/**ios常见的几种加密方法: 普通的加密方法是讲密码进行加密后保存到用户偏好设置( [NSUserDefaults standardUserDefaults])中; 钥匙串加密是以明文形式保存,但是不知道存放的具体位置。 */
#pragma mark----钥匙串存储
*/ - (void)initSecurity{
//----使用第三方SFHFKeychainUtils-- //获取应用程序唯一标识-- NSString* bundleld = [NSBundle mainBundle].bundleIdentifier;
//引入头文件//#import "SFHFKeychainUtils.h"// //
//删除用户// [SFHFKeychainUtils deleteItemForUsername:userName andServiceName:ServiceName error:nil];// //
//存储账户密码// [SFHFKeychainUtils storeUsername:userName andPassword:passwordNew forServiceName:ServiceName updateExisting:YES error:nil];// //
//根据用户名取出密码// NSString *passWord = [SFHFKeychainUtils getPasswordForUsername:userName andServiceName:ServiceName error:nil]; }
#pragma mark----指纹识别
/*1.指纹识别功能实在iPhone5S之后推出的,SDK是iOS8.0推出的 2.目的:简化移动支付环节 --------使用步骤---- 1.倒入框架#import2.获得当前系统版本号
3.实例化指纹识别对象,判断当前设备是否支持指纹识别功能(是否带有TouchID)
*/
- (void)initLAthentication{
//获得当前系统版本号
float version = [UIDevice currentDevice].systemVersion.floatValue;
if (version < 8.0) {
NSLog(@"系统版本过低,请升级系统");
return;
}
//-----实例化指纹识别对象,判断当前设备是否支持指纹识别功能(是否带有TouchID)---
//1.实例化指纹识别对象
LAContext* laCon = [[LAContext alloc]init];
//判断当前设备是否支持指纹识别功能
if (![laCon canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:NULL]) {
//如果设备不支持指纹识别功能
NSLog(@"设备不支持指纹识别功能");
return;
}
//指纹登陆--默认是异步方法
[laCon evaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics localizedReason:@"指纹登陆" reply:^(BOOL success, NSError * _Nullable error) {
//如果成功,表示指纹输入正确
if (success) {
NSLog(@"指纹识别成功");
}else{
NSLog(@"指纹识别错误");
}
}];
}
#pragma mark----base64加密
/**
base64编码是现代密码学的基础
Base64加密:Base64加密因其算法和充当秘钥的索引表都是公开的,所以不属于加密算法。其本质是将"二进制"数据转换成字符串,方便使用HTTP协议,用于公开的代码加密、URL加密,防止数据明文传输
特点:编码完成后的结果,只有64个字符
*/
_______________________________________________________________
//Base64加密
- (NSString *)base64Encode:(NSString* )str{
//转化为二进制数据
NSData* data = [str dataUsingEncoding:NSUTF8StringEncoding];
//进行Base64加密
return [data base64EncodedStringWithOptions:0];
}
//Base64解密
- (NSString *)base64Decode:(NSString *)str{
NSData* data = [[NSData alloc]initWithBase64EncodedString:str options:0];
return [[NSString alloc]initWithData:data encoding:NSUTF8StringEncoding];
}
_____________________________________________________________
- (void)initBase64{
//1.将文件进行加密
NSString* path = [[NSBundle mainBundle]pathForResource:@"menu_default" ofType:@"png"];
//获取需要加密的文件的二进制数据
NSData* data = [NSData dataWithContentsOfFile:path];
/*
-------加密解密是只有NSData才能进行,所以要先把需要加密的数据转化为NSData类型
UIImage *img = [UIImage imageNamed:@"menu_default.png"];
// 图片转Data
NSData *data = UIImageJPEGRepresentation(img, 0.7);
-------字符串加密-----
// 字符串转Data
NSString *str = @"encode string";
// 字符串转成Data
NSData *data = [str dataUsingEncoding:NSUTF8StringEncoding];// 13 bytes
// 加密Data
NSData *encodeData = [data base64EncodedDataWithOptions:0];// 20 bytes
// 解密Data
NSData *decodeData = [[NSData alloc] initWithBase64EncodedData:encodeData options:0];// 13 bytes
// Data转字符串
NSString *decodeStr = [[NSString alloc] initWithData:decodeData encoding:NSUTF8StringEncoding];
NSLog(@"%@",decodeStr);// encode string
*/
//base64EncodedStringWithOptions--加密
NSData* base64Data = [data base64EncodedDataWithOptions:0];
//获取要存储的沙河目录的路径
NSArray* pathsArr = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);
NSString* docDir = [pathsArr objectAtIndex:0];
NSString* pathSave = [docDir stringByAppendingPathComponent:@"test.txt"];
//存储加密后的文件
[base64Data writeToFile:pathSave atomically:YES];
//获得加密后的二进制数据
NSData* baseSave64Data = [NSData dataWithContentsOfFile:pathSave];
//解密
NSData* baseData = [[NSData alloc]initWithBase64EncodedData:baseSave64Data options:0];
/*
总结:1.将文件menu_default.png进行base64位运算之后存储为test.txt,如果为jpg也是这样
2.将test.txt转化为menu_default.png;(无论起始为menu_default.png或menu_default.jpg)
3.// 将字符串 "hello" 进行 base 64 编码 结果:aGVsbG8=cho "hello" | base64
// 将 base64编码之后的结果 aGVsbG8= 反编码为字符串
echo aGVsbG8= | base64 -D
*/
UIImage* image = [UIImage imageWithData:baseData];
