iOS RSA加解密

作者: 门前有棵葡萄树 | 来源:发表于2019-04-04 21:42 被阅读3次

    项目地址
    https://github.com/ideawu/Objective-C-RSA

    示例

        NSString *pubkey = @"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDI2bvVLVYrb4B0raZgFP60VXY\ncvRmk9q56QiTmEm9HXlSPq1zyhyPQHGti5FokYJMzNcKm0bwL1q6ioJuD4EFI56D\na+70XdRz1CjQPQE3yXrXXVvOsmq9LsdxTFWsVBTehdCmrapKZVVx6PKl7myh0cfX\nQmyveT/eqyZK1gYjvQIDAQAB\n-----END PUBLIC KEY-----";
        NSString *privkey = @"-----BEGIN PRIVATE KEY-----\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMMjZu9UtVitvgHS\ntpmAU/rRVdhy9GaT2rnpCJOYSb0deVI+rXPKHI9Aca2LkWiRgkzM1wqbRvAvWrqK\ngm4PgQUjnoNr7vRd1HPUKNA9ATfJetddW86yar0ux3FMVaxUFN6F0KatqkplVXHo\n8qXubKHRx9dCbK95P96rJkrWBiO9AgMBAAECgYBO1UKEdYg9pxMX0XSLVtiWf3Na\n2jX6Ksk2Sfp5BhDkIcAdhcy09nXLOZGzNqsrv30QYcCOPGTQK5FPwx0mMYVBRAdo\nOLYp7NzxW/File//169O3ZFpkZ7MF0I2oQcNGTpMCUpaY6xMmxqN22INgi8SHp3w\nVU+2bRMLDXEc/MOmAQJBAP+Sv6JdkrY+7WGuQN5O5PjsB15lOGcr4vcfz4vAQ/uy\nEGYZh6IO2Eu0lW6sw2x6uRg0c6hMiFEJcO89qlH/B10CQQDDdtGrzXWVG457vA27\nkpduDpM6BQWTX6wYV9zRlcYYMFHwAQkE0BTvIYde2il6DKGyzokgI6zQyhgtRJ1x\nL6fhAkB9NvvW4/uWeLw7CHHVuVersZBmqjb5LWJU62v3L2rfbT1lmIqAVr+YT9CK\n2fAhPPtkpYYo5d4/vd1sCY1iAQ4tAkEAm2yPrJzjMn2G/ry57rzRzKGqUChOFrGs\nlm7HF6CQtAs4HC+2jC0peDyg97th37rLmPLB9txnPl50ewpkZuwOAQJBAM/eJnFw\nF5QAcL4CYDbfBKocx82VX/pFXng50T7FODiWbbL4UnxICE0UBFInNNiWJxNEb6jL\n5xd0pcy9O2DOeso=\n-----END PRIVATE KEY-----";
    
        NSString *originString = @"hello world!";
    
        NSString *encWithPubKey;
        NSString *decWithPrivKey;
        NSString *encWithPrivKey;
        NSString *decWithPublicKey;
        
        NSLog(@"Original string(%d): %@", (int)originString.length, originString);
        
        // 公钥加密
        encWithPubKey = [RSA encryptString:originString publicKey:pubkey];
        NSLog(@"Enctypted with public key: %@", encWithPubKey);
        // 私钥解密
        decWithPrivKey = [RSA decryptString:encWithPubKey privateKey:privkey];
        NSLog(@"Decrypted with private key: %@", decWithPrivKey);
        
        // by PHP
        encWithPubKey = @"CKiZsP8wfKlELNfWNC2G4iLv0RtwmGeHgzHec6aor4HnuOMcYVkxRovNj2r0Iu3ybPxKwiH2EswgBWsi65FOzQJa01uDVcJImU5vLrx1ihJ/PADUVxAMFjVzA3+Clbr2fwyJXW6dbbbymupYpkxRSfF5Gq9KyT+tsAhiSNfU6akgNGh4DENoA2AoKoWhpMEawyIubBSsTdFXtsHK0Ze0Cyde7oI2oh8ePOVHRuce6xYELYzmZY5yhSUoEb4+/44fbVouOCTl66ppUgnR5KjmIvBVEJLBq0SgoZfrGiA3cB08q4hb5EJRW72yPPQNqJxcQTPs8SxXa9js8ZryeSxyrw==";
        decWithPrivKey = [RSA decryptString:encWithPubKey privateKey:privkey];
        NSLog(@"(PHP enc)Decrypted with private key: %@", decWithPrivKey);
        
