iOS-RSA加密-生成秘钥的使用
来源:互联网 发布:蓝洞游戏公司 知乎 编辑:程序博客网 时间:2024/05/17 07:38
基于Security.framework框架的RSA加密
使用的时候
EncryptTool.h
文件内容如下:
@interface EncryptTool : NSObject// 通过der文件路径获取公钥- (void)loadPublicKeyFromFile:(NSString *)derFilePath;// 通过p12文件路径获取私钥- (void)loadPrivateKeyFromFile:(NSString*)p12FilePath password:(NSString*)p12Password;// 字符串加密- (NSString *)rsaEncryptString:(NSString *)string;// 字符串解密- (NSString *)rsaDecryptString:(NSString*)string;@end
EncryptTool.m
文件内容如下:
@interface EncryptTool (){ SecKeyRef _publicKey; // 公钥 SecKeyRef _privateKey;// 私钥}@property (nonatomic,copy) NSString *derFilePath; // der文件路径@property (nonatomic,copy) NSString *p12FilePath; // p12文件路径@property (nonatomic,copy) NSString *p12Password; //p12文件密码@end
#pragma mark 从der证书文件中读取公钥
/** * 获取公钥 * * @return */- (SecKeyRef)getPublicKey { if (!_publicKey) { [self loadPublicKeyFromFile:self.derFilePath]; } return _publicKey;}/** * 通过文件路径加载公钥 * * @param derFilePath 公钥文件路径 */- (void)loadPublicKeyFromFile:(NSString *)derFilePath { if (cerFilePath == nil) { return; } self.derFilePath = derFilePath; NSData *cerData = [[NSData alloc] initWithContentsOfFile:derFilePath]; [self loadPublicKeyFromData:cerData];}/** * 通过NSData加载公钥 * (此方法可用于将公钥配置在服务端,以Base64字符串传到移动端来加载) * @param derData 公钥data */- (void)loadPublicKeyFromData:(NSData *)cerData { _publicKey = [self getPublicKeyRefrenceFromeData:cerData];}#pragma mark - Private Methods/** * (私有方法)从data获取公钥 * * @param certData data * * @return 公钥 */- (SecKeyRef)getPublicKeyRefrenceFromeData:(NSData *)certData { SecKeyRef publicKeyRef = NULL; CFDataRef myCertData = (__bridge CFDataRef)certData; SecCertificateRef cert = SecCertificateCreateWithData(NULL, (CFDataRef)myCertData); if (cert == nil) { NSLog(@"Can not read certificate from %@", self.derFilePath); return nil; } SecPolicyRef policy = SecPolicyCreateBasicX509(); SecCertificateRef certArray[1] = {cert}; CFArrayRef myCerts = CFArrayCreate(NULL, (void *)certArray,1, NULL); SecTrustRef trust; OSStatus status = SecTrustCreateWithCertificates(myCerts, policy, &trust); if (status != noErr) { NSLog(@"SecTrustCreateWithCertificates fail. Error Code: %d", (int)status); CFRelease(cert); CFRelease(policy); CFRelease(myCerts); return nil; } SecTrustResultType trustResult; status = SecTrustEvaluate(trust, &trustResult); if (status != noErr) { NSLog(@"SecTrustEvaluate fail. Error Code: %d", (int)status); CFRelease(cert); CFRelease(policy); CFRelease(trust); CFRelease(myCerts); return nil; } publicKeyRef = SecTrustCopyPublicKey(trust); CFRelease(cert); CFRelease(policy); CFRelease(trust); CFRelease(myCerts); return publicKeyRef;}
#pragma mark - 从p12文件中获取私钥
/** * 获取私钥 * * @return */- (SecKeyRef)getPrivateKey { if (!_privateKey) { [self loadPrivateKeyFromFile:self.p12FilePath password:self.p12Password]; } return _privateKey;}/** * 通过文件路径加载私钥 * * @param p12FilePath 私钥文件路径 * @param p12Password 私钥密码 */- (void)loadPrivateKeyFromFile:(NSString*)p12FilePath password:(NSString*)p12Password { if (p12FilePath == nil) { return; } self.p12FilePath = p12FilePath; self.p12Password = p12Password; NSData *p12Data = [NSData dataWithContentsOfFile:p12FilePath]; [self loadPrivateKeyFromData: p12Data password:p12Password];}/** * 通过NSData加载私钥 * * @param p12Data 私钥data * @param p12Password 私钥密码 */- (void)loadPrivateKeyFromData:(NSData*)p12Data password:(NSString*)p12Password { _privateKey = [self getPrivateKeyRefrenceFromData:p12Data password:p12Password];}/** * (私有方法)从data获取私钥 * * @param derData data * * @return 私钥 */- (SecKeyRef)getPrivateKeyRefrenceFromData:(NSData*)p12Data password:(NSString*)password { SecKeyRef privateKeyRef = NULL; NSMutableDictionary * options = [[NSMutableDictionary alloc] init]; [options setObject: password forKey:(__bridge id)kSecImportExportPassphrase]; CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL); OSStatus securityError = SecPKCS12Import((__bridge CFDataRef) p12Data, (__bridge CFDictionaryRef)options, &items); if (securityError == noErr && CFArrayGetCount(items) > 0) { CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0); SecIdentityRef identityApp = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity); securityError = SecIdentityCopyPrivateKey(identityApp, &privateKeyRef); if (securityError != noErr) { privateKeyRef = NULL; } } CFRelease(items); return privateKeyRef;}