UIImageView* imageV = [[UIImageView alloc]init];
[self.view addSubview:imageV];
imageV.frame = CGRectMake(100, 100, 50, 50);
imageV.image = image;
}
iOS开发-Objective-c的AES加密和解密算法的实现
#import<Foundation/Foundation.h>
@interface Crypt : NSObject
//+(NSData *)AES256EncryptWithKey:(NSString *)key Encrypttext:(NSData *)text; //加密
+(NSData *)AES256EncrypData:(NSData *)text WithKey:(NSString *)key; //加密
+(NSData *)AES256DecryptData:(NSData *)text WithKey:(NSString *)key; //解密
+(NSString *) AES256Encrypt:(NSString *)text WithKey:(NSString *)key;//加密
+(NSString *) AES256Decrypt:(NSString *)text WithKey:(NSString *)key;//解密
@end
--------------------------------------------------------------------
#import "Crypt.h"
#import <CommonCrypto/CommonCryptor.h>
@implementation Crypt
+(NSData *)AES256EncrypData:(NSData *)text WithKey:(NSString *)key //加密
{
char keyPtr[kCCKeySizeAES256+1];
bzero(keyPtr, sizeof(keyPtr));
[key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];
NSUInteger dataLength = [text length];
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc(bufferSize);
size_t numBytesEncrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128,
kCCOptionPKCS7Padding | kCCOptionECBMode,
keyPtr, kCCBlockSizeAES128,
NULL,
[text bytes], dataLength,
buffer, bufferSize,
&numBytesEncrypted);
if (cryptStatus == kCCSuccess) {
return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
}
free(buffer);
return nil;
}
+(NSData *)AES256DecryptData:(NSData *)text WithKey:(NSString *)key //解密
{
char keyPtr[kCCKeySizeAES256+1];
bzero(keyPtr, sizeof(keyPtr));
[key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];
NSUInteger dataLength = [text length];
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc(bufferSize);
size_t numBytesDecrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmAES128,
kCCOptionPKCS7Padding | kCCOptionECBMode,
keyPtr, kCCBlockSizeAES128,
NULL,
[text bytes], dataLength,
buffer, bufferSize,
&numBytesDecrypted);
if (cryptStatus == kCCSuccess) {
return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];
}
free(buffer);
return nil;
}
+(NSString *) AES256Encrypt:(NSString *)text WithKey:(NSString *)key
{
const char *cstr = [text cStringUsingEncoding:NSUTF8StringEncoding];
NSData *data = [NSData dataWithBytes:cstr length:text.length];
//对数据进行加密
NSData *result = [Crypt AES256EncrypData:data WithKey:key];
//转换为2进制字符串
if (result && result.length > 0) {
Byte *datas = (Byte*)[result bytes];
NSMutableString *output = [NSMutableString stringWithCapacity:result.length * 2];
for(int i = 0; i < result.length; i++){
[output appendFormat:@"%02x", datas[i]];
}
return output;
}
return nil;
}
+(NSString *) AES256Decrypt:(NSString *)text WithKey:(NSString *)key{
//转换为2进制Data
NSMutableData *data = [NSMutableData dataWithCapacity:text.length / 2];
unsigned char whole_byte;
char byte_chars[3] = {'\0','\0','\0'};
int i;
for (i=0; i < [text length] / 2; i++) {
byte_chars[0] = [text characterAtIndex:i*2];
byte_chars[1] = [text characterAtIndex:i*2+1];
whole_byte = strtol(byte_chars, NULL, 16);
[data appendBytes:&whole_byte length:1];
}
//对数据进行解密
NSData* result = [Crypt AES256DecryptData:data WithKey:key];
if (result && result.length > 0) {
return [[NSString alloc] initWithData:result encoding:NSUTF8StringEncoding];
}
return nil;
}
@end
-------------用法------------------------
// NSString* GHD = [Crypt AES256Encrypt:@"value" WithKey:@"key"];
// NSString* sdf = [Crypt AES256Decrypt:GHD WithKey:@"key"];
// NSLog(@"sdf---%@",sdf);
//
// NSLog(@"%@",GHD);
//
NSData* DATA = [Crypt AES256EncrypData:[@"asd" dataUsingEncoding:NSUTF8StringEncoding] WithKey:@"KEY"];
NSData* XC = [Crypt AES256DecryptData:DATA WithKey:@"KEY"];
NSString* str = [[NSString alloc]initWithData:XC encoding:NSUTF8StringEncoding];
NSLog(@"%@",str);
iOS------MD5加密
-------------------------具体实现------------------------
#import <Foundation/Foundation.h>
@interface MD5Crypt : NSObject
/**
* MD5加密, 32位 小写
*