        // 私钥加密
        encWithPrivKey = [RSA encryptString:originString privateKey:privkey];
        NSLog(@"Enctypted with private key: %@", encWithPrivKey);
    
        // 公钥解密
        decWithPublicKey = [RSA decryptString:encWithPrivKey publicKey:pubkey];
        NSLog(@"(PHP enc)Decrypted with public key: %@", decWithPublicKey);
    

    RSA.h

    #import <Foundation/Foundation.h>
    
    @interface RSA : NSObject
    
    // return base64 encoded string
    + (NSString *)encryptString:(NSString *)str publicKey:(NSString *)pubKey;
    // return raw data
    + (NSData *)encryptData:(NSData *)data publicKey:(NSString *)pubKey;
    // return base64 encoded string
    + (NSString *)encryptString:(NSString *)str privateKey:(NSString *)privKey;
    // return raw data
    + (NSData *)encryptData:(NSData *)data privateKey:(NSString *)privKey;
    
    // decrypt base64 encoded string, convert result to string(not base64 encoded)
    + (NSString *)decryptString:(NSString *)str publicKey:(NSString *)pubKey;
    + (NSData *)decryptData:(NSData *)data publicKey:(NSString *)pubKey;
    + (NSString *)decryptString:(NSString *)str privateKey:(NSString *)privKey;
    + (NSData *)decryptData:(NSData *)data privateKey:(NSString *)privKey;
    
    @end
    

    RSA.m

    #import "RSA.h"
    #import <Security/Security.h>
    
    @implementation RSA
    
    /*
    static NSString *base64_encode(NSString *str){
        NSData* data = [str dataUsingEncoding:NSUTF8StringEncoding];
        if(!data){
            return nil;
        }
        return base64_encode_data(data);
    }
    */
    
    static NSString *base64_encode_data(NSData *data){
        data = [data base64EncodedDataWithOptions:0];
        NSString *ret = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
        return ret;
    }
    
    static NSData *base64_decode(NSString *str){
        NSData *data = [[NSData alloc] initWithBase64EncodedString:str options:NSDataBase64DecodingIgnoreUnknownCharacters];
        return data;
    }
    
    + (NSData *)stripPublicKeyHeader:(NSData *)d_key{
        // Skip ASN.1 public key header
        if (d_key == nil) return(nil);
        
        unsigned long len = [d_key length];
        if (!len) return(nil);
        
        unsigned char *c_key = (unsigned char *)[d_key bytes];
        unsigned int  idx    = 0;
        
        if (c_key[idx++] != 0x30) return(nil);
        
        if (c_key[idx] > 0x80) idx += c_key[idx] - 0x80 + 1;
        else idx++;
        
        // PKCS #1 rsaEncryption szOID_RSA_RSA
        static unsigned char seqiod[] =
        { 0x30,   0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
            0x01, 0x05, 0x00 };
        if (memcmp(&c_key[idx], seqiod, 15)) return(nil);
        
        idx += 15;
        
        if (c_key[idx++] != 0x03) return(nil);
        
        if (c_key[idx] > 0x80) idx += c_key[idx] - 0x80 + 1;
        else idx++;
        
        if (c_key[idx++] != '\0') return(nil);
        
        // Now make a new NSData from this buffer
        return([NSData dataWithBytes:&c_key[idx] length:len - idx]);
    }
    
    //credit: http://hg.mozilla.org/services/fx-home/file/tip/Sources/NetworkAndStorage/CryptoUtils.m#l1036
    + (NSData *)stripPrivateKeyHeader:(NSData *)d_key{
        // Skip ASN.1 private key header
        if (d_key == nil) return(nil);
    
        unsigned long len = [d_key length];
        if (!len) return(nil);
    
        unsigned char *c_key = (unsigned char *)[d_key bytes];
        unsigned int  idx    = 22; //magic byte at offset 22
    
        if (0x04 != c_key[idx++]) return nil;
    
        //calculate length of the key
        unsigned int c_len = c_key[idx++];
        int det = c_len & 0x80;
        if (!det) {
            c_len = c_len & 0x7f;
        } else {
            int byteCount = c_len & 0x7f;
            if (byteCount + idx > len) {
                //rsa length field longer than buffer
                return nil;
            }
            unsigned int accum = 0;
            unsigned char *ptr = &c_key[idx];
            idx += byteCount;
            while (byteCount) {
                accum = (accum << 8) + *ptr;
                ptr++;
                byteCount--;
            }
            c_len = accum;
        }
    
