IOS中RSA的加密解密
2014-09-05 13:43
253 查看
1.
生成私钥: openssl req -x509 -days 3650 -new -newkey rsa:2048 -keyout private_key.pem -out private_key.pem
2.
生成p12格式的文件: openssl pkcs12 -export -out private_pkcs.p12 -in private_key.pem
3.
生成自签名证书: openssl x509 -in private_key.pem -inform PEM -out public_key.der -outform DER
使用到的第三方库:https://github.com/nicklockwood/Base64
类文件:
生成私钥: openssl req -x509 -days 3650 -new -newkey rsa:2048 -keyout private_key.pem -out private_key.pem
2.
生成p12格式的文件: openssl pkcs12 -export -out private_pkcs.p12 -in private_key.pem
3.
生成自签名证书: openssl x509 -in private_key.pem -inform PEM -out public_key.der -outform DER
使用到的第三方库:https://github.com/nicklockwood/Base64
//原始字符串 NSString *value = @"测试iOS中RSA加密和解密"; //加密 NSString *encrypt= [value rsaEncrypt]; FLOG(@"encrypted string: %@",encrypt); //解密 NSString *decrypt= [encrypt rsaDecrypt]; FLOG(@"decrypted string: %@",decrypt);
类文件:
// // RSA.h // MCFriends // // Created by marujun on 14-9-4. // Copyright (c) 2014年 marujun. All rights reserved. // #import <Foundation/Foundation.h> #import "Base64.h" @interface RSA : NSObject + (NSString *)encryptWithString:(NSString *)content; + (NSString *)decryptWithString:(NSString *)content; @end @interface NSString (RSA) - (NSString *)rsaEncrypt; - (NSString *)rsaDecrypt; @end
// // RSA.m // MCFriends // // Created by marujun on 14-9-4. // Copyright (c) 2014年 marujun. All rights reserved. // #import "RSA.h" @implementation RSA static SecKeyRef _publicKey = nil; + (SecKeyRef)getPublicKey { // 从公钥证书文件中获取到公钥的SecKeyRef指针 if(_publicKey == nil){ NSData *certificateData = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"public_key" ofType:@"der"]]; SecCertificateRef myCertificate = SecCertificateCreateWithData(kCFAllocatorDefault, (__bridge CFDataRef)certificateData); SecPolicyRef myPolicy = SecPolicyCreateBasicX509(); SecTrustRef myTrust; OSStatus status = SecTrustCreateWithCertificates(myCertificate,myPolicy,&myTrust); SecTrustResultType trustResult; if (status == noErr) { status = SecTrustEvaluate(myTrust, &trustResult); } _publicKey = SecTrustCopyPublicKey(myTrust); CFRelease(myCertificate); CFRelease(myPolicy); CFRelease(myTrust); } return _publicKey; } + (NSString *)encryptWithString:(NSString *)content { SecKeyRef key = [self getPublicKey]; // 分配内存块,用于存放加密后的数据段 size_t cipherBufferSize = SecKeyGetBlockSize(key); uint8_t *cipherBuffer = malloc(cipherBufferSize * sizeof(uint8_t)); NSData *stringBytes = [content dataUsingEncoding:NSUTF8StringEncoding]; size_t blockSize = cipherBufferSize - 12; size_t blockCount = (size_t)ceil([stringBytes length] / (double)blockSize); NSMutableData *encryptedData = [NSMutableData data]; // 分段加密 for (int i = 0; i < blockCount; i++) { NSUInteger loc = i * blockSize; // 数据段的实际大小。最后一段可能比blockSize小。 int bufferSize = MIN(blockSize,[stringBytes length] - loc); // 截取需要加密的数据段 NSData *buffer = [stringBytes subdataWithRange:NSMakeRange(loc, bufferSize)]; OSStatus status = SecKeyEncrypt(key, kSecPaddingPKCS1, (const uint8_t *)[buffer bytes], [buffer length], cipherBuffer, &cipherBufferSize); if (status == noErr) { NSData *encryptedBytes = [[NSData alloc] initWithBytes:(const void *)cipherBuffer length:cipherBufferSize]; // 追加加密后的数据段 [encryptedData appendData:encryptedBytes]; } else { if (cipherBuffer) { free(cipherBuffer); } return nil; } } if (cipherBuffer) { free(cipherBuffer); } return [encryptedData base64EncodedString]; } static SecKeyRef _privateKey = nil; + (SecKeyRef)getPrivateKey { // 从p12文件中获取到私钥的SecKeyRef指针 if(_privateKey == nil){ NSString *pkcsPassword = @"****"; //p12文件密码 NSData *p12Data = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"private_pkcs" ofType:@"p12"]]; //p12文件路径 CFStringRef password = (__bridge CFStringRef)pkcsPassword; const void *keys[] = { kSecImportExportPassphrase }; const void *values[] = { password }; CFDictionaryRef options = CFDictionaryCreate(kCFAllocatorDefault, keys, values, 1, NULL, NULL); CFArrayRef items = CFArrayCreate(kCFAllocatorDefault, NULL, 0, NULL); OSStatus status = SecPKCS12Import((__bridge CFDataRef)p12Data, options, &items); if (status == errSecSuccess) { CFDictionaryRef identity_trust_dic = CFArrayGetValueAtIndex(items, 0); SecIdentityRef identity = (SecIdentityRef)CFDictionaryGetValue(identity_trust_dic, kSecImportItemIdentity); SecTrustRef trust = (SecTrustRef)CFDictionaryGetValue(identity_trust_dic, kSecImportItemTrust); // certs数组中包含了所有的证书 CFArrayRef certs = (CFArrayRef)CFDictionaryGetValue(identity_trust_dic, kSecImportItemCertChain); if ([(__bridge NSArray *)certs count] && trust && identity) { // 如果没有下面一句,自签名证书的评估信任结果永远是kSecTrustResultRecoverableTrustFailure status = SecTrustSetAnchorCertificates(trust, certs); if (status == noErr) { SecTrustResultType trustResultType; // 通常, 返回的trust result type应为kSecTrustResultUnspecified,如果是,就可以说明签名证书是可信的 status = SecTrustEvaluate(trust, &trustResultType); if ((trustResultType == kSecTrustResultUnspecified || trustResultType == kSecTrustResultProceed) && status == errSecSuccess) { // 证书可信,可以提取私钥与公钥,然后可以使用公私钥进行加解密操作 status = SecIdentityCopyPrivateKey(identity, &_privateKey); if (status == noErr && _privateKey) { // 成功提取私钥 } } } } } if (options) { CFRelease(options); } } return _privateKey; } + (NSString *)decryptWithString:(NSString *)content { SecKeyRef key = [self getPrivateKey]; // 分配内存块,用于存放解密后的数据段 size_t plainBufferSize = SecKeyGetBlockSize(key); uint8_t *plainBuffer = malloc(plainBufferSize * sizeof(uint8_t)); NSData *cipherData = [content base64DecodedData]; // 计算数据段最大长度及数据段的个数 size_t blockSize = plainBufferSize; size_t blockCount = (size_t)ceil([cipherData length] / blockSize); NSMutableData *decryptedData = [NSMutableData data]; // 分段解密 for (int i = 0; i < blockCount; i++) { NSUInteger loc = i * blockSize; // 数据段的实际大小。最后一段可能比blockSize小。 int bufferRealSize = MIN(blockSize, [cipherData length] - loc); // 截取需要解密的数据段 NSData *buffer = [cipherData subdataWithRange:NSMakeRange(loc, bufferRealSize)]; OSStatus status = SecKeyDecrypt(key, kSecPaddingPKCS1, (const uint8_t *)[buffer bytes], [buffer length], plainBuffer, &plainBufferSize); if (status == noErr) { NSData *decryptedBytes = [[NSData alloc] initWithBytes:(const void *)plainBuffer length:plainBufferSize]; [decryptedData appendData:decryptedBytes]; } else { if (plainBuffer) { free(plainBuffer); } return nil; } } if (plainBuffer) { free(plainBuffer); } return [[NSString alloc] initWithData:decryptedData encoding:NSUTF8StringEncoding];; } @end @implementation NSString (RSA) - (NSString *)rsaEncrypt { return [RSA encryptWithString:self]; } - (NSString *)rsaDecrypt { return [RSA decryptWithString:self]; } @end
相关文章推荐
- IOS 与JAVA RSA加密解密
- IOS rsa加密与解密
- IOS RSA加密解密
- iOS客户端与JAVA服务器之间的RSA加密解密
- ios客户端RSA公钥加密 .net后台私钥解密解决方案(基于Openssl)
- iOS -- OpenSSL进行RSA加密解密概念
- iOS和java之间的RSA加密解密、加签认证对接
- android、ios与服务器端php使用rsa加密解密通讯
- IOS and JAVA 的 RSA 加密解密
- 漫谈iOS RSA非对称加密与解密
- android、ios与服务器端php使用rsa加密解密通讯
- iOS 客户端进行 RSA 加密并在 PHP 服务端进行解密
- Node.js 基于 ursa 模块的 RSA 加密解密(已与IOS,Android实现加密通信)
- Android和IOS关于RSA加密以及服务端解密的研究实现
- iOS RSA公钥加密数据 服务端接受PHP私钥解密 反过服务端公钥加密数据 iOS端私钥解密数据
- android、ios与服务器端php使用rsa加密解密通讯
- android、ios与服务器端php使用rsa加密解密通讯
- ios RSA加密解密一些相关问题
- openssl实现iOS 和 java服务器端的rsa加密解密。
- ios 安卓 javaweb RSA加密解密