* @param str 传入要加密的字符串
*
* @return 返回加密后的字符串
*/
+(NSString *)MD5ForLower32Bate:(NSString *)str;
/**
* MD5加密, 32位 大写
*
* @param str 传入要加密的字符串
*
* @return 返回加密后的字符串
*/
+(NSString *)MD5ForUpper32Bate:(NSString *)str;
/**
* MD5加密, 16位 小写
*
* @param str 传入要加密的字符串
*
* @return 返回加密后的字符串
*/
+(NSString *)MD5ForLower16Bate:(NSString *)str;
/**
* MD5加密, 16位 大写
*
* @param str 传入要加密的字符串
*
* @return 返回加密后的字符串
*/
+(NSString *)MD5ForUpper16Bate:(NSString *)str;
@end
-------------------------------------------------
#import "MD5Crypt.h"
#import <CommonCrypto/CommonCrypto.h>
@implementation MD5Crypt
#pragma mark - 32位 小写
+(NSString *)MD5ForLower32Bate:(NSString *)str{
//要进行UTF8的转码
const char* input = [str UTF8String];
unsigned char result[CC_MD5_DIGEST_LENGTH];
CC_MD5(input, (CC_LONG)strlen(input), result);
NSMutableString *digest = [NSMutableString stringWithCapacity:CC_MD5_DIGEST_LENGTH * 2];
for (NSInteger i = 0; i < CC_MD5_DIGEST_LENGTH; i++) {
[digest appendFormat:@"%02x", result[i]];
}
return digest;
}
#pragma mark - 32位 大写
+(NSString *)MD5ForUpper32Bate:(NSString *)str{
//要进行UTF8的转码
const char* input = [str UTF8String];
unsigned char result[CC_MD5_DIGEST_LENGTH];
CC_MD5(input, (CC_LONG)strlen(input), result);
NSMutableString *digest = [NSMutableString stringWithCapacity:CC_MD5_DIGEST_LENGTH * 2];
for (NSInteger i = 0; i < CC_MD5_DIGEST_LENGTH; i++) {
[digest appendFormat:@"%02X", result[i]];
}
return digest;
}
#pragma mark - 16位 大写
+(NSString *)MD5ForUpper16Bate:(NSString *)str{
NSString *md5Str = [self MD5ForUpper32Bate:str];
NSString *string;
for (int i=0; i<24; i++) {
string=[md5Str substringWithRange:NSMakeRange(8, 16)];
}
return string;
}
#pragma mark - 16位 小写
+(NSString *)MD5ForLower16Bate:(NSString *)str{
NSString *md5Str = [self MD5ForLower32Bate:str];
NSString *string;
for (int i=0; i<24; i++) {
string=[md5Str substringWithRange:NSMakeRange(8, 16)];
}
return string;
}
@end
-----------------用法-------------------------
NSString *str1 = [MD5Crypt MD5ForLower16Bate:@"123456"];
NSLog(@"小写16位:%@", str1);
NSString *str2 = [MD5Crypt MD5ForLower32Bate:@"123456"];
NSLog(@"小写32位:%@", str2);
NSString *str3 = [MD5Crypt MD5ForUpper16Bate:@"123456"];
NSLog(@"大写16位:%@", str3);
NSString *str4 = [MD5Crypt MD5ForUpper32Bate:@"123456"];
NSLog(@"大写32位:%@", str4);
/*
因为MD5生成的简单字符串会被轻易的破解,所以要对她进行改进
1.加盐(Salt):
在明文的固定位置插入随机串,然后在进行MD5
*/
NSString* salt = @"salt";
NSString *str5 = [MD5Crypt MD5ForUpper32Bate:[@"123456" stringByAppendingString:salt]];
NSLog(@"大写32位:%@", str5);
注:加的盐必须足够长,足够保密或者可以计入时间戳
iOS--DES加解密
#import<Foundation/Foundation.h>
@interface DESCrypt : NSObject
/******************************************************************************
函数名称 : + (NSData *)DESEncrypt:(NSData *)data WithKey:(NSString *)key
函数描述 : 文本数据进行DES加密
输入参数 : (NSData *)data
(NSString *)key
输出参数 : N/A
返回参数 : (NSData *)
备注信息 : 此函数不可用于过长文本
******************************************************************************/
+ (NSData *)DESEncrypt:(NSData *)data WithKey:(NSString *)key;//加密
/******************************************************************************
函数名称 : + (NSData *)DESEncrypt:(NSData *)data WithKey:(NSString *)key
函数描述 : 文本数据进行DES解密
输入参数 : (NSData *)data
(NSString *)key
输出参数 : N/A
返回参数 : (NSData *)
备注信息 : 此函数不可用于过长文本
******************************************************************************/
+ (NSData *)DESDecrypt:(NSData *)data WithKey:(NSString *)key;//解密
/******************************************************************************
函数名称 :+ (NSString *)DESEncrypt:(NSString *)str withKey:(NSString *)key
函数描述 : 文本数据进行DES加密
输入参数 : NSString *)str
(NSString *)key
输出参数 : N/A
返回参数 : NSString *)
备注信息 : 此函数不可用于过长文本
******************************************************************************/
+ (NSString *)DESEncrypt:(NSString *)str withKey:(NSString *)key;//加密
/******************************************************************************
函数名称 :+ (NSString *)DESDecrypt:(NSString *)str withKey:(NSString *)key
