RSA 分段加解密【解决“不正确的长度”的异常】

RSA 是常用的非对称加密算法。最近使用时却出现了“不正确的长度”的异常，研究发现是由于待加密的数据超长所致。

.NET Framework 中提供的 RSA 算法规定：

待加密的字节数不能超过密钥的长度值除以 8 再减去 11（即：RSACryptoServiceProvider.KeySize / 8 - 11），而加密后得到密文的字节数，正好是密钥的长度值除以 8（即：RSACryptoServiceProvider.KeySize / 8）。

所以，如果要加密较长的数据，则可以采用分段加解密的方式，实现方式如下：

namespace Macroresolute.RSACryptoService
    {
        public static class RSACrypto
        {
            private static readonly Encoding Encoder = Encoding.UTF8;

            public static String Encrypt(this String plaintext)
            {
                X509Certificate2 _X509Certificate2 = RSACrypto.RetrieveX509Certificate();
                using (RSACryptoServiceProvider RSACryptography = _X509Certificate2.PublicKey.Key as RSACryptoServiceProvider)
                {
                    Byte[] PlaintextData = RSACrypto.Encoder.GetBytes(plaintext);
                    int MaxBlockSize = RSACryptography.KeySize / 8 - 11;    //加密块最大长度限制

                    if (PlaintextData.Length <= MaxBlockSize)
                        return Convert.ToBase64String(RSACryptography.Encrypt(PlaintextData, false));

                    using (MemoryStream PlaiStream = new MemoryStream(PlaintextData))
                    using (MemoryStream CrypStream = new MemoryStream())
                    {
                        Byte[] Buffer = new Byte[MaxBlockSize];
                        int BlockSize = PlaiStream.Read(Buffer, 0, MaxBlockSize);

                        while (BlockSize > 0)
                        {
                            Byte[] ToEncrypt = new Byte[BlockSize];
                            Array.Copy(Buffer, 0, ToEncrypt, 0, BlockSize);

                            Byte[] Cryptograph = RSACryptography.Encrypt(ToEncrypt, false);
                            CrypStream.Write(Cryptograph, 0, Cryptograph.Length);

                            BlockSize = PlaiStream.Read(Buffer, 0, MaxBlockSize);
                        }

                        return Convert.ToBase64String(CrypStream.ToArray(), Base64FormattingOptions.None);
                    }
                }
            }

            public static String Decrypt(this String ciphertext)
            {
                X509Certificate2 _X509Certificate2 = RSACrypto.RetrieveX509Certificate();
                using (RSACryptoServiceProvider RSACryptography = _X509Certificate2.PrivateKey as RSACryptoServiceProvider)
                {
                    Byte[] CiphertextData = Convert.FromBase64String(ciphertext);
                    int MaxBlockSize = RSACryptography.KeySize / 8;    //解密块最大长度限制

                    if (CiphertextData.Length <= MaxBlockSize)
                        return RSACrypto.Encoder.GetString(RSACryptography.Decrypt(CiphertextData, false));

                    using (MemoryStream CrypStream = new MemoryStream(CiphertextData))
                    using (MemoryStream PlaiStream = new MemoryStream())
                    {
                        Byte[] Buffer = new Byte[MaxBlockSize];
                        int BlockSize = CrypStream.Read(Buffer, 0, MaxBlockSize);

                        while (BlockSize > 0)
                        {
                            Byte[] ToDecrypt = new Byte[BlockSize];
                            Array.Copy(Buffer, 0, ToDecrypt, 0, BlockSize);

                            Byte[] Plaintext = RSACryptography.Decrypt(ToDecrypt, false);
                            PlaiStream.Write(Plaintext, 0, Plaintext.Length);

                            BlockSize = CrypStream.Read(Buffer, 0, MaxBlockSize);
                        }

                        return RSACrypto.Encoder.GetString(PlaiStream.ToArray());
                    }
                }
            }

            private static X509Certificate2 RetrieveX509Certificate()
            {
                return null;    //检索用于 RSA 加密的 X509Certificate2 证书
            }
        }
    }

注：以上加密方法返回的字符串类型为原始的 Base-64 ，若要用于 URL 传输，需另行处理！

分享自：http://www.cnblogs.com/zys529/archive/2012/05/24/2516539.html