        // Now make a new NSData from this buffer
        return [d_key subdataWithRange:NSMakeRange(idx, c_len)];
    }
    
    + (SecKeyRef)addPublicKey:(NSString *)key{
        NSRange spos = [key rangeOfString:@"-----BEGIN PUBLIC KEY-----"];
        NSRange epos = [key rangeOfString:@"-----END PUBLIC KEY-----"];
        if(spos.location != NSNotFound && epos.location != NSNotFound){
            NSUInteger s = spos.location + spos.length;
            NSUInteger e = epos.location;
            NSRange range = NSMakeRange(s, e-s);
            key = [key substringWithRange:range];
        }
        key = [key stringByReplacingOccurrencesOfString:@"\r" withString:@""];
        key = [key stringByReplacingOccurrencesOfString:@"\n" withString:@""];
        key = [key stringByReplacingOccurrencesOfString:@"\t" withString:@""];
        key = [key stringByReplacingOccurrencesOfString:@" "  withString:@""];
        
        // This will be base64 encoded, decode it.
        NSData *data = base64_decode(key);
        data = [RSA stripPublicKeyHeader:data];
        if(!data){
            return nil;
        }
    
        //a tag to read/write keychain storage
        NSString *tag = @"RSAUtil_PubKey";
        NSData *d_tag = [NSData dataWithBytes:[tag UTF8String] length:[tag length]];
        
        // Delete any old lingering key with the same tag
        NSMutableDictionary *publicKey = [[NSMutableDictionary alloc] init];
        [publicKey setObject:(__bridge id) kSecClassKey forKey:(__bridge id)kSecClass];
        [publicKey setObject:(__bridge id) kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];
        [publicKey setObject:d_tag forKey:(__bridge id)kSecAttrApplicationTag];
        SecItemDelete((__bridge CFDictionaryRef)publicKey);
        
        // Add persistent version of the key to system keychain
        [publicKey setObject:data forKey:(__bridge id)kSecValueData];
        [publicKey setObject:(__bridge id) kSecAttrKeyClassPublic forKey:(__bridge id)
         kSecAttrKeyClass];
        [publicKey setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)
         kSecReturnPersistentRef];
        
        CFTypeRef persistKey = nil;
        OSStatus status = SecItemAdd((__bridge CFDictionaryRef)publicKey, &persistKey);
        if (persistKey != nil){
            CFRelease(persistKey);
        }
        if ((status != noErr) && (status != errSecDuplicateItem)) {
            return nil;
        }
    
        [publicKey removeObjectForKey:(__bridge id)kSecValueData];
        [publicKey removeObjectForKey:(__bridge id)kSecReturnPersistentRef];
        [publicKey setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecReturnRef];
        [publicKey setObject:(__bridge id) kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];
        
        // Now fetch the SecKeyRef version of the key
        SecKeyRef keyRef = nil;
        status = SecItemCopyMatching((__bridge CFDictionaryRef)publicKey, (CFTypeRef *)&keyRef);
        if(status != noErr){
            return nil;
        }
        return keyRef;
    }
    
    + (SecKeyRef)addPrivateKey:(NSString *)key{
        NSRange spos;
        NSRange epos;
        spos = [key rangeOfString:@"-----BEGIN RSA PRIVATE KEY-----"];
        if(spos.length > 0){
            epos = [key rangeOfString:@"-----END RSA PRIVATE KEY-----"];
        }else{
            spos = [key rangeOfString:@"-----BEGIN PRIVATE KEY-----"];
            epos = [key rangeOfString:@"-----END PRIVATE KEY-----"];
        }
        if(spos.location != NSNotFound && epos.location != NSNotFound){
            NSUInteger s = spos.location + spos.length;
            NSUInteger e = epos.location;
            NSRange range = NSMakeRange(s, e-s);
            key = [key substringWithRange:range];
        }
        key = [key stringByReplacingOccurrencesOfString:@"\r" withString:@""];
        key = [key stringByReplacingOccurrencesOfString:@"\n" withString:@""];
        key = [key stringByReplacingOccurrencesOfString:@"\t" withString:@""];
        key = [key stringByReplacingOccurrencesOfString:@" "  withString:@""];
    
