ios加密方法

作者: 彬至睢阳 | 来源:发表于2017-06-20 11:52 被阅读245次

/**ios常见的几种加密方法: 普通的加密方法是讲密码进行加密后保存到用户偏好设置( [NSUserDefaults standardUserDefaults])中; 钥匙串加密是以明文形式保存,但是不知道存放的具体位置。 */  

  #pragma mark----钥匙串存储

/* 用原生的 Security.framework 就可以实现钥匙串的访问、读写。但是只能在真机上进行,模拟器会出错。在 Github(https://github.com/ldandersen/scifihifi-iphone/tree/master/security) 上有个封装的非常好的类来实现这个功能,让你既能在模拟器又能在真机上访问钥匙串。 

*/    - (void)initSecurity{             

   //----使用第三方SFHFKeychainUtils--                        //获取应用程序唯一标识--        NSString* bundleld = [NSBundle mainBundle].bundleIdentifier;          

     //引入头文件//#import "SFHFKeychainUtils.h"//        //     

   //删除用户//        [SFHFKeychainUtils deleteItemForUsername:userName andServiceName:ServiceName error:nil];//        //    

    //存储账户密码//        [SFHFKeychainUtils storeUsername:userName andPassword:passwordNew forServiceName:ServiceName updateExisting:YES  error:nil];//        //       

 //根据用户名取出密码//        NSString  *passWord = [SFHFKeychainUtils getPasswordForUsername:userName andServiceName:ServiceName error:nil];    }   

 #pragma mark----指纹识别 

/*1.指纹识别功能实在iPhone5S之后推出的,SDK是iOS8.0推出的  2.目的:简化移动支付环节  --------使用步骤----  1.倒入框架#import2.获得当前系统版本号

3.实例化指纹识别对象,判断当前设备是否支持指纹识别功能(是否带有TouchID)

*/

- (void)initLAthentication{

//获得当前系统版本号

float version = [UIDevice currentDevice].systemVersion.floatValue;

if (version < 8.0) {

NSLog(@"系统版本过低,请升级系统");

return;

}

//-----实例化指纹识别对象,判断当前设备是否支持指纹识别功能(是否带有TouchID)---

//1.实例化指纹识别对象

LAContext* laCon = [[LAContext alloc]init];

//判断当前设备是否支持指纹识别功能

if (![laCon canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:NULL]) {

//如果设备不支持指纹识别功能

NSLog(@"设备不支持指纹识别功能");

return;

}

//指纹登陆--默认是异步方法

[laCon evaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics localizedReason:@"指纹登陆" reply:^(BOOL success, NSError * _Nullable error) {

//如果成功,表示指纹输入正确

if (success) {

NSLog(@"指纹识别成功");

}else{

NSLog(@"指纹识别错误");

}

}];

}

#pragma mark----base64加密

/**

base64编码是现代密码学的基础

Base64加密:Base64加密因其算法和充当秘钥的索引表都是公开的,所以不属于加密算法。其本质是将"二进制"数据转换成字符串,方便使用HTTP协议,用于公开的代码加密、URL加密,防止数据明文传输

特点:编码完成后的结果,只有64个字符

*/

_______________________________________________________________

//Base64加密

- (NSString *)base64Encode:(NSString* )str{

//转化为二进制数据

NSData* data = [str dataUsingEncoding:NSUTF8StringEncoding];

//进行Base64加密

return [data base64EncodedStringWithOptions:0];

}

//Base64解密

- (NSString *)base64Decode:(NSString *)str{

NSData* data = [[NSData alloc]initWithBase64EncodedString:str options:0];

return [[NSString alloc]initWithData:data encoding:NSUTF8StringEncoding];

}

_____________________________________________________________

- (void)initBase64{

//1.将文件进行加密

NSString* path = [[NSBundle mainBundle]pathForResource:@"menu_default" ofType:@"png"];

//获取需要加密的文件的二进制数据

NSData* data = [NSData dataWithContentsOfFile:path];

/*

-------加密解密是只有NSData才能进行,所以要先把需要加密的数据转化为NSData类型

UIImage *img = [UIImage imageNamed:@"menu_default.png"];

// 图片转Data

NSData *data = UIImageJPEGRepresentation(img, 0.7);

-------字符串加密-----

// 字符串转Data

NSString *str = @"encode string";

// 字符串转成Data

NSData *data = [str dataUsingEncoding:NSUTF8StringEncoding];// 13 bytes

// 加密Data

NSData *encodeData = [data base64EncodedDataWithOptions:0];// 20 bytes

// 解密Data

NSData *decodeData = [[NSData alloc] initWithBase64EncodedData:encodeData options:0];// 13 bytes

// Data转字符串

NSString *decodeStr = [[NSString alloc] initWithData:decodeData encoding:NSUTF8StringEncoding];

NSLog(@"%@",decodeStr);// encode string

*/

//base64EncodedStringWithOptions--加密

NSData* base64Data = [data base64EncodedDataWithOptions:0];

//获取要存储的沙河目录的路径

NSArray* pathsArr = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);

NSString* docDir = [pathsArr objectAtIndex:0];