函数描述 : 文本数据进行DES解密
输入参数 : NSString *)str
(NSString *)key
输出参数 : N/A
返回参数 : NSString *)
备注信息 : 此函数不可用于过长文本
******************************************************************************/
+ (NSString *)DESDecrypt:(NSString *)str withKey:(NSString *)key;//解密
@end
-------------------------------------
#import "DESCrypt.h"
#import <CommonCrypto/CommonCryptor.h>
@implementation DESCrypt
#pragma mark------加密
+ (NSData *)DESEncrypt:(NSData *)data WithKey:(NSString *)key
{
char keyPtr[kCCKeySizeAES256+1];
bzero(keyPtr, sizeof(keyPtr));
[key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];
NSUInteger dataLength = [data length];
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc(bufferSize);
size_t numBytesEncrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmDES,
kCCOptionPKCS7Padding | kCCOptionECBMode,
keyPtr, kCCBlockSizeDES,
NULL,
[data bytes], dataLength,
buffer, bufferSize,
&numBytesEncrypted);
if (cryptStatus == kCCSuccess) {
return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
}
free(buffer);
return nil;
}
#pragma mark---解密
+ (NSData *)DESDecrypt:(NSData *)data WithKey:(NSString *)key
{
char keyPtr[kCCKeySizeAES256+1];
bzero(keyPtr, sizeof(keyPtr));
[key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];
NSUInteger dataLength = [data length];
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc(bufferSize);
size_t numBytesDecrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmDES,
kCCOptionPKCS7Padding | kCCOptionECBMode,
keyPtr, kCCBlockSizeDES,
NULL,
[data bytes], dataLength,
buffer, bufferSize,
&numBytesDecrypted);
if (cryptStatus == kCCSuccess) {
return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];
}
free(buffer);
return nil;
}
#pragma mark----加密
+ (NSString *)DESEncrypt:(NSString *)str withKey:(NSString *)key{
NSData* data = [DESCrypt DESEncrypt:[str dataUsingEncoding:NSUTF8StringEncoding] WithKey:key];
return [[NSString alloc]initWithData:data encoding:NSUTF8StringEncoding];
}
#pragma mark---解密
+ (NSString *)DESDecrypt:(NSString *)str withKey:(NSString *)key{
NSData* data = [DESCrypt DESDecrypt:[str dataUsingEncoding:NSUTF8StringEncoding] WithKey:key];
return [[NSString alloc]initWithData:data encoding:NSUTF8StringEncoding];
}
@end
---------------------用法-----
// NSData* data = [DESCrypt DESEncrypt:[@"123" dataUsingEncoding:NSUTF8StringEncoding] WithKey:@"123"];
// NSData* data1 = [DESCrypt DESDecrypt:data WithKey:@"123"];
// NSLog(@"%@",[[NSString alloc]initWithData:data1 encoding:NSUTF8StringEncoding]);
base64和DES的结合
//Base64加密
- (NSString *)base64Encode:(NSString* )str{
//取项目的bundleIdentifier作为KEY
NSString *key = [[NSBundle mainBundle] bundleIdentifier];
//转化为二进制数据
NSData* data = [str dataUsingEncoding:NSUTF8StringEncoding];
data = [DESCrypt DESEncrypt:[@"123" dataUsingEncoding:NSUTF8StringEncoding] WithKey:key];
//进行Base64加密
return [data base64EncodedStringWithOptions:0];
}
//Base64解密
- (NSString *)base64Decode:(NSString *)str{
NSString *key = [[NSBundle mainBundle] bundleIdentifier];
NSData* data = [[NSData alloc]initWithBase64EncodedString:str options:0];
data = [DESCrypt DESDecrypt:data WithKey:key];
return [[NSString alloc]initWithData:data encoding:NSUTF8StringEncoding];
}
------------------用法----------------
NSString* str = [self base64Encode:@"123"];
NSLog(@"%@",str);
NSString* str1 = [self base64Decode:str];
NSLog(@"%@",str1);
iOS------RSA加密
在iOS中使用RSA加密解密,需要用到.der和.p12后缀格式的文件,其中.der格式的文件存放的是公钥(Public key)用于加密,.p12格式的文件存放的是私钥(Private key)用于解密
对于比较敏感的数据,如用户信息(登陆、注册等),客户端发送使用RSA加密,服务器返回使用DES(AES)加密,使用RSA进行数字签名,可以起到防篡改的作用;客户端之所以使用RSA加密,是因为RSA解密需要知道服务器私钥,而服务器私钥一般盗取难度较大
RSA使用公钥加密、私钥解密
一、使用openssl生成所需秘钥文件
生成环境是在mac系统下,使用openssl进行生成,首先打开终端,按下面这些步骤依次来做:
1. 生成模长为1024bit的私钥文件private_key.pem
openssl genrsa -out private_key.pem 1024
2. 生成证书请求文件rsaCertReq.csr
openssl req -new -key private_key.pem -out rsaCerReq.csr
注意:这一步会提示输入国家、省份、mail等信息,可以根据实际情况填写,或者全部不用填写,直接全部敲回车.