        // This will be base64 encoded, decode it.
        NSData *data = base64_decode(key);
        data = [RSA stripPrivateKeyHeader:data];
        if(!data){
            return nil;
        }
    
        //a tag to read/write keychain storage
        NSString *tag = @"RSAUtil_PrivKey";
        NSData *d_tag = [NSData dataWithBytes:[tag UTF8String] length:[tag length]];
    
        // Delete any old lingering key with the same tag
        NSMutableDictionary *privateKey = [[NSMutableDictionary alloc] init];
        [privateKey setObject:(__bridge id) kSecClassKey forKey:(__bridge id)kSecClass];
        [privateKey setObject:(__bridge id) kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];
        [privateKey setObject:d_tag forKey:(__bridge id)kSecAttrApplicationTag];
        SecItemDelete((__bridge CFDictionaryRef)privateKey);
    
        // Add persistent version of the key to system keychain
        [privateKey setObject:data forKey:(__bridge id)kSecValueData];
        [privateKey setObject:(__bridge id) kSecAttrKeyClassPrivate forKey:(__bridge id)
         kSecAttrKeyClass];
        [privateKey setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)
         kSecReturnPersistentRef];
    
        CFTypeRef persistKey = nil;
        OSStatus status = SecItemAdd((__bridge CFDictionaryRef)privateKey, &persistKey);
        if (persistKey != nil){
            CFRelease(persistKey);
        }
        if ((status != noErr) && (status != errSecDuplicateItem)) {
            return nil;
        }
    
        [privateKey removeObjectForKey:(__bridge id)kSecValueData];
        [privateKey removeObjectForKey:(__bridge id)kSecReturnPersistentRef];
        [privateKey setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecReturnRef];
        [privateKey setObject:(__bridge id) kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];
    
        // Now fetch the SecKeyRef version of the key
        SecKeyRef keyRef = nil;
        status = SecItemCopyMatching((__bridge CFDictionaryRef)privateKey, (CFTypeRef *)&keyRef);
        if(status != noErr){
            return nil;
        }
        return keyRef;
    }
    
    /* START: Encryption & Decryption with RSA private key */
    
    + (NSData *)encryptData:(NSData *)data withKeyRef:(SecKeyRef) keyRef isSign:(BOOL)isSign {
        const uint8_t *srcbuf = (const uint8_t *)[data bytes];
        size_t srclen = (size_t)data.length;
        
        size_t block_size = SecKeyGetBlockSize(keyRef) * sizeof(uint8_t);
        void *outbuf = malloc(block_size);
        size_t src_block_size = block_size - 11;
        
        NSMutableData *ret = [[NSMutableData alloc] init];
        for(int idx=0; idx<srclen; idx+=src_block_size){
            //NSLog(@"%d/%d block_size: %d", idx, (int)srclen, (int)block_size);
            size_t data_len = srclen - idx;
            if(data_len > src_block_size){
                data_len = src_block_size;
            }
            
            size_t outlen = block_size;
            OSStatus status = noErr;
            
            if (isSign) {
                status = SecKeyRawSign(keyRef,
                                       kSecPaddingPKCS1,
                                       srcbuf + idx,
                                       data_len,
                                       outbuf,
                                       &outlen
                                       );
            } else {
                status = SecKeyEncrypt(keyRef,
                                       kSecPaddingPKCS1,
                                       srcbuf + idx,
                                       data_len,
                                       outbuf,
                                       &outlen
                                       );
            }
            if (status != 0) {
                NSLog(@"SecKeyEncrypt fail. Error Code: %d", status);
                ret = nil;
                break;
            }else{
                [ret appendBytes:outbuf length:outlen];
            }
        }
        
        free(outbuf);
        CFRelease(keyRef);
        return ret;
    }
    
    + (NSString *)encryptString:(NSString *)str privateKey:(NSString *)privKey{
        NSData *data = [RSA encryptData:[str dataUsingEncoding:NSUTF8StringEncoding] privateKey:privKey];
        NSString *ret = base64_encode_data(data);
        return ret;
    }
    
    + (NSData *)encryptData:(NSData *)data privateKey:(NSString *)privKey{
        if(!data || !privKey){
            return nil;
        }
        SecKeyRef keyRef = [RSA addPrivateKey:privKey];
        if(!keyRef){
            return nil;
        }
        return [RSA encryptData:data withKeyRef:keyRef isSign:YES];
    }
    