NSString* pathSave = [docDir stringByAppendingPathComponent:@"test.txt"];

//存储加密后的文件

[base64Data writeToFile:pathSave atomically:YES];

//获得加密后的二进制数据

NSData* baseSave64Data = [NSData dataWithContentsOfFile:pathSave];

//解密

NSData* baseData = [[NSData alloc]initWithBase64EncodedData:baseSave64Data options:0];

/*

总结:1.将文件menu_default.png进行base64位运算之后存储为test.txt,如果为jpg也是这样

2.将test.txt转化为menu_default.png;(无论起始为menu_default.png或menu_default.jpg)

3.// 将字符串 "hello" 进行 base 64 编码 结果:aGVsbG8=cho "hello" | base64

// 将 base64编码之后的结果 aGVsbG8= 反编码为字符串

echo aGVsbG8= | base64 -D

*/

UIImage* image = [UIImage imageWithData:baseData];

UIImageView* imageV = [[UIImageView alloc]init];

[self.view addSubview:imageV];

imageV.frame = CGRectMake(100, 100, 50, 50);

imageV.image = image;

}

iOS开发-Objective-c的AES加密和解密算法的实现

#import<Foundation/Foundation.h>

@interface Crypt : NSObject

//+(NSData *)AES256EncryptWithKey:(NSString *)key Encrypttext:(NSData *)text;  //加密

+(NSData *)AES256EncrypData:(NSData *)text WithKey:(NSString *)key;  //加密

+(NSData *)AES256DecryptData:(NSData *)text WithKey:(NSString *)key;  //解密

+(NSString *) AES256Encrypt:(NSString *)text WithKey:(NSString *)key;//加密

+(NSString *) AES256Decrypt:(NSString *)text WithKey:(NSString *)key;//解密

@end

--------------------------------------------------------------------

#import "Crypt.h"

#import <CommonCrypto/CommonCryptor.h>

@implementation Crypt

+(NSData *)AES256EncrypData:(NSData *)text WithKey:(NSString *)key //加密

{

char keyPtr[kCCKeySizeAES256+1];

bzero(keyPtr, sizeof(keyPtr));

[key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];

NSUInteger dataLength = [text length];

size_t bufferSize = dataLength + kCCBlockSizeAES128;

void *buffer = malloc(bufferSize);

size_t numBytesEncrypted = 0;

CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128,

kCCOptionPKCS7Padding | kCCOptionECBMode,

keyPtr, kCCBlockSizeAES128,

NULL,

[text bytes], dataLength,

buffer, bufferSize,

&numBytesEncrypted);

if (cryptStatus == kCCSuccess) {

return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];

}

free(buffer);

return nil;

}

+(NSData *)AES256DecryptData:(NSData *)text WithKey:(NSString *)key //解密

{

char keyPtr[kCCKeySizeAES256+1];

bzero(keyPtr, sizeof(keyPtr));

[key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];

NSUInteger dataLength = [text length];

size_t bufferSize = dataLength + kCCBlockSizeAES128;

void *buffer = malloc(bufferSize);

size_t numBytesDecrypted = 0;

CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmAES128,

kCCOptionPKCS7Padding | kCCOptionECBMode,

keyPtr, kCCBlockSizeAES128,

NULL,

[text bytes], dataLength,

buffer, bufferSize,

&numBytesDecrypted);

if (cryptStatus == kCCSuccess) {

return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];

}

free(buffer);

return nil;

}

+(NSString *) AES256Encrypt:(NSString *)text WithKey:(NSString *)key

{

const char *cstr = [text cStringUsingEncoding:NSUTF8StringEncoding];

NSData *data = [NSData dataWithBytes:cstr length:text.length];

//对数据进行加密

NSData *result = [Crypt AES256EncrypData:data WithKey:key];

//转换为2进制字符串

if (result && result.length > 0) {

Byte *datas = (Byte*)[result bytes];

NSMutableString *output = [NSMutableString stringWithCapacity:result.length * 2];

for(int i = 0; i < result.length; i++){

[output appendFormat:@"%02x", datas[i]];

}

return output;

}

return nil;

}

+(NSString *) AES256Decrypt:(NSString *)text WithKey:(NSString *)key{

//转换为2进制Data

NSMutableData *data = [NSMutableData dataWithCapacity:text.length / 2];

unsigned char whole_byte;

char byte_chars[3] = {'\0','\0','\0'};

int i;

for (i=0; i < [text length] / 2; i++) {

byte_chars[0] = [text characterAtIndex:i*2];

byte_chars[1] = [text characterAtIndex:i*2+1];

whole_byte = strtol(byte_chars, NULL, 16);

[data appendBytes:&whole_byte length:1];

}

//对数据进行解密

NSData* result = [Crypt  AES256DecryptData:data WithKey:key];

if (result && result.length > 0) {

return [[NSString alloc] initWithData:result encoding:NSUTF8StringEncoding];

}

return nil;

}

@end

-------------用法------------------------

//      NSString* GHD = [Crypt AES256Encrypt:@"value" WithKey:@"key"];

//    NSString* sdf = [Crypt AES256Decrypt:GHD WithKey:@"key"];

