程序博客网 > 蓝洞游戏公司 知乎

iOS-RSA加密-生成秘钥的使用

来源:互联网 发布:蓝洞游戏公司 知乎 编辑:程序博客网 时间:2024/05/17 07:38

基于Security.framework框架的RSA加密

使用的时候

EncryptTool.h文件内容如下:

@interface EncryptTool : NSObject// 通过der文件路径获取公钥- (void)loadPublicKeyFromFile:(NSString *)derFilePath;// 通过p12文件路径获取私钥- (void)loadPrivateKeyFromFile:(NSString*)p12FilePath password:(NSString*)p12Password;// 字符串加密- (NSString *)rsaEncryptString:(NSString *)string;// 字符串解密- (NSString *)rsaDecryptString:(NSString*)string;@end

EncryptTool.m文件内容如下:

@interface EncryptTool (){    SecKeyRef _publicKey; // 公钥    SecKeyRef _privateKey;// 私钥}@property (nonatomic,copy) NSString *derFilePath; // der文件路径@property (nonatomic,copy) NSString *p12FilePath; // p12文件路径@property (nonatomic,copy) NSString *p12Password; //p12文件密码@end

#pragma mark 从der证书文件中读取公钥

/** *  获取公钥 * *  @return */- (SecKeyRef)getPublicKey {    if (!_publicKey) {        [self loadPublicKeyFromFile:self.derFilePath];    }    return _publicKey;}/** *  通过文件路径加载公钥 * *  @param derFilePath 公钥文件路径 */- (void)loadPublicKeyFromFile:(NSString *)derFilePath {    if (cerFilePath == nil) {        return;    }    self.derFilePath = derFilePath;    NSData *cerData = [[NSData alloc] initWithContentsOfFile:derFilePath];    [self loadPublicKeyFromData:cerData];}/** *  通过NSData加载公钥 *  (此方法可用于将公钥配置在服务端,以Base64字符串传到移动端来加载) *  @param derData 公钥data */- (void)loadPublicKeyFromData:(NSData *)cerData {    _publicKey = [self getPublicKeyRefrenceFromeData:cerData];}#pragma mark - Private Methods/** *  (私有方法)从data获取公钥 * *  @param certData data * *  @return 公钥 */- (SecKeyRef)getPublicKeyRefrenceFromeData:(NSData *)certData {    SecKeyRef publicKeyRef = NULL;    CFDataRef myCertData = (__bridge CFDataRef)certData;    SecCertificateRef cert = SecCertificateCreateWithData(NULL, (CFDataRef)myCertData);    if (cert == nil) {        NSLog(@"Can not read certificate from %@", self.derFilePath);        return nil;    }    SecPolicyRef policy = SecPolicyCreateBasicX509();    SecCertificateRef certArray[1] = {cert};    CFArrayRef myCerts = CFArrayCreate(NULL, (void *)certArray,1, NULL);    SecTrustRef trust;    OSStatus status = SecTrustCreateWithCertificates(myCerts, policy, &trust);    if (status != noErr) {        NSLog(@"SecTrustCreateWithCertificates fail. Error Code: %d", (int)status);        CFRelease(cert);        CFRelease(policy);        CFRelease(myCerts);        return nil;    }    SecTrustResultType trustResult;    status = SecTrustEvaluate(trust, &trustResult);    if (status != noErr) {        NSLog(@"SecTrustEvaluate fail. Error Code: %d", (int)status);        CFRelease(cert);        CFRelease(policy);        CFRelease(trust);        CFRelease(myCerts);        return nil;    }    publicKeyRef = SecTrustCopyPublicKey(trust);    CFRelease(cert);    CFRelease(policy);    CFRelease(trust);    CFRelease(myCerts);    return publicKeyRef;}