3. 生成证书rsaCert.crt,并设置有效时间为1年
openssl x509 -req -days 3650 -in rsaCerReq.csr -signkey private_key.pem -out rsaCert.crt
4. 生成供iOS使用的公钥文件public_key.der
openssl x509 -outform der -in rsaCert.crt -out public_key.der
5. 生成供iOS使用的私钥文件private_key.p12
openssl pkcs12 -export -out private_key.p12 -inkey private_key.pem -in rsaCert.crt
注意:这一步会提示给私钥文件设置密码,直接输入想要设置密码即可,然后敲回车,然后再验证刚才设置的密码,再次输入密码,然后敲回车,完毕!
在解密时,private_key.p12文件需要和这里设置的密码配合使用,因此需要牢记此密码.
6. 生成供Java使用的公钥rsa_public_key.pem
openssl rsa -in private_key.pem -out rsa_public_key.pem -pubout
7. 生成供Java使用的私钥pkcs8_private_key.pem
openssl pkcs8 -topk8 -in private_key.pem -out pkcs8_private_key.pem -nocrypt
全部执行成功后,会生成如下文件,其中public_key.der和private_key.p12就是iOS需要用到的文件,如下图:
二、将文件导入工程使用
1.新建工程, 并导入Security.framework框架, 如下图:
2.导入秘钥文件
导入.der和.p12格式的秘钥文件, 如下图:
3.新建用于加密、解密的类RSAEncryptor, 并实现相关方法
#import <Foundation/Foundation.h>
@interfaceRSAEncryptor:NSObject/**
* 加密方法
*
* @param str 需要加密的字符串
* @param path '.der'格式的公钥文件路径
*/+ (NSString*)encryptString:(NSString*)str publicKeyWithContentsOfFile:(NSString*)path;/**
* 解密方法
*
* @param str 需要解密的字符串
* @param path '.p12'格式的私钥文件路径
* @param password 私钥文件密码
*/+ (NSString*)decryptString:(NSString*)str privateKeyWithContentsOfFile:(NSString*)path password:(NSString*)password;/**
* 加密方法
*
* @param str 需要加密的字符串
* @param pubKey 公钥字符串
*/+ (NSString*)encryptString:(NSString*)str publicKey:(NSString*)pubKey;/**
* 解密方法
*
* @param str 需要解密的字符串
* @param privKey 私钥字符串
*/+ (NSString*)decryptString:(NSString*)str privateKey:(NSString*)privacy;
@end
------------------------------------------------------------
#import "RSAEncryptor.h"
#import<Security/Security.h>
@implementation RSAEncryptor
staticNSString*base64_encode_data(NSData*data){
data = [data base64EncodedDataWithOptions:0];
NSString*ret = [[NSStringalloc] initWithData:data encoding:NSUTF8StringEncoding];return ret;
}
staticNSData*base64_decode(NSString*str){
NSData*data = [[NSDataalloc] initWithBase64EncodedString:str options:NSDataBase64DecodingIgnoreUnknownCharacters];
return data;
}
#pragma mark - 使用'.der'公钥文件加密
+ (NSString *)encryptString:(NSString *)str publicKeyWithContentsOfFile:(NSString *)path{
if (!str || !path) return nil;
return [self encryptString:str publicKeyRef:[self getPublicKeyRefWithContentsOfFile:path]];
}
//获取公钥
+ (SecKeyRef)getPublicKeyRefWithContentsOfFile:(NSString*)filePath{
NSData*certData = [NSDatadataWithContentsOfFile:filePath];
if(!certData) {
return nil;
}
SecCertificateRef cert = SecCertificateCreateWithData(NULL, (CFDataRef)certData); SecKeyRef key =NULL;
SecTrustRef trust =NULL;
SecPolicyRef policy =NULL;
if(cert !=NULL) {
policy = SecPolicyCreateBasicX509();
if(policy) {
if(SecTrustCreateWithCertificates((CFTypeRef)cert, policy, &trust) == noErr) { SecTrustResultType result;
if(SecTrustEvaluate(trust, &result) == noErr) {
key = SecTrustCopyPublicKey(trust);
} } } }
if(policy)CFRelease(policy);
if(trust)CFRelease(trust);
if(cert)CFRelease(cert);
return key;}
+ (NSString*)encryptString:(NSString*)str publicKeyRef:(SecKeyRef)publicKeyRef{
if(![str dataUsingEncoding:NSUTF8StringEncoding])
{returnnil; }
if(!publicKeyRef)
{returnnil; }
NSData*data = [selfencryptData:[str dataUsingEncoding:NSUTF8StringEncoding] withKeyRef:publicKeyRef];
NSString*ret = base64_encode_data(data);
return ret;}
#pragma mark - 使用'.12'私钥文件解密//解密
+ (NSString*)decryptString:(NSString*)str privateKeyWithContentsOfFile:(NSString*)path password:(NSString*)password{
if(!str || !path)returnnil;if(!password) password =@"";
return[selfdecryptString:str privateKeyRef:[selfgetPrivateKeyRefWithContentsOfFile:path password:password]];
}
//获取私钥
+ (SecKeyRef)getPrivateKeyRefWithContentsOfFile:(NSString*)filePath password:(NSString*)password{
NSData*p12Data = [NSDatadataWithContentsOfFile:filePath];
if(!p12Data) {