//    NSLog(@"sdf---%@",sdf);

//

//    NSLog(@"%@",GHD);

//

NSData* DATA = [Crypt AES256EncrypData:[@"asd" dataUsingEncoding:NSUTF8StringEncoding] WithKey:@"KEY"];

NSData* XC = [Crypt AES256DecryptData:DATA WithKey:@"KEY"];

NSString* str = [[NSString alloc]initWithData:XC encoding:NSUTF8StringEncoding];

NSLog(@"%@",str);

iOS------MD5加密

/* MD5即Message-Digest Algorithm 5(信息-摘要算法5),用于确保信息传输完整一致。实质:就是把一个任意长度的字节串变换成一定长的十六进制数字串 使用MD5的好处:快速校验 特点:1.输入两个不同的明文不会得到相同的输出值  2.根据输出值,不能得到原始的明文,及其过程不可逆(MD5只能加密,不能解密)  注意事项:1.一定要和后台开发人员约定好,MD5加密的位数是16位还是32位(大多数都是32位的),16位的可以通过32位的转换得到 2.MD5加密区分大小写,使用时要和后台约定好  MD5解密网站:http://www.cmd5.com/ 需要先导入系统头文件#import*/

-------------------------具体实现------------------------

#import <Foundation/Foundation.h>

@interface MD5Crypt : NSObject

/**

*  MD5加密, 32位 小写

*

*  @param str 传入要加密的字符串

*

*  @return 返回加密后的字符串

*/

+(NSString *)MD5ForLower32Bate:(NSString *)str;

/**

*  MD5加密, 32位 大写

*

*  @param str 传入要加密的字符串

*

*  @return 返回加密后的字符串

*/

+(NSString *)MD5ForUpper32Bate:(NSString *)str;

/**

*  MD5加密, 16位 小写

*

*  @param str 传入要加密的字符串

*

*  @return 返回加密后的字符串

*/

+(NSString *)MD5ForLower16Bate:(NSString *)str;

/**

*  MD5加密, 16位 大写

*

*  @param str 传入要加密的字符串

*

*  @return 返回加密后的字符串

*/

+(NSString *)MD5ForUpper16Bate:(NSString *)str;

@end

-------------------------------------------------

#import "MD5Crypt.h"

#import <CommonCrypto/CommonCrypto.h>

@implementation MD5Crypt

#pragma mark - 32位 小写

+(NSString *)MD5ForLower32Bate:(NSString *)str{

//要进行UTF8的转码

const char* input = [str UTF8String];

unsigned char result[CC_MD5_DIGEST_LENGTH];

CC_MD5(input, (CC_LONG)strlen(input), result);

NSMutableString *digest = [NSMutableString stringWithCapacity:CC_MD5_DIGEST_LENGTH * 2];

for (NSInteger i = 0; i < CC_MD5_DIGEST_LENGTH; i++) {

[digest appendFormat:@"%02x", result[i]];

}

return digest;

}

#pragma mark - 32位 大写

+(NSString *)MD5ForUpper32Bate:(NSString *)str{

//要进行UTF8的转码

const char* input = [str UTF8String];

unsigned char result[CC_MD5_DIGEST_LENGTH];

CC_MD5(input, (CC_LONG)strlen(input), result);

NSMutableString *digest = [NSMutableString stringWithCapacity:CC_MD5_DIGEST_LENGTH * 2];

for (NSInteger i = 0; i < CC_MD5_DIGEST_LENGTH; i++) {

[digest appendFormat:@"%02X", result[i]];

}

return digest;

}

#pragma mark - 16位 大写

+(NSString *)MD5ForUpper16Bate:(NSString *)str{

NSString *md5Str = [self MD5ForUpper32Bate:str];

NSString  *string;

for (int i=0; i<24; i++) {

string=[md5Str substringWithRange:NSMakeRange(8, 16)];

}

return string;

}

#pragma mark - 16位 小写

+(NSString *)MD5ForLower16Bate:(NSString *)str{

NSString *md5Str = [self MD5ForLower32Bate:str];

NSString  *string;

for (int i=0; i<24; i++) {

string=[md5Str substringWithRange:NSMakeRange(8, 16)];

}

return string;

}

@end

-----------------用法-------------------------

NSString *str1 = [MD5Crypt MD5ForLower16Bate:@"123456"];

NSLog(@"小写16位:%@", str1);

NSString *str2 = [MD5Crypt MD5ForLower32Bate:@"123456"];

NSLog(@"小写32位:%@", str2);

NSString *str3 = [MD5Crypt MD5ForUpper16Bate:@"123456"];

NSLog(@"大写16位:%@", str3);

NSString *str4 = [MD5Crypt MD5ForUpper32Bate:@"123456"];

NSLog(@"大写32位:%@", str4);

/*

因为MD5生成的简单字符串会被轻易的破解,所以要对她进行改进

1.加盐(Salt):

在明文的固定位置插入随机串,然后在进行MD5

*/

NSString* salt = @"salt";

NSString *str5 = [MD5Crypt MD5ForUpper32Bate:[@"123456" stringByAppendingString:salt]];

NSLog(@"大写32位:%@", str5);