#pragma mark - 从p12文件中获取私钥 

/** *  获取私钥 * *  @return */- (SecKeyRef)getPrivateKey {    if (!_privateKey) {        [self loadPrivateKeyFromFile:self.p12FilePath password:self.p12Password];    }    return _privateKey;}/** *  通过文件路径加载私钥 * *  @param p12FilePath 私钥文件路径 *  @param p12Password 私钥密码 */- (void)loadPrivateKeyFromFile:(NSString*)p12FilePath password:(NSString*)p12Password {    if (p12FilePath == nil) {        return;    }    self.p12FilePath = p12FilePath;    self.p12Password = p12Password;    NSData *p12Data = [NSData dataWithContentsOfFile:p12FilePath];    [self loadPrivateKeyFromData: p12Data password:p12Password];}/** *  通过NSData加载私钥 * *  @param p12Data     私钥data *  @param p12Password 私钥密码 */- (void)loadPrivateKeyFromData:(NSData*)p12Data password:(NSString*)p12Password {    _privateKey = [self getPrivateKeyRefrenceFromData:p12Data password:p12Password];}/** *  (私有方法)从data获取私钥 * *  @param derData data * *  @return 私钥 */- (SecKeyRef)getPrivateKeyRefrenceFromData:(NSData*)p12Data password:(NSString*)password {    SecKeyRef privateKeyRef = NULL;    NSMutableDictionary * options = [[NSMutableDictionary alloc] init];    [options setObject: password forKey:(__bridge id)kSecImportExportPassphrase];    CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);    OSStatus securityError = SecPKCS12Import((__bridge CFDataRef) p12Data, (__bridge CFDictionaryRef)options, &items);    if (securityError == noErr && CFArrayGetCount(items) > 0) {        CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);        SecIdentityRef identityApp = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity);        securityError = SecIdentityCopyPrivateKey(identityApp, &privateKeyRef);        if (securityError != noErr) {            privateKeyRef = NULL;        }    }    CFRelease(items);    return privateKeyRef;}
/** *  字符串加密 * *  @param string 明文 * *  @return 密文(base64防止乱码) */- (NSString *)rsaEncryptString:(NSString *)string {    NSData *data = [string dataUsingEncoding:NSUTF8StringEncoding];    NSData *encryptedData = [self rsaEncryptData: data];    NSString *base64EncryptedString = [encryptedData base64EncodedStringWithOptions:NSDataBase64Encoding64CharacterLineLength];    return base64EncryptedString;}// 加密的大小受限于SecKeyEncrypt函数,SecKeyEncrypt要求明文和密钥的长度一致,如果要加密更长的内容,需要把内容按密钥长度分成多份,然后多次调用SecKeyEncrypt来实现- (NSData*)rsaEncryptData:(NSData*)data {    SecKeyRef key = [self getPublicKey];    const uint8_t *srcbuf = (const uint8_t *)[data bytes];    size_t srclen = (size_t)data.length;    size_t block_size = SecKeyGetBlockSize(key) * sizeof(uint8_t);    void *outbuf = malloc(block_size);    size_t src_block_size = block_size - 11;    NSMutableData *ret = [[NSMutableData alloc] init];    for(int idx = 0; idx < srclen; idx += src_block_size){//        NSLog(@"%d/%d block_size: %d", idx, (int)srclen, (int)block_size);        size_t data_len = srclen - idx;        if (data_len > src_block_size) {            data_len = src_block_size;        }        size_t outlen = block_size;        OSStatus status = noErr;        status = SecKeyEncrypt(key,                               kSecPaddingPKCS1,                               srcbuf + idx,                               data_len,                               outbuf,                               &outlen                               );        if (status != 0) {//0为成功            NSLog(@"SecKeyEncrypt fail. Error Code: %d", (int)status);            ret = nil;            break;        }else{            [ret appendBytes:outbuf length:outlen];        }    }    free(outbuf);    return ret;}
/** *  解密字符串 * *  @param string 密文 * *  @return 明文 */- (NSString *)rsaDecryptString:(NSString*)string {    NSData *data = [[NSData alloc] initWithBase64EncodedString:string options:NSDataBase64DecodingIgnoreUnknownCharacters];    NSData *decryptData = [self rsaDecryptData: data];    NSString *result = [[NSString alloc] initWithData:decryptData encoding:NSUTF8StringEncoding];    return result;}/** *  解密 * *  @param data 密文data * *  @return  明文data */- (NSData*)rsaDecryptData:(NSData*)data {    SecKeyRef key = [self getPrivateKey];    size_t cipherLen = [data length];    void *cipher = malloc(cipherLen);    [data getBytes:cipher length:cipherLen];    size_t plainLen = SecKeyGetBlockSize(key) - 12;    void *plain = malloc(plainLen);    OSStatus status = SecKeyDecrypt(key, kSecPaddingPKCS1, cipher, cipherLen, plain, &plainLen);    if (status != noErr) {        return nil;    }    NSData *decryptedData = [[NSData alloc] initWithBytes:(const void *)plain length:plainLen];    return decryptedData;}
    // 加载公钥、加密    EncryptTool *tool = [[EncryptTool alloc]init];     NSString *publicPath = [[NSBundle mainBundle]pathForResource:@"rsacert" ofType:@"der"]];    [tool loadPublicKeyFromFile:publicPath];    NSString *returnEncypt = [tool rsaEncryptString:encyptString];    NSLog(@"加密结果:%@",returnEncypt);    // 加载私钥、解密    NSString *privatePath = [[NSBundle mainBundle]pathForResource:@"p" ofType:@"p12"];    [tool loadPrivateKeyFromFile:privatePath password:@"123456"];    // 密码为p12文件的密码    NSString *returnDecrypt = [tool rsaDecryptString:returnEncypt];;    NSLog(@"解密结果:%@",returnDecrypt);
1 0
蓝洞游戏公司 知乎 蓝洞游戏公司 知乎
原创粉丝点击
热门IT博客
json encode 参数json encode 参数
网络教育取消网络教育取消
用棒针编织围巾的编程
贵州广电网络客服电话9
贰婶悟空歌词知乎
网络文章《自慰宝典》
h5 足球类小游戏源码
mysql中nvl函数用法
微信小程序 源码 提取
卢松松博客大全源码
java包的作用是什么
php一键安装
淘宝禁止好评返现
eclipse新建教程 java
知满天教育孙景民
2012服务器端口怎么开
企业级备份软件排名
mysql sql语句
mac 照片所在文件夹
tomcat 更新js 不生效
热门问题 老师的惩罚 人脸识别 我在镇武司摸鱼那些年 重生之率土为王 我在大康的咸鱼生活 盘龙之生命进化 天生仙种 凡人之先天五行 春回大明朝 姑娘不必设防,我是瞎子 小型微利企业所得税计算方法 小型微利企业条件 企业所得税小型微利企业 鼠标微动 鼠标换微动 燃气热水器微动开关更换图 榨汁机微动开关 雷蛇微动 微电机动平衡机 燃气热水器微动开关 欧姆龙微动 地狱狂蛇微动 微动涟漪的下一句 燃气灶微动开关 鼠标微动是什么 微动开关图片及型号 燃气灶微动开关更换图 蠢蠢欲动微胖界的小巨星 鼠标微动开关拆解图 热水器微动开关 微波炉 微动开关 微动 omron 安全期计算器微动版 炼狱蝰蛇侧键微动 微医生 微整医生 微整容医院 微医 微医集团 微医网上预约挂号 微医上挂号能看得上吗 微医电话预约号码 微医网挂号 下载微医 妙手医女巧当家 式微不归 医美微整 微医怎么样 上海微医挂号网 微医app 微医挂号

程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里