IOS rsa加密与解密

转载地址 http://blog.sina.com.cn/s/blog_9dd45a670101fisn.html

IOS rsa加密与解密

ras加密需要两组秘钥，一组公共秘钥，一组私有秘钥。
生成命令：

openssl req -x509 -out public_key.der -outform der -new -newkey rsa:2048 -keyout private_key.pem

public_key.der为公共秘钥文件，private_key.pem为私有秘钥文件。

生成ios可引用的私有秘钥文件.pfx:

1. OpenSSL rsa -in private_key.pem -out private_key.key

2. OpenSSL req -new -key private_key.key -out private_key.crt

3. OpenSSL x509 -req -days 3650 -in private_key.crt -signkey private_key.key -out rsaCert.crt

4. OpenSSL x509 -outform der -in rsaCert.crt -out rsaCert.der

5. OpenSSL pkcs12 -export -out private_key.pfx -inkey private_key.key -in rsaCert.crt

private_key.pfx即为生成的文件

公共秘钥的引用：

- (SecKeyRef)getPublicKey

{

SecCertificateRef myCertificate = nil;

NSString *path = [[NSBundle mainBundle] pathForResource:@"public_key" ofType:@"der"];

NSData *certificateData = [NSData dataWithContentsOfFile:path];

myCertificate = SecCertificateCreateWithData(kCFAllocatorDefault, (__bridgeCFDataRef)certificateData);

SecPolicyRef myPolicy = SecPolicyCreateBasicX509();

SecTrustRef myTrust;

OSStatus status = SecTrustCreateWithCertificates(myCertificate,myPolicy,&myTrust);

SecTrustResultType trustResult;

if (status == noErr) {

status = SecTrustEvaluate(myTrust, &trustResult);

}

return SecTrustCopyPublicKey(myTrust);



}

私有秘钥的引用

- (SecKeyRef)getPrivateKey

{

NSString *publicKeyPath = [[NSBundle mainBundle] pathForResource:@"private_key" ofType:@"pfx"];

NSData *pfxkeyData = [[NSData alloc]initWithContentsOfFile:publicKeyPath];



NSMutableDictionary * options = [[NSMutableDictionary alloc] init];

[options setObject:@"password" forKey:(__bridge id)kSecImportExportPassphrase];



CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);



OSStatus securityError = SecPKCS12Import((__bridge CFDataRef)
pfxkeyData,

(__bridge CFDictionaryRef)options,
&items);



CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);

SecIdentityRef identityApp =

(SecIdentityRef)CFDictionaryGetValue(identityDict,

kSecImportItemIdentity);



assert(securityError == noErr);

SecKeyRef privateKeyRef;

SecIdentityCopyPrivateKey(identityApp, &privateKeyRef);



return privateKeyRef;



}

公钥加密：

- (NSData*)rsaEncryptWithData:(NSData*)data usingKey:(SecKeyRef)key{



size_t cipherBufferSize = SecKeyGetBlockSize(key);

uint8_t *cipherBuffer = malloc(cipherBufferSize * sizeof(uint8_t));

memset((void *)cipherBuffer, 0*0,
cipherBufferSize);



NSData *plainTextBytes = data;

size_t blockSize = cipherBufferSize - 11;

size_t blockCount = (size_t)ceil([plainTextBytes length]
/ (double)blockSize);

NSMutableData *encryptedData = [NSMutableData dataWithCapacity:0];



for (int i=0; i<blockCount; i++) {



int bufferSize = MIN(blockSize,[plainTextBytes length] - i
* blockSize);

NSData *buffer = [plainTextBytes subdataWithRange:NSMakeRange(i
* blockSize, bufferSize)];



OSStatus status = SecKeyEncrypt(key,

kSecPaddingPKCS1,

(const uint8_t *)[buffer bytes],

[buffer length],

cipherBuffer,

&cipherBufferSize);



if (status == noErr){

NSData *encryptedBytes = [NSData dataWithBytes:(const void *)cipherBufferlength:cipherBufferSize];

[encryptedData appendData:encryptedBytes];



}else{



if (cipherBuffer) {

free(cipherBuffer);

}

return nil;

}

}

if (cipherBuffer) free(cipherBuffer);

return encryptedData;



}

私钥解密：

- (NSData*)rsaDecryptWithData:(NSData*)data usingKey:(SecKeyRef)key{

NSData *wrappedSymmetricKey = data;



size_t cipherBufferSize = SecKeyGetBlockSize(key);

size_t keyBufferSize = [wrappedSymmetricKey length];



NSMutableData *bits = [NSMutableData dataWithLength:keyBufferSize];

OSStatus sanityCheck = SecKeyDecrypt(key,

kSecPaddingPKCS1,

(const uint8_t *)
[wrappedSymmetricKey bytes],

cipherBufferSize,

[bits mutableBytes],

&keyBufferSize);

NSAssert(sanityCheck == noErr, @"Error decrypting, OSStatus == %ld.", sanityCheck);



[bits setLength:keyBufferSize];



return bits;



}

加密解密网上有写好的ras.m，可以参考：
http://code4app.com/ios/RSA-Encrypt-and-Decrypt/5061d6476803faf86c000001