我需要一些有关Swift中加密的帮助。我一直在搜索有关RSA加密的很多内容。
我们有一个从后端服务器生成的公共密钥,我们需要使用该密钥对将再次传递回后端服务器的秘密消息进行加密。
我能够找到RSA加密库,但是由于我们的公钥是在ASN.1中编码的,因此恐怕会遇到问题。
更新:
以下是我们的实际代码。我们尝试使用来自服务器的ASN.1编码的公共密钥对消息进行加密。问题是,我们的后端服务器要求加密的密码为十六进制值,尽管我已经这样做了,但是我们的后端无法解密消息。
+ (SecKeyRef) setPublicKey: (NSString *) keyAsBase64 {
/* First decode the Base64 string */
NSData * rawFormattedKey = base64_decode(keyAsBase64);
/* Now strip the uncessary ASN encoding guff at the start */
unsigned char * bytes = (unsigned char *)[rawFormattedKey bytes];
size_t bytesLen = [rawFormattedKey length];
/* Strip the initial stuff */
size_t i = 0;
if (bytes[i++] != 0x30)
return FALSE;
/* Skip size bytes */
if (bytes[i] > 0x80)
i += bytes[i] - 0x80 + 1;
else
i++;
if (i >= bytesLen)
return FALSE;
if (bytes[i] != 0x30)
return FALSE;
/* Skip OID */
i += 15;
if (i >= bytesLen - 2)
return FALSE;
if (bytes[i++] != 0x03)
return FALSE;
/* Skip length and null */
if (bytes[i] > 0x80)
i += bytes[i] - 0x80 + 1;
else
i++;
if (i >= bytesLen)
return FALSE;
if (bytes[i++] != 0x00)
return FALSE;
if (i >= bytesLen)
return FALSE;
/* Here we go! */
NSData * extractedKey = [NSData dataWithBytes:&bytes[i] length:bytesLen - i];
/* Load as a key ref */
OSStatus error = noErr;
CFTypeRef persistPeer = NULL;
static const UInt8 publicKeyIdentifier[] = "com.our.key";
NSData * refTag = [[NSData alloc] initWithBytes:publicKeyIdentifier length:sizeof(publicKeyIdentifier)];
NSMutableDictionary * keyAttr = [[NSMutableDictionary alloc] init];
/* First we delete any current keys */
[keyAttr setObject:(__bridge id)kSecClassKey forKey:(__bridge id)kSecClass];
[keyAttr setObject:(__bridge id)kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];
[keyAttr setObject:refTag forKey:(__bridge id)kSecAttrApplicationTag];
error = SecItemDelete((__bridge CFDictionaryRef) keyAttr);
[keyAttr setObject:extractedKey forKey:(__bridge id)kSecValueData];
[keyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecReturnPersistentRef];
error = SecItemAdd((__bridge CFDictionaryRef) keyAttr, (CFTypeRef *)&persistPeer);
CFRelease(persistPeer);
/* Now we extract the real ref */
SecKeyRef publicKeyRef = nil;
[keyAttr removeAllObjects];
[keyAttr setObject:(__bridge id)kSecClassKey forKey:(__bridge id)kSecClass];
[keyAttr setObject:refTag forKey:(__bridge id)kSecAttrApplicationTag];
[keyAttr setObject:(__bridge id)kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];
[keyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecReturnRef];
// Get the persistent key reference.
error = SecItemCopyMatching((__bridge CFDictionaryRef)keyAttr, (CFTypeRef *)&publicKeyRef);
if (publicKeyRef == nil || ( error != noErr && error != errSecDuplicateItem)) {
NSLog(@"Error retrieving public key reference from chain");
return FALSE;
}
return publicKeyRef;
}
+(NSString* )encryptWithPublicKey:(NSString*)key input:(NSString*) input {
const size_t BUFFER_SIZE = 16;
const size_t CIPHER_BUFFER_SIZE = 16;
const uint32_t PKCS1 = kSecPaddingPKCS1;
SecKeyRef publicKey = [self setPublicKey:key];
NSData *crypted = nil;
NSData *rawinput = [input dataUsingEncoding:NSUTF8StringEncoding];
NSString *theInput = [self base64forData:rawinput];
NSData *data = [theInput dataUsingEncoding:NSUTF8StringEncoding];
uint8_t *srcbuf;
srcbuf = (uint8_t *)calloc(BUFFER_SIZE, sizeof(uint8_t));
srcbuf = (uint8_t *)[data bytes];
size_t srclen = (size_t)data.length;
size_t outlen = SecKeyGetBlockSize(publicKey) * sizeof(uint8_t);
void *outbuf = malloc(outlen);
OSStatus status = noErr;
status = SecKeyEncrypt(publicKey,
PKCS1,
srcbuf,
srclen,
outbuf,
&outlen);
if (status != 0) {
//NSLog(@"SecKeyEncrypt fail. Error Code: %ld", status);
}else{
crypted = [NSData dataWithBytes:outbuf length:outlen];
}
NSString *str = [crypted stringWithHexBytes2];
free(outbuf);
CFRelease(publicKey);
return str;
}
这是NSData十六进制转换的类别。
- (NSString*)stringWithHexBytes2 {
static const char hexdigits[] = "0123456789abcdef";
const size_t numBytes = [self length];
const unsigned char* bytes = [self bytes];
char *strbuf = (char *)malloc(numBytes * 2 + 1);
char *hex = strbuf;
NSString *hexBytes = nil;
for (int i = 0; i<numBytes; ++i) {
const unsigned char c = *bytes++;
*hex++ = hexdigits[(c >> 4) & 0xF];
*hex++ = hexdigits[(c ) & 0xF];
}
*hex = 0;
hexBytes = [NSString stringWithUTF8String:strbuf];
free(strbuf);
return hexBytes;
}
最佳答案
问题不在于加密。但是,由于安全原因和公司政策,我们需要几个加密步骤和级别,后端才能成功解密密码。
非常感谢你们为帮助我所做的努力。
顺便说一句,即使上面的代码不包含我们额外的加密级别,也可以正常工作。
关于swift - Swift/Objective-C ASN1编码公钥,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32174164/