注:加的盐必须足够长,足够保密或者可以计入时间戳

iOS--DES加解密

#import<Foundation/Foundation.h>

@interface DESCrypt : NSObject

/******************************************************************************

函数名称 : + (NSData *)DESEncrypt:(NSData *)data WithKey:(NSString *)key

函数描述 : 文本数据进行DES加密

输入参数 : (NSData *)data

(NSString *)key

输出参数 : N/A

返回参数 : (NSData *)

备注信息 : 此函数不可用于过长文本

******************************************************************************/

+ (NSData *)DESEncrypt:(NSData *)data WithKey:(NSString *)key;//加密

/******************************************************************************

函数名称 : + (NSData *)DESEncrypt:(NSData *)data WithKey:(NSString *)key

函数描述 : 文本数据进行DES解密

输入参数 : (NSData *)data

(NSString *)key

输出参数 : N/A

返回参数 : (NSData *)

备注信息 : 此函数不可用于过长文本

******************************************************************************/

+ (NSData *)DESDecrypt:(NSData *)data WithKey:(NSString *)key;//解密

/******************************************************************************

函数名称 :+ (NSString *)DESEncrypt:(NSString *)str withKey:(NSString *)key

函数描述 : 文本数据进行DES加密

输入参数 : NSString *)str

(NSString *)key

输出参数 : N/A

返回参数 : NSString *)

备注信息 : 此函数不可用于过长文本

******************************************************************************/

+ (NSString *)DESEncrypt:(NSString *)str withKey:(NSString *)key;//加密

/******************************************************************************

函数名称 :+ (NSString *)DESDecrypt:(NSString *)str withKey:(NSString *)key

函数描述 : 文本数据进行DES解密

输入参数 : NSString *)str

(NSString *)key

输出参数 : N/A

返回参数 : NSString *)

备注信息 : 此函数不可用于过长文本

******************************************************************************/

+ (NSString *)DESDecrypt:(NSString *)str withKey:(NSString *)key;//解密

@end

-------------------------------------

#import "DESCrypt.h"

 #import <CommonCrypto/CommonCryptor.h>

@implementation DESCrypt

#pragma mark------加密

+ (NSData *)DESEncrypt:(NSData *)data WithKey:(NSString *)key

{

char keyPtr[kCCKeySizeAES256+1];

bzero(keyPtr, sizeof(keyPtr));

[key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];

NSUInteger dataLength = [data length];

size_t bufferSize = dataLength + kCCBlockSizeAES128;

void *buffer = malloc(bufferSize);

size_t numBytesEncrypted = 0;

CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmDES,

kCCOptionPKCS7Padding | kCCOptionECBMode,

keyPtr, kCCBlockSizeDES,

NULL,

[data bytes], dataLength,

buffer, bufferSize,

&numBytesEncrypted);

if (cryptStatus == kCCSuccess) {

return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];

}

free(buffer);

return nil;

}

#pragma mark---解密

+ (NSData *)DESDecrypt:(NSData *)data WithKey:(NSString *)key

{

char keyPtr[kCCKeySizeAES256+1];

bzero(keyPtr, sizeof(keyPtr));

[key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];

NSUInteger dataLength = [data length];

size_t bufferSize = dataLength + kCCBlockSizeAES128;

void *buffer = malloc(bufferSize);

size_t numBytesDecrypted = 0;

CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmDES,

kCCOptionPKCS7Padding | kCCOptionECBMode,

keyPtr, kCCBlockSizeDES,

NULL,

[data bytes], dataLength,

buffer, bufferSize,

&numBytesDecrypted);

if (cryptStatus == kCCSuccess) {

return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];

}

free(buffer);

return nil;

}

#pragma mark----加密

+ (NSString *)DESEncrypt:(NSString *)str withKey:(NSString *)key{

NSData* data = [DESCrypt DESEncrypt:[str dataUsingEncoding:NSUTF8StringEncoding]  WithKey:key];

return [[NSString alloc]initWithData:data encoding:NSUTF8StringEncoding];

}

#pragma mark---解密

+ (NSString *)DESDecrypt:(NSString *)str withKey:(NSString *)key{

NSData* data = [DESCrypt DESDecrypt:[str dataUsingEncoding:NSUTF8StringEncoding] WithKey:key];

return [[NSString alloc]initWithData:data encoding:NSUTF8StringEncoding];

}

@end

---------------------用法-----

//    NSData* data = [DESCrypt DESEncrypt:[@"123" dataUsingEncoding:NSUTF8StringEncoding] WithKey:@"123"];

//    NSData* data1 = [DESCrypt DESDecrypt:data WithKey:@"123"];

//    NSLog(@"%@",[[NSString alloc]initWithData:data1 encoding:NSUTF8StringEncoding]);

base64和DES的结合

//Base64加密

- (NSString *)base64Encode:(NSString* )str{

//取项目的bundleIdentifier作为KEY

NSString *key = [[NSBundle mainBundle] bundleIdentifier];

//转化为二进制数据

NSData* data = [str dataUsingEncoding:NSUTF8StringEncoding];

data = [DESCrypt DESEncrypt:[@"123" dataUsingEncoding:NSUTF8StringEncoding] WithKey:key];

