标签:
RSA算法有2个作用一个是加密一个是加签。从这几个函数中,我们可以看到,我们第一种是使用公钥能在客户端:加密数据,以及服务器端用私钥解密。
第二个就是用私钥在客户端加签,然后用公钥在服务器端用公钥验签。第一种完全是为了加密,第二种是为了放抵赖,就是为了防止别人模拟我们的客户端来攻击我们的服务器,导致瘫痪。
1.RSA加密解密:
(1)获取密钥,这里是产生密钥,实际应用中可以从各种存储介质上读取密钥 (2)加密 (3)解密
2.RSA签名和验证
(1)获取密钥,这里是产生密钥,实际应用中可以从各种存储介质上读取密钥 (2)获取待签名的Hash码 (3)获取签名的字符串 (4)验证
3.公钥与私钥的理解:
(1)私钥用来进行解密和签名,是给自己用的。
(2)公钥由本人公开,用于加密和验证签名,是给别人用的。
(3)当该用户发送文件时,用私钥签名,别人用他给的公钥验证签名,可以保证该信息是由他发送的。当该用户接受文件时,别人用他的公钥加密,他用私钥解密,可以保证该信息只能由他接收到。
首先加入头文件
#import <CommonCrypto/CommonDigest.h>
#import <CommonCrypto/CommonCryptor.h>
#import <Security/Security.h>
#import "NSData+Base64.h"
#define kChosenDigestLength CC_SHA1_DIGEST_LENGTH // SHA-1消息摘要的数据位数160位
- (NSData *)getHashBytes:(NSData *)plainText { CC_SHA1_CTX ctx; uint8_t * hashBytes = NULL; NSData * hash = nil; // Malloc a buffer to hold hash. hashBytes = malloc( kChosenDigestLength * sizeof(uint8_t) ); memset((voidvoid *)hashBytes, 0x0, kChosenDigestLength); // Initialize the context. CC_SHA1_Init(&ctx); // Perform the hash. CC_SHA1_Update(&ctx, (voidvoid *)[plainText bytes], [plainText length]); // Finalize the output. CC_SHA1_Final(hashBytes, &ctx); // Build up the SHA1 blob. hash = [NSData dataWithBytes:(const voidvoid *)hashBytes length:(NSUInteger)kChosenDigestLength]; if (hashBytes) free(hashBytes); return hash; }
-(NSString *)signTheDataSHA1WithRSA:(NSString *)plainText { uint8_t* signedBytes = NULL; size_t signedBytesSize = 0; OSStatus sanityCheck = noErr; NSData* signedHash = nil; NSString * path = [[NSBundle mainBundle]pathForResource:@"keystore" ofType:@"p12"]; NSData * data = [NSData dataWithContentsOfFile:path]; NSMutableDictionary * options = [[NSMutableDictionary alloc] init]; // Set the private key query dictionary. [options setObject:@"你的p12文件的密码" forKey:(id)kSecImportExportPassphrase]; CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL); OSStatus securityError = SecPKCS12Import((CFDataRef) data, (CFDictionaryRef)options, &items); if (securityError!=noErr) { return nil ; } CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0); SecIdentityRef identityApp =(SecIdentityRef)CFDictionaryGetValue(identityDict,kSecImportItemIdentity); SecKeyRef privateKeyRef=nil; SecIdentityCopyPrivateKey(identityApp, &privateKeyRef); signedBytesSize = SecKeyGetBlockSize(privateKeyRef); NSData *plainTextBytes = [plainText dataUsingEncoding:NSUTF8StringEncoding]; signedBytes = malloc( signedBytesSize * sizeof(uint8_t) ); // Malloc a buffer to hold signature. memset((voidvoid *)signedBytes, 0x0, signedBytesSize); sanityCheck = SecKeyRawSign(privateKeyRef, kSecPaddingPKCS1SHA1, (const uint8_t *)[[self getHashBytes:plainTextBytes] bytes], kChosenDigestLength, (uint8_t *)signedBytes, &signedBytesSize); if (sanityCheck == noErr) { signedHash = [NSData dataWithBytes:(const voidvoid *)signedBytes length:(NSUInteger)signedBytesSize]; } else { return nil; } if (signedBytes) { free(signedBytes); } NSString *signatureResult=[NSString stringWithFormat:@"%@",[signedHash base64EncodedString]]; return signatureResult; }
-(SecKeyRef)getPublicKey{ NSString *certPath = [[NSBundle mainBundle] pathForResource:@"keystore" ofType:@"p7b"]; SecCertificateRef myCertificate = nil; NSData *certificateData = [[NSData alloc] initWithContentsOfFile:certPath]; myCertificate = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef)certificateData); SecPolicyRef myPolicy = SecPolicyCreateBasicX509(); SecTrustRef myTrust; OSStatus status = SecTrustCreateWithCertificates(myCertificate,myPolicy,&myTrust); SecTrustResultType trustResult; if (status == noErr) { status = SecTrustEvaluate(myTrust, &trustResult); } return SecTrustCopyPublicKey(myTrust); } -(NSString *)RSAEncrypotoTheData:(NSString *)plainText { SecKeyRef publicKey=nil; publicKey=[self getPublicKey]; size_t cipherBufferSize = SecKeyGetBlockSize(publicKey); uint8_t *cipherBuffer = NULL; cipherBuffer = malloc(cipherBufferSize * sizeof(uint8_t)); memset((voidvoid *)cipherBuffer, 0*0, cipherBufferSize); NSData *plainTextBytes = [plainText dataUsingEncoding:NSUTF8StringEncoding]; int blockSize = cipherBufferSize-11; // 这个地方比较重要是加密问组长度 int numBlock = (int)ceil([plainTextBytes length] / (double)blockSize); NSMutableData *encryptedData = [[NSMutableData alloc] init]; for (int i=0; i<numBlock; i++) { int bufferSize = MIN(blockSize,[plainTextBytes length]-i*blockSize); NSData *buffer = [plainTextBytes subdataWithRange:NSMakeRange(i * blockSize, bufferSize)]; OSStatus status = SecKeyEncrypt(publicKey, kSecPaddingPKCS1, (const uint8_t *)[buffer bytes], [buffer length], cipherBuffer, &cipherBufferSize); if (status == noErr) { NSData *encryptedBytes = [[[NSData alloc] initWithBytes:(const voidvoid *)cipherBuffer length:cipherBufferSize] autorelease]; [encryptedData appendData:encryptedBytes]; } else { return nil; } } if (cipherBuffer) { free(cipherBuffer); } NSString *encrypotoResult=[NSString stringWithFormat:@"%@",[encryptedData base64EncodedString]]; return encrypotoResult; }
相关链接:
android、ios与服务器端php使用rsa加密解密通讯
RSA implementations in Objective C
标签:
原文地址:http://www.cnblogs.com/On1Key/p/5458835.html