKJt+bzcwj1Q=';
var verified=ValidatePassWord(密码、其他hashedpwd、saltString、keylen、迭代);
log('测试-验证失败:',已验证)代码>
Rfc2898DeriveBytes
实现了由CryptoJS和NodeJS的加密模块支持的PBKDF2。您可以在相应的文档中找到示例,例如和。尝试一个实现,如果遇到问题,请发布最新的代码以及问题的描述。我已经找到了此页面,但未能实现它们,如何在Visual studio中插入,就像我在第一篇文章中看到的那样。我从不使用node.js。这就是为什么cryptojs会引起我的注意,但是如何使用itOr一个简单的示例codepen将非常好,只要了解includes和其他相关内容,对于Visual Studio中的NodeJS集成,您可以在web上找到足够的信息,例如。还可以找到如何在NodeJS环境中使用CryptoJS,例如,我建议发布一组完整的示例数据。例如,对于VB代码,提供ret.salt
(当前缺失)和ret.hash
(保留其余PBKDF2参数:密码(Toto)、迭代次数(10)、键大小(64字节))的示例。我假设这两个数据都对应于JavaScript中的msg.d.salt
和msg.d.hash
,对吗?有了这样的示例数据,检查ValidatePassword
或CryptoJS.PBKDF2
并在必要时进行调整会容易得多。无意冒犯,但是如果您编辑了您的问题并附加了这些信息,而不是发布答案,那就更好了。我使用您的VB代码生成了所需的示例数据。您可以在我的回答中找到使用CryptoJS验证的可能JavaScript实现。
Public Class NewPwD
Property hash As String
Property salt As String
End Class
<Services.WebMethod()>
Public Shared Function SetPassWord() As NewPwD
Dim ret As New NewPwD
Dim csprng As RNGCryptoServiceProvider = New RNGCryptoServiceProvider()
Dim salt(63) As Byte
csprng.GetBytes(salt)
Dim hash() As Byte = PBKDF2("Toto", salt, 10, 64)
ret.hash = Convert.ToBase64String(hash)
ret.salt = Convert.ToBase64String(salt)
Return ret
End Function
Private Shared Function PBKDF2(password As String, salt() As Byte, iterations As Integer, outputBytes As Integer) As Byte()
Dim PBKDF2_hasher As Rfc2898DeriveBytes = New Rfc2898DeriveBytes(password, salt)
PBKDF2_hasher.IterationCount = iterations
Return PBKDF2_hasher.GetBytes(outputBytes)
End Function
$(function () {
$.ajax({
type: "POST", url: '/test.aspx/SetPassWord', contentType: 'application/json; charset=utf-8', dataType: "json",
success: function (msg) {
AfficheMsgRetour(ValidatePassWord("Toto", msg.d.hash,msg.d.salt, 64, 10));
}
});
});
function ValidatePassWord(password, hashedPwd, saltString, saltlen, iterations) {
var key = CryptoJS.PBKDF2(password, saltString, { keySize: saltlen, iterations: iterations });
var str = _arrayBufferToBase64(key.words);
return (hashedPwd === str);
}
function _arrayBufferToBase64(buffer) {
var binary = '';
var bytes = new Uint8Array(buffer);
var len = bytes.byteLength;
for (var i = 0; i < len; i++) {
binary += String.fromCharCode(bytes[i]);
}
return window.btoa(binary);
}
function _base64ToArrayBuffer(base64) {
var binary_string = window.atob(base64);
var len = binary_string.length;
var bytes = new Uint8Array(len);
for (var i = 0; i < len; i++) {
bytes[i] = binary_string.charCodeAt(i);
}
return bytes.buffer;
}
ret.salt = System.Text.Encoding.UTF8.GetString(hash, 0, hash.Length) 'System.Text.Encoding.Default.GetString(salt) 'Convert.ToBase64String(salt)
Public Shared Function SetPassWord() As NewPwD
Dim ret As New NewPwD
Dim csprng As RNGCryptoServiceProvider = New RNGCryptoServiceProvider()
Dim originalsalt As String = "azertyuiop"
Dim salt As Byte() = System.Text.Encoding.Default.GetBytes(originalsalt)
Dim hash() As Byte = PBKDF2("Toto", salt, 10, 64)
ret.hash = Convert.ToBase64String(hash)
ret.salt = originalsalt
Return ret
End Function