//进行Base64加密

return [data base64EncodedStringWithOptions:0];

}

//Base64解密

- (NSString *)base64Decode:(NSString *)str{

NSString *key = [[NSBundle mainBundle] bundleIdentifier];

NSData* data = [[NSData alloc]initWithBase64EncodedString:str options:0];

data = [DESCrypt DESDecrypt:data WithKey:key];

return [[NSString alloc]initWithData:data encoding:NSUTF8StringEncoding];

}

------------------用法----------------

NSString* str = [self base64Encode:@"123"];

NSLog(@"%@",str);

NSString* str1 = [self base64Decode:str];

NSLog(@"%@",str1);

iOS------RSA加密

在iOS中使用RSA加密解密,需要用到.der和.p12后缀格式的文件,其中.der格式的文件存放的是公钥(Public key)用于加密,.p12格式的文件存放的是私钥(Private key)用于解密

对于比较敏感的数据,如用户信息(登陆、注册等),客户端发送使用RSA加密,服务器返回使用DES(AES)加密,使用RSA进行数字签名,可以起到防篡改的作用;客户端之所以使用RSA加密,是因为RSA解密需要知道服务器私钥,而服务器私钥一般盗取难度较大

RSA使用公钥加密、私钥解密

一、使用openssl生成所需秘钥文件

生成环境是在mac系统下,使用openssl进行生成,首先打开终端,按下面这些步骤依次来做:

1. 生成模长为1024bit的私钥文件private_key.pem

openssl genrsa -out private_key.pem 1024

2. 生成证书请求文件rsaCertReq.csr

openssl req -new -key private_key.pem -out rsaCerReq.csr

注意:这一步会提示输入国家、省份、mail等信息,可以根据实际情况填写,或者全部不用填写,直接全部敲回车.

3. 生成证书rsaCert.crt,并设置有效时间为1年

openssl x509 -req -days 3650 -in rsaCerReq.csr -signkey private_key.pem -out rsaCert.crt

4. 生成供iOS使用的公钥文件public_key.der

openssl x509 -outform der -in rsaCert.crt -out public_key.der

5. 生成供iOS使用的私钥文件private_key.p12

openssl pkcs12 -export -out private_key.p12 -inkey private_key.pem -in rsaCert.crt

注意:这一步会提示给私钥文件设置密码,直接输入想要设置密码即可,然后敲回车,然后再验证刚才设置的密码,再次输入密码,然后敲回车,完毕!

在解密时,private_key.p12文件需要和这里设置的密码配合使用,因此需要牢记此密码.

6. 生成供Java使用的公钥rsa_public_key.pem

openssl rsa -in private_key.pem -out rsa_public_key.pem -pubout

7. 生成供Java使用的私钥pkcs8_private_key.pem

openssl pkcs8 -topk8 -in private_key.pem -out pkcs8_private_key.pem -nocrypt

全部执行成功后,会生成如下文件,其中public_key.der和private_key.p12就是iOS需要用到的文件,如下图:

二、将文件导入工程使用

1.新建工程, 并导入Security.framework框架, 如下图:

2.导入秘钥文件

导入.der和.p12格式的秘钥文件, 如下图:

3.新建用于加密、解密的类RSAEncryptor, 并实现相关方法

#import <Foundation/Foundation.h>

@interfaceRSAEncryptor:NSObject/**

*  加密方法

*

*  @param str  需要加密的字符串

*  @param path  '.der'格式的公钥文件路径

*/+ (NSString*)encryptString:(NSString*)str publicKeyWithContentsOfFile:(NSString*)path;/**

*  解密方法

*

*  @param str      需要解密的字符串

*  @param path      '.p12'格式的私钥文件路径

*  @param password  私钥文件密码

*/+ (NSString*)decryptString:(NSString*)str privateKeyWithContentsOfFile:(NSString*)path password:(NSString*)password;/**

*  加密方法

*

*  @param str    需要加密的字符串

*  @param pubKey 公钥字符串

*/+ (NSString*)encryptString:(NSString*)str publicKey:(NSString*)pubKey;/**

*  解密方法

*

*  @param str    需要解密的字符串

*  @param privKey 私钥字符串

*/+ (NSString*)decryptString:(NSString*)str privateKey:(NSString*)privacy;

@end

------------------------------------------------------------

#import "RSAEncryptor.h"

#import<Security/Security.h>

@implementation RSAEncryptor

staticNSString*base64_encode_data(NSData*data){   

 data = [data base64EncodedDataWithOptions:0];

NSString*ret = [[NSStringalloc] initWithData:data encoding:NSUTF8StringEncoding];return ret;

}

staticNSData*base64_decode(NSString*str){

NSData*data = [[NSDataalloc] initWithBase64EncodedString:str options:NSDataBase64DecodingIgnoreUnknownCharacters];

return data;

}

#pragma mark - 使用'.der'公钥文件加密

+ (NSString *)encryptString:(NSString *)str publicKeyWithContentsOfFile:(NSString *)path{

if (!str || !path)  return nil;

return [self encryptString:str publicKeyRef:[self getPublicKeyRefWithContentsOfFile:path]];