/** * 字符串加密 * * @param string 明文 * * @return 密文(base64防止乱码) */- (NSString *)rsaEncryptString:(NSString *)string { NSData *data = [string dataUsingEncoding:NSUTF8StringEncoding]; NSData *encryptedData = [self rsaEncryptData: data]; NSString *base64EncryptedString = [encryptedData base64EncodedStringWithOptions:NSDataBase64Encoding64CharacterLineLength]; return base64EncryptedString;}// 加密的大小受限于SecKeyEncrypt函数,SecKeyEncrypt要求明文和密钥的长度一致,如果要加密更长的内容,需要把内容按密钥长度分成多份,然后多次调用SecKeyEncrypt来实现- (NSData*)rsaEncryptData:(NSData*)data { SecKeyRef key = [self getPublicKey]; const uint8_t *srcbuf = (const uint8_t *)[data bytes]; size_t srclen = (size_t)data.length; size_t block_size = SecKeyGetBlockSize(key) * sizeof(uint8_t); void *outbuf = malloc(block_size); size_t src_block_size = block_size - 11; NSMutableData *ret = [[NSMutableData alloc] init]; for(int idx = 0; idx < srclen; idx += src_block_size){// NSLog(@"%d/%d block_size: %d", idx, (int)srclen, (int)block_size); size_t data_len = srclen - idx; if (data_len > src_block_size) { data_len = src_block_size; } size_t outlen = block_size; OSStatus status = noErr; status = SecKeyEncrypt(key, kSecPaddingPKCS1, srcbuf + idx, data_len, outbuf, &outlen ); if (status != 0) {//0为成功 NSLog(@"SecKeyEncrypt fail. Error Code: %d", (int)status); ret = nil; break; }else{ [ret appendBytes:outbuf length:outlen]; } } free(outbuf); return ret;}
/** * 解密字符串 * * @param string 密文 * * @return 明文 */- (NSString *)rsaDecryptString:(NSString*)string { NSData *data = [[NSData alloc] initWithBase64EncodedString:string options:NSDataBase64DecodingIgnoreUnknownCharacters]; NSData *decryptData = [self rsaDecryptData: data]; NSString *result = [[NSString alloc] initWithData:decryptData encoding:NSUTF8StringEncoding]; return result;}/** * 解密 * * @param data 密文data * * @return 明文data */- (NSData*)rsaDecryptData:(NSData*)data { SecKeyRef key = [self getPrivateKey]; size_t cipherLen = [data length]; void *cipher = malloc(cipherLen); [data getBytes:cipher length:cipherLen]; size_t plainLen = SecKeyGetBlockSize(key) - 12; void *plain = malloc(plainLen); OSStatus status = SecKeyDecrypt(key, kSecPaddingPKCS1, cipher, cipherLen, plain, &plainLen); if (status != noErr) { return nil; } NSData *decryptedData = [[NSData alloc] initWithBytes:(const void *)plain length:plainLen]; return decryptedData;}
// 加载公钥、加密 EncryptTool *tool = [[EncryptTool alloc]init]; NSString *publicPath = [[NSBundle mainBundle]pathForResource:@"rsacert" ofType:@"der"]]; [tool loadPublicKeyFromFile:publicPath]; NSString *returnEncypt = [tool rsaEncryptString:encyptString]; NSLog(@"加密结果:%@",returnEncypt); // 加载私钥、解密 NSString *privatePath = [[NSBundle mainBundle]pathForResource:@"p" ofType:@"p12"]; [tool loadPrivateKeyFromFile:privatePath password:@"123456"]; // 密码为p12文件的密码 NSString *returnDecrypt = [tool rsaDecryptString:returnEncypt];; NSLog(@"解密结果:%@",returnDecrypt);
1 0
- iOS-RSA加密-生成秘钥的使用
- iOS-RSA加密-秘钥生成
- RSA加密解密(直接使用openssl生成的公私钥)
- 生成RSA秘钥及加密
- iOS - 加密解密 - 生成RSA公钥密钥
- iOS RSA加密 以及生成公钥 秘钥 pem文件
- iOS中使用RSA加密
- iOS中使用RSA加密
- iOS中使用RSA加密
- iOS中使用RSA加密
- iOS中使用RSA加密
- iOS中使用RSA加密
- iOS中使用RSA加密
- Android RSA加密,通过模数和指数生成秘钥在加密遇到的坑
- RSA算法在iOS 客户端的使用 加密方法代码
- iOS RSA 公钥加密
- OpenSSL生成证书进行iOS加密,java解密的RSA非对称加密 详解
- iOS 使用 RSA 加密, 只需要公钥
- spring boot 上线运行异常常见解决方案
- EMGU 计算轮廓的面积并绘制
- linux下设置固定IP
- Java研发方向如何准备BAT技术面试答案(中)
- 线程的五大状态
- iOS-RSA加密-生成秘钥的使用
- iOS开发--适配iOS 10以及Xcode 8
- Servlet-HttpSession常用方法及状态
- 从零开始学JDBC--1.4 模仿上节DDL过程写出DML过程
- Logstash使用详解
- Android系统Recovery工作原理之使用update.zip升级过程分析(二)---update.zip差分包问题的解决
- 数正方形
- input number 标签
- RequireJs的使用和快速理解