    + (NSData *)decryptData:(NSData *)data withKeyRef:(SecKeyRef) keyRef{
        const uint8_t *srcbuf = (const uint8_t *)[data bytes];
        size_t srclen = (size_t)data.length;
        
        size_t block_size = SecKeyGetBlockSize(keyRef) * sizeof(uint8_t);
        UInt8 *outbuf = malloc(block_size);
        size_t src_block_size = block_size;
        
        NSMutableData *ret = [[NSMutableData alloc] init];
        for(int idx=0; idx<srclen; idx+=src_block_size){
            //NSLog(@"%d/%d block_size: %d", idx, (int)srclen, (int)block_size);
            size_t data_len = srclen - idx;
            if(data_len > src_block_size){
                data_len = src_block_size;
            }
            
            size_t outlen = block_size;
            OSStatus status = noErr;
            status = SecKeyDecrypt(keyRef,
                                   kSecPaddingNone,
                                   srcbuf + idx,
                                   data_len,
                                   outbuf,
                                   &outlen
                                   );
            if (status != 0) {
                NSLog(@"SecKeyEncrypt fail. Error Code: %d", status);
                ret = nil;
                break;
            }else{
                //the actual decrypted data is in the middle, locate it!
                int idxFirstZero = -1;
                int idxNextZero = (int)outlen;
                for ( int i = 0; i < outlen; i++ ) {
                    if ( outbuf[i] == 0 ) {
                        if ( idxFirstZero < 0 ) {
                            idxFirstZero = i;
                        } else {
                            idxNextZero = i;
                            break;
                        }
                    }
                }
                
                [ret appendBytes:&outbuf[idxFirstZero+1] length:idxNextZero-idxFirstZero-1];
            }
        }
        
        free(outbuf);
        CFRelease(keyRef);
        return ret;
    }
    
    
    + (NSString *)decryptString:(NSString *)str privateKey:(NSString *)privKey{
        NSData *data = [[NSData alloc] initWithBase64EncodedString:str options:NSDataBase64DecodingIgnoreUnknownCharacters];
        data = [RSA decryptData:data privateKey:privKey];
        NSString *ret = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
        return ret;
    }
    
    + (NSData *)decryptData:(NSData *)data privateKey:(NSString *)privKey{
        if(!data || !privKey){
            return nil;
        }
        SecKeyRef keyRef = [RSA addPrivateKey:privKey];
        if(!keyRef){
            return nil;
        }
        return [RSA decryptData:data withKeyRef:keyRef];
    }
    
    /* END: Encryption & Decryption with RSA private key */
    
    /* START: Encryption & Decryption with RSA public key */
    
    + (NSString *)encryptString:(NSString *)str publicKey:(NSString *)pubKey{
        NSData *data = [RSA encryptData:[str dataUsingEncoding:NSUTF8StringEncoding] publicKey:pubKey];
        NSString *ret = base64_encode_data(data);
        return ret;
    }
    
    + (NSData *)encryptData:(NSData *)data publicKey:(NSString *)pubKey{
        if(!data || !pubKey){
            return nil;
        }
        SecKeyRef keyRef = [RSA addPublicKey:pubKey];
        if(!keyRef){
            return nil;
        }
        return [RSA encryptData:data withKeyRef:keyRef isSign:NO];
    }
    
    + (NSString *)decryptString:(NSString *)str publicKey:(NSString *)pubKey{
        NSData *data = [[NSData alloc] initWithBase64EncodedString:str options:NSDataBase64DecodingIgnoreUnknownCharacters];
        data = [RSA decryptData:data publicKey:pubKey];
        NSString *ret = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
        return ret;
    }
    
    + (NSData *)decryptData:(NSData *)data publicKey:(NSString *)pubKey{
        if(!data || !pubKey){
            return nil;
        }
        SecKeyRef keyRef = [RSA addPublicKey:pubKey];
        if(!keyRef){
            return nil;
        }
        return [RSA decryptData:data withKeyRef:keyRef];
    }
    
    /* END: Encryption & Decryption with RSA public key */
    
    @end
    

    相关文章

      网友评论

        本文标题:iOS RSA加解密

        本文链接:https://www.haomeiwen.com/subject/wbkciqtx.html