}

//获取公钥

+ (SecKeyRef)getPublicKeyRefWithContentsOfFile:(NSString*)filePath{

NSData*certData = [NSDatadataWithContentsOfFile:filePath];

if(!certData) {

return nil;   

 }   

 SecCertificateRef cert = SecCertificateCreateWithData(NULL, (CFDataRef)certData);    SecKeyRef key =NULL;  

  SecTrustRef trust =NULL;    

SecPolicyRef policy =NULL;

if(cert !=NULL) {       

 policy = SecPolicyCreateBasicX509();

if(policy) {

if(SecTrustCreateWithCertificates((CFTypeRef)cert, policy, &trust) == noErr) {                SecTrustResultType result;

if(SecTrustEvaluate(trust, &result) == noErr) {          

          key = SecTrustCopyPublicKey(trust);             

   }            }        }    }

if(policy)CFRelease(policy);

if(trust)CFRelease(trust);

if(cert)CFRelease(cert);

return key;}

+ (NSString*)encryptString:(NSString*)str publicKeyRef:(SecKeyRef)publicKeyRef{

if(![str dataUsingEncoding:NSUTF8StringEncoding])

{returnnil;    }

if(!publicKeyRef)

{returnnil;    }

NSData*data = [selfencryptData:[str dataUsingEncoding:NSUTF8StringEncoding] withKeyRef:publicKeyRef];

NSString*ret = base64_encode_data(data);

return ret;}

#pragma mark - 使用'.12'私钥文件解密//解密

+ (NSString*)decryptString:(NSString*)str privateKeyWithContentsOfFile:(NSString*)path password:(NSString*)password{

if(!str || !path)returnnil;if(!password) password =@"";

return[selfdecryptString:str privateKeyRef:[selfgetPrivateKeyRefWithContentsOfFile:path password:password]];

}

//获取私钥

+ (SecKeyRef)getPrivateKeyRefWithContentsOfFile:(NSString*)filePath password:(NSString*)password{

NSData*p12Data = [NSDatadataWithContentsOfFile:filePath];

if(!p12Data) {

return nil;   

 }   

 SecKeyRef privateKeyRef =NULL;

NSMutableDictionary* options = [[NSMutableDictionaryalloc] init];   

 [options setObject: password forKey:(__bridgeid)kSecImportExportPassphrase];

CFArrayRefitems =CFArrayCreate(NULL,0,0,NULL);    

OSStatus securityError = SecPKCS12Import((__bridgeCFDataRef) p12Data, (__bridgeCFDictionaryRef)options, &items);

if(securityError == noErr &&CFArrayGetCount(items) >0) {

CFDictionaryRefidentityDict =CFArrayGetValueAtIndex(items,0);       

 SecIdentityRef identityApp = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity);        

securityError = SecIdentityCopyPrivateKey(identityApp, &privateKeyRef);

if(securityError != noErr) {        

    privateKeyRef =NULL;        }    }

CFRelease(items);

return privateKeyRef;}

+ (NSString*)decryptString:(NSString*)str privateKeyRef:(SecKeyRef)privKeyRef{

NSData*data = [[NSDataalloc] initWithBase64EncodedString:str options:NSDataBase64DecodingIgnoreUnknownCharacters];

if(!privKeyRef) {

return nil;   

 }   

 data = [selfdecryptData:data withKeyRef:privKeyRef];

NSString*ret = [[NSStringalloc] initWithData:data encoding:NSUTF8StringEncoding];returner;}

#pragma mark - 使用公钥字符串加密

/* START: Encryption with RSA public key *///使用公钥字符串加密

+ (NSString*)encryptString:(NSString*)str publicKey:(NSString*)pubKey{

NSData*data = [selfencryptData:[str dataUsingEncoding:NSUTF8StringEncoding] publicKey:pubKey];

NSString*ret = base64_encode_data(data);returner;}

+ (NSData*)encryptData:(NSData*)data publicKey:(NSString*)pubKey{

if(!data || !pubKey){returning;    

}    

SecKeyRef keyRef = [selfaddPublicKey:pubKey];if(!keyRef){

return nil;  

  }

return[selfencryptData:data withKeyRef:keyRef];}

+ (SecKeyRef)addPublicKey:(NSString*)key{

NSRangespos = [key rangeOfString:@"-----BEGIN PUBLIC KEY-----"];

NSRangeepos = [key rangeOfString:@"-----END PUBLIC KEY-----"];

if(spos.location !=NSNotFound&& epos.location !=NSNotFound){NSUIntegers = spos.location + spos.length;

NSUIntegere = epos.location;NSRangerange =NSMakeRange(s, e-s);    

    key = [key substringWithRange:range];    }   

 key = [key stringByReplacingOccurrencesOfString:@"\r"withString:@""];   

 key = [key stringByReplacingOccurrencesOfString:@"\n"withString:@""]; 

   key = [key stringByReplacingOccurrencesOfString:@"\t"withString:@""];    

key = [key stringByReplacingOccurrencesOfString:@" "withString:@""];// This will be base64 encoded, decode it.NSData*data = base64_decode(key);    

data = [selfstripPublicKeyHeader:data];if(!data){return nil;   