return nil;
}
SecKeyRef privateKeyRef =NULL;
NSMutableDictionary* options = [[NSMutableDictionaryalloc] init];
[options setObject: password forKey:(__bridgeid)kSecImportExportPassphrase];
CFArrayRefitems =CFArrayCreate(NULL,0,0,NULL);
OSStatus securityError = SecPKCS12Import((__bridgeCFDataRef) p12Data, (__bridgeCFDictionaryRef)options, &items);
if(securityError == noErr &&CFArrayGetCount(items) >0) {
CFDictionaryRefidentityDict =CFArrayGetValueAtIndex(items,0);
SecIdentityRef identityApp = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity);
securityError = SecIdentityCopyPrivateKey(identityApp, &privateKeyRef);
if(securityError != noErr) {
privateKeyRef =NULL; } }
CFRelease(items);
return privateKeyRef;}
+ (NSString*)decryptString:(NSString*)str privateKeyRef:(SecKeyRef)privKeyRef{
NSData*data = [[NSDataalloc] initWithBase64EncodedString:str options:NSDataBase64DecodingIgnoreUnknownCharacters];
if(!privKeyRef) {
return nil;
}
data = [selfdecryptData:data withKeyRef:privKeyRef];
NSString*ret = [[NSStringalloc] initWithData:data encoding:NSUTF8StringEncoding];returner;}
#pragma mark - 使用公钥字符串加密
/* START: Encryption with RSA public key *///使用公钥字符串加密
+ (NSString*)encryptString:(NSString*)str publicKey:(NSString*)pubKey{
NSData*data = [selfencryptData:[str dataUsingEncoding:NSUTF8StringEncoding] publicKey:pubKey];
NSString*ret = base64_encode_data(data);returner;}
+ (NSData*)encryptData:(NSData*)data publicKey:(NSString*)pubKey{
if(!data || !pubKey){returning;
}
SecKeyRef keyRef = [selfaddPublicKey:pubKey];if(!keyRef){
return nil;
}
return[selfencryptData:data withKeyRef:keyRef];}
+ (SecKeyRef)addPublicKey:(NSString*)key{
NSRangespos = [key rangeOfString:@"-----BEGIN PUBLIC KEY-----"];
NSRangeepos = [key rangeOfString:@"-----END PUBLIC KEY-----"];
if(spos.location !=NSNotFound&& epos.location !=NSNotFound){NSUIntegers = spos.location + spos.length;
NSUIntegere = epos.location;NSRangerange =NSMakeRange(s, e-s);
key = [key substringWithRange:range]; }
key = [key stringByReplacingOccurrencesOfString:@"\r"withString:@""];
key = [key stringByReplacingOccurrencesOfString:@"\n"withString:@""];
key = [key stringByReplacingOccurrencesOfString:@"\t"withString:@""];
key = [key stringByReplacingOccurrencesOfString:@" "withString:@""];// This will be base64 encoded, decode it.NSData*data = base64_decode(key);
data = [selfstripPublicKeyHeader:data];if(!data){return nil;
}
//a tag to read/write keychain storage
NSString*tag =@"RSAUtil_PubKey";
NSData*d_tag = [NSDatadataWithBytes:[tag UTF8String] length:[tag length]];
// Delete any old lingering key with the same tag
NSMutableDictionary*publicKey = [[NSMutableDictionaryalloc] init];
[publicKey setObject:(__bridgeid) kSecClassKey forKey:(__bridgeid)kSecClass]; [publicKey setObject:(__bridgeid) kSecAttrKeyTypeRSA forKey:(__bridgeid)kSecAttrKeyType];
[publicKey setObject:d_tag forKey:(__bridgeid)kSecAttrApplicationTag]; SecItemDelete((__bridgeCFDictionaryRef)publicKey);
// Add persistent version of the key to system keychain
[publicKey setObject:data forKey:(__bridgeid)kSecValueData];
[publicKey setObject:(__bridgeid) kSecAttrKeyClassPublic forKey:(__bridgeid) kSecAttrKeyClass];
[publicKey setObject:[NSNumbernumberWithBool:YES] forKey:(__bridgeid) kSecReturnPersistentRef];
CFTypeRefpersistKey =nil;
OSStatus status = SecItemAdd((__bridgeCFDictionaryRef)publicKey, &persistKey);if(persistKey !=nil){CFRelease(persistKey);
}
if((status != noErr) && (status != errSecDuplicateItem)) {returnnil; }
[publicKey removeObjectForKey:(__bridgeid)kSecValueData];
[publicKey removeObjectForKey:(__bridgeid)kSecReturnPersistentRef];
[publicKey setObject:[NSNumbernumberWithBool:YES] forKey:(__bridgeid)kSecReturnRef];
[publicKey setObject:(__bridgeid) kSecAttrKeyTypeRSA forKey:(__bridgeid)kSecAttrKeyType];
