我正在尝试加密和解密存储在SQL中的密码。解码时出现错误输入不是有效的Base-64字符串,因为它包含非Base 64字符,两个以上的填充字符或填充字符中的非法字符。在System.Convert.FromBase64_Decode中。
解密代码:
string userEmail = Email1.Text;
string userPass = passW.Text;
SqlConnection sqlcon = new SqlConnection("My connection")
string query = "Select * from users Where email= '" + userEmail + "'";
SqlDataAdapter sda = new SqlDataAdapter(query,sqlcon);
DataTable dtbl = new DataTable()
sda.Fill(dtbl);
if (dtbl.Rows.Count == 1)
{
string savedPasswordHash = dtbl.Rows[0][1].ToString();
savedPasswordHash.Replace("-","");
byte[] hashBytes = Convert.FromBase64String(savedPasswordHash);
byte[] salt = new byte[16];
Array.Copy(hashBytes,salt,16);
var pbkdf2 = new Rfc2898DeriveBytes(userPass,10000);
byte[] hash = pbkdf2.GetBytes(20);
int ok = 1;
for (int i = 0; i < 20; i++)
if (hashBytes[i + 16] != hash[i])
ok = 0;
if (ok == 1) //good creds & redirect
加密代码:
byte[] salt1;
new RNGCryptoServiceProvider().GetBytes(salt1 = new byte[16]);
var pbkdf21 = new Rfc2898DeriveBytes(EmailTextBox.Text,salt1,10000);
byte[] hash1 = pbkdf21.GetBytes(20);
byte[] hashBytes1 = new byte[36];
Array.Copy(salt1,hashBytes1,16);
Array.Copy(hash1,16,20);
string savedPasswordHash1 = Convert.ToBase64String(hashBytes1);
string commString = $"UPDATE users SET NewPassword = ('{savedPasswordHash1}') where Email = ('{email2}')";
using (SqlConnection connect = new SqlConnection(constring))
{
using (SqlCommand comm = new SqlCommand())
{
comm.Connection = connect;
comm.CommandText = commString;
connect.Open();
comm.ExecuteNonQuery();
connect.Close();
}
列的数据类型为nvarchar