 }

//a tag to read/write keychain storage

NSString*tag =@"RSAUtil_PubKey";

NSData*d_tag = [NSDatadataWithBytes:[tag UTF8String] length:[tag length]];

// Delete any old lingering key with the same tag

NSMutableDictionary*publicKey = [[NSMutableDictionaryalloc] init];   

 [publicKey setObject:(__bridgeid) kSecClassKey forKey:(__bridgeid)kSecClass];    [publicKey setObject:(__bridgeid) kSecAttrKeyTypeRSA forKey:(__bridgeid)kSecAttrKeyType]; 

   [publicKey setObject:d_tag forKey:(__bridgeid)kSecAttrApplicationTag];    SecItemDelete((__bridgeCFDictionaryRef)publicKey);

// Add persistent version of the key to system keychain

[publicKey setObject:data forKey:(__bridgeid)kSecValueData];   

 [publicKey setObject:(__bridgeid) kSecAttrKeyClassPublic forKey:(__bridgeid)    kSecAttrKeyClass];   

 [publicKey setObject:[NSNumbernumberWithBool:YES] forKey:(__bridgeid)    kSecReturnPersistentRef];

CFTypeRefpersistKey =nil;   

 OSStatus status = SecItemAdd((__bridgeCFDictionaryRef)publicKey, &persistKey);if(persistKey !=nil){CFRelease(persistKey);    

}

if((status != noErr) && (status != errSecDuplicateItem)) {returnnil;    }   

 [publicKey removeObjectForKey:(__bridgeid)kSecValueData];  

  [publicKey removeObjectForKey:(__bridgeid)kSecReturnPersistentRef];  

  [publicKey setObject:[NSNumbernumberWithBool:YES] forKey:(__bridgeid)kSecReturnRef];    

[publicKey setObject:(__bridgeid) kSecAttrKeyTypeRSA forKey:(__bridgeid)kSecAttrKeyType];

// Now fetch the SecKeyRef version of the keySecKeyRef

 keyRef =nil;   

 status = SecItemCopyMatching((__bridgeCFDictionaryRef)publicKey, (CFTypeRef*)&keyRef);if(status != noErr){returnnil;    }returnkeyRef;}

+ (NSData*)stripPublicKeyHeader:(NSData*)d_key{

// Skip ASN.1 public key header

if(d_key ==nil)return(nil);

unsignedlonglen = [d_key length];if(!len)return(nil);

unsignedchar*c_key = (unsignedchar*)[d_key bytes];unsignedintidx    =0;

if(c_key[idx++] !=0x30)return(nil);

if(c_key[idx] >0x80) idx += c_key[idx] -0x80+1;elseidx++;

// PKCS #1 rsaEncryption szOID_RSA_RSA

staticunsignedcharseqiod[] =    {0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00};

if(memcmp(&c_key[idx], seqiod,15))return(nil);   

 idx +=15;

if(c_key[idx++] !=0x03)return(nil);

if(c_key[idx] >0x80) idx += c_key[idx] -0x80+1;elseidx++;

if(c_key[idx++] !='\0')return(nil);

// Now make a new NSData from this buffer

return([NSDatadataWithBytes:&c_key[idx] length:len - idx]);}

+ (NSData*)encryptData:(NSData*)data withKeyRef:(SecKeyRef) keyRef{

constuint8_t *srcbuf = (constuint8_t *)[data bytes];    

size_t srclen = (size_t)data.length;  

  size_t block_size = SecKeyGetBlockSize(keyRef) *sizeof(uint8_t);

void*outbuf = malloc(block_size);   

 size_t src_block_size = block_size -11;

NSMutableData*ret = [[NSMutableDataalloc] init];for(intidx=0; idx src_block_size){            data_len = src_block_size;        }       

 size_t outlen = block_size;       

 OSStatus status = noErr;       

 status = SecKeyEncrypt(keyRef,                              kSecPaddingPKCS1,                              srcbuf + idx,                              data_len,                              outbuf,                              &outlen                              );if(status !=0) {

NSLog(@"SecKeyEncrypt fail. Error Code: %d", status);        

    ret =nil;break;        }else{          

  [ret appendBytes:outbuf length:outlen];        }    }    free(outbuf);CFRelease(keyRef);returner;}

/* END: Encryption with RSA public key */

#pragma mark - 使用私钥字符串解密

/* START: Decryption with RSA private key *///使用私钥字符串解密

+ (NSString*)decryptString:(NSString*)str privateKey:(NSString*)privacy{

if(!str)return nil;

NSData*data = [[NSDataalloc] initWithBase64EncodedString:str options:NSDataBase64DecodingIgnoreUnknownCharacters];   

 data = [selfdecryptData:data privateKey:privKey];

NSString*ret = [[NSStringalloc] initWithData:data encoding:NSUTF8StringEncoding];returner;}

+ (NSData*)decryptData:(NSData*)data privateKey:(NSString*)privacy{

if(!data || !privKey){returnnil;    }    

SecKeyRef keyRef = [selfaddPrivateKey:privKey];

if(!keyRef){return nil;  