// Now fetch the SecKeyRef version of the keySecKeyRef
keyRef =nil;
status = SecItemCopyMatching((__bridgeCFDictionaryRef)publicKey, (CFTypeRef*)&keyRef);if(status != noErr){returnnil; }returnkeyRef;}
+ (NSData*)stripPublicKeyHeader:(NSData*)d_key{
// Skip ASN.1 public key header
if(d_key ==nil)return(nil);
unsignedlonglen = [d_key length];if(!len)return(nil);
unsignedchar*c_key = (unsignedchar*)[d_key bytes];unsignedintidx =0;
if(c_key[idx++] !=0x30)return(nil);
if(c_key[idx] >0x80) idx += c_key[idx] -0x80+1;elseidx++;
// PKCS #1 rsaEncryption szOID_RSA_RSA
staticunsignedcharseqiod[] = {0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00};
if(memcmp(&c_key[idx], seqiod,15))return(nil);
idx +=15;
if(c_key[idx++] !=0x03)return(nil);
if(c_key[idx] >0x80) idx += c_key[idx] -0x80+1;elseidx++;
if(c_key[idx++] !='\0')return(nil);
// Now make a new NSData from this buffer
return([NSDatadataWithBytes:&c_key[idx] length:len - idx]);}
+ (NSData*)encryptData:(NSData*)data withKeyRef:(SecKeyRef) keyRef{
constuint8_t *srcbuf = (constuint8_t *)[data bytes];
size_t srclen = (size_t)data.length;
size_t block_size = SecKeyGetBlockSize(keyRef) *sizeof(uint8_t);
void*outbuf = malloc(block_size);
size_t src_block_size = block_size -11;
NSMutableData*ret = [[NSMutableDataalloc] init];for(intidx=0; idx src_block_size){ data_len = src_block_size; }
size_t outlen = block_size;
OSStatus status = noErr;
status = SecKeyEncrypt(keyRef, kSecPaddingPKCS1, srcbuf + idx, data_len, outbuf, &outlen );if(status !=0) {
NSLog(@"SecKeyEncrypt fail. Error Code: %d", status);
ret =nil;break; }else{
[ret appendBytes:outbuf length:outlen]; } } free(outbuf);CFRelease(keyRef);returner;}
/* END: Encryption with RSA public key */
#pragma mark - 使用私钥字符串解密
/* START: Decryption with RSA private key *///使用私钥字符串解密
+ (NSString*)decryptString:(NSString*)str privateKey:(NSString*)privacy{
if(!str)return nil;
NSData*data = [[NSDataalloc] initWithBase64EncodedString:str options:NSDataBase64DecodingIgnoreUnknownCharacters];
data = [selfdecryptData:data privateKey:privKey];
NSString*ret = [[NSStringalloc] initWithData:data encoding:NSUTF8StringEncoding];returner;}
+ (NSData*)decryptData:(NSData*)data privateKey:(NSString*)privacy{
if(!data || !privKey){returnnil; }
SecKeyRef keyRef = [selfaddPrivateKey:privKey];
if(!keyRef){return nil;
}
return[selfdecryptData:data withKeyRef:keyRef];}
+ (SecKeyRef)addPrivateKey:(NSString*)key{
NSRangespos = [key rangeOfString:@"-----BEGIN RSA PRIVATE KEY-----"];
NSRangeepos = [key rangeOfString:@"-----END RSA PRIVATE KEY-----"];
if(spos.location !=NSNotFound&& epos.location !=NSNotFound){NSUIntegers = spos.location + spos.length;
NSUIntegere = epos.location;NSRangerange =NSMakeRange(s, e-s);
key = [key substringWithRange:range]; }
key = [key stringByReplacingOccurrencesOfString:@"\r"withString:@""];
key = [key stringByReplacingOccurrencesOfString:@"\n"withString:@""];
key = [key stringByReplacingOccurrencesOfString:@"\t"withString:@""];
key = [key stringByReplacingOccurrencesOfString:@" "withString:@""];
// This will be base64 encoded, decode it.NSData*data = base64_decode(key);
data = [selfstripPrivateKeyHeader:data];if(!data){return nil;
}
//a tag to read/write keychain storage
NSString*tag =@"RSAUtil_PrivKey";
NSData*d_tag = [NSDatadataWithBytes:[tag UTF8String] length:[tag length]];
// Delete any old lingering key with the same tag
NSMutableDictionary*privateKey = [[NSMutableDictionaryalloc] init];
[privateKey setObject:(__bridgeid) kSecClassKey forKey:(__bridgeid)kSecClass]; [privateKey setObject:(__bridgeid) kSecAttrKeyTypeRSA forKey:(__bridgeid)kSecAttrKeyType];
[privateKey setObject:d_tag forKey:(__bridgeid)kSecAttrApplicationTag]; SecItemDelete((__bridgeCFDictionaryRef)privateKey);
// Add persistent version of the key to system keychain
[privateKey setObject:data forKey:(__bridgeid)kSecValueData];
[privateKey setObject:(__bridgeid) kSecAttrKeyClassPrivate forKey:(__bridgeid) kSecAttrKeyClass];
[privateKey setObject:[NSNumbernumberWithBool:YES] forKey:(__bridgeid) kSecReturnPersistentRef];
CFTypeRefpersistKey =nil;
OSStatus status = SecItemAdd((__bridgeCFDictionaryRef)privateKey, &persistKey);
if(persistKey !=nil){CFRelease(persistKey); }
if((status != noErr) && (status != errSecDuplicateItem)) {return nil;
}
[privateKey removeObjectForKey:(__bridgeid)kSecValueData];
[privateKey removeObjectForKey:(__bridgeid)kSecReturnPersistentRef];
[privateKey setObject:[NSNumbernumberWithBool:YES] forKey:(__bridgeid)kSecReturnRef];
[privateKey setObject:(__bridgeid) kSecAttrKeyTypeRSA forKey:(__bridgeid)kSecAttrKeyType];
// Now fetch the SecKeyRef version of the keySecKeyRef
keyRef =nil;
status = SecItemCopyMatching((__bridgeCFDictionaryRef)privateKey, (CFTypeRef*)&keyRef);if(status != noErr){return nil; }
return keyRef;}
+ (NSData*)stripPrivateKeyHeader:(NSData*)d_key{
// Skip ASN.1 private key header
if(d_key ==nil)return(nil);
unsignedlonglen = [d_key length];if(!len)return(nil);
unsignedchar*c_key = (unsignedchar*)[d_key bytes];unsignedintidx =22;
//magic byte at offset 22
if(0x04!= c_key[idx++])return nil;
//calculate length of the key
unsignedintc_len = c_key[idx++];
intdet = c_len &0x80;
if(!det) {
c_len = c_len &0x7f; }
else{
intbyteCount = c_len &0x7f;
if(byteCount + idx > len)
{
//rsa length field longer than buffer
return nil;
}
unsignedintaccum =0;
unsignedchar*ptr = &c_key[idx];
idx += byteCount;
while(byteCount) {
accum = (accum <<8) + *ptr;
ptr++;
byteCount--; }
c_len = accum; }
// Now make a new NSData from this buffer return
[d_key subdataWithRange:NSMakeRange(idx, c_len)];}
+ (NSData*)decryptData:(NSData*)data withKeyRef:(SecKeyRef) keyRef{
constuint8_t *srcbuf = (constuint8_t *)[data bytes];
size_t srclen = (size_t)data.length;
size_t block_size = SecKeyGetBlockSize(keyRef) *sizeof(uint8_t);
UInt8*outbuf = malloc(block_size);
size_t src_block_size = block_size;
NSMutableData*ret = [[NSMutableDataalloc] init];for(intidx=0; idx src_block_size){ data_len = src_block_size; }
size_t outlen = block_size;
OSStatus status = noErr;
status = SecKeyDecrypt(keyRef, kSecPaddingNone, srcbuf + idx, data_len, outbuf, &outlen );
if(status !=0) {
NSLog(@"SecKeyEncrypt fail. Error Code: %d", status);
ret =nil;break; }
else{
//the actual decrypted data is in the middle, locate it!
int idxFirstZero =-1;
int idxNextZero = (int)outlen;for(inti =0; i < outlen; i++ ) {
if( outbuf[i] ==0) {
if( idxFirstZero <0) {
idxFirstZero = i;
}else{
idxNextZero = i;
break;
} } }
[ret appendBytes:&outbuf[idxFirstZero+1] length:idxNextZero-idxFirstZero-1];
} }
free(outbid);
CFRelease(keyRef);
return ret;}
/* END: Decryption with RSA private key */@end
4. 测试加密、解密
首先先测试使用.der和.p12秘钥文件进行加密、解密, 在ViewController.m中进行测试, 代码如下:
#import"ViewController.h"
#import"RSAEncryptor.h"
@interfaceViewController()
@end
@implementationViewController
- (void)viewDidLoad {
[superviewDidLoad];
//原始数据
NSString*originalString =@"这是一段将要使用'.der'文件加密的字符串!";
//使用.der和.p12中的公钥私钥加密解密
NSString*public_key_path = [[NSBundlemainBundle] pathForResource:@"public_key.der"ofType:nil];
NSString*private_key_path = [[NSBundlemainBundle] pathForResource:@"private_key.p12"ofType:nil];
NSString*encryptStr = [RSAEncryptor encryptString:originalString publicKeyWithContentsOfFile:public_key_path];NSLog(@"加密前:%@", originalString);
NSLog(@"加密后:%@", encryptStr);
NSLog(@"解密后:%@", [RSAEncryptor decryptString:encryptStr privateKeyWithContentsOfFile:private_key_path password:@"123456"]);}
- (void)didReceiveMemoryWarning {
[superdidReceiveMemoryWarning];
// Dispose of any resources that can be recreated.
}
@end