  }

return[selfdecryptData:data withKeyRef:keyRef];}

+ (SecKeyRef)addPrivateKey:(NSString*)key{

NSRangespos = [key rangeOfString:@"-----BEGIN RSA PRIVATE KEY-----"];

NSRangeepos = [key rangeOfString:@"-----END RSA PRIVATE KEY-----"];

if(spos.location !=NSNotFound&& epos.location !=NSNotFound){NSUIntegers = spos.location + spos.length;

NSUIntegere = epos.location;NSRangerange =NSMakeRange(s, e-s);      

  key = [key substringWithRange:range];    }  

  key = [key stringByReplacingOccurrencesOfString:@"\r"withString:@""];    

key = [key stringByReplacingOccurrencesOfString:@"\n"withString:@""];  

  key = [key stringByReplacingOccurrencesOfString:@"\t"withString:@""];   

 key = [key stringByReplacingOccurrencesOfString:@" "withString:@""];

// This will be base64 encoded, decode it.NSData*data = base64_decode(key);  

  data = [selfstripPrivateKeyHeader:data];if(!data){return nil;   

 }

//a tag to read/write keychain storage

NSString*tag =@"RSAUtil_PrivKey";

NSData*d_tag = [NSDatadataWithBytes:[tag UTF8String] length:[tag length]];

// Delete any old lingering key with the same tag

NSMutableDictionary*privateKey = [[NSMutableDictionaryalloc] init];   

 [privateKey setObject:(__bridgeid) kSecClassKey forKey:(__bridgeid)kSecClass];    [privateKey setObject:(__bridgeid) kSecAttrKeyTypeRSA forKey:(__bridgeid)kSecAttrKeyType];    

[privateKey setObject:d_tag forKey:(__bridgeid)kSecAttrApplicationTag];    SecItemDelete((__bridgeCFDictionaryRef)privateKey);

// Add persistent version of the key to system keychain

[privateKey setObject:data forKey:(__bridgeid)kSecValueData];   

 [privateKey setObject:(__bridgeid) kSecAttrKeyClassPrivate forKey:(__bridgeid)    kSecAttrKeyClass];   

 [privateKey setObject:[NSNumbernumberWithBool:YES] forKey:(__bridgeid)    kSecReturnPersistentRef];

CFTypeRefpersistKey =nil; 

   OSStatus status = SecItemAdd((__bridgeCFDictionaryRef)privateKey, &persistKey);

if(persistKey !=nil){CFRelease(persistKey);    }

if((status != noErr) && (status != errSecDuplicateItem)) {return nil;   

 }   

 [privateKey removeObjectForKey:(__bridgeid)kSecValueData];  

  [privateKey removeObjectForKey:(__bridgeid)kSecReturnPersistentRef]; 

   [privateKey setObject:[NSNumbernumberWithBool:YES] forKey:(__bridgeid)kSecReturnRef];   

 [privateKey setObject:(__bridgeid) kSecAttrKeyTypeRSA forKey:(__bridgeid)kSecAttrKeyType];

// Now fetch the SecKeyRef version of the keySecKeyRef 

keyRef =nil;    

status = SecItemCopyMatching((__bridgeCFDictionaryRef)privateKey, (CFTypeRef*)&keyRef);if(status != noErr){return nil;    }

return keyRef;}

+ (NSData*)stripPrivateKeyHeader:(NSData*)d_key{

// Skip ASN.1 private key header

if(d_key ==nil)return(nil);

unsignedlonglen = [d_key length];if(!len)return(nil);

unsignedchar*c_key = (unsignedchar*)[d_key bytes];unsignedintidx    =22;

//magic byte at offset 22

if(0x04!= c_key[idx++])return nil;

//calculate length of the key

unsignedintc_len = c_key[idx++];

intdet = c_len &0x80;

if(!det) {        

c_len = c_len &0x7f;    }

else{

intbyteCount = c_len &0x7f;

if(byteCount + idx > len) 

{

//rsa length field longer than buffer

return nil;       

 }

unsignedintaccum =0;

unsignedchar*ptr = &c_key[idx];     

   idx += byteCount;

while(byteCount) {          

  accum = (accum <<8) + *ptr;        

    ptr++;          

  byteCount--;        }       

 c_len = accum;    }

// Now make a new NSData from this buffer return

[d_key subdataWithRange:NSMakeRange(idx, c_len)];}

+ (NSData*)decryptData:(NSData*)data withKeyRef:(SecKeyRef) keyRef{

constuint8_t *srcbuf = (constuint8_t *)[data bytes];  

  size_t srclen = (size_t)data.length;   

 size_t block_size = SecKeyGetBlockSize(keyRef) *sizeof(uint8_t);

UInt8*outbuf = malloc(block_size);   

 size_t src_block_size = block_size;

NSMutableData*ret = [[NSMutableDataalloc] init];for(intidx=0; idx src_block_size){            data_len = src_block_size;        }      

  size_t outlen = block_size;      

  OSStatus status = noErr;       

 status = SecKeyDecrypt(keyRef,                              kSecPaddingNone,                              srcbuf + idx,                              data_len,                              outbuf,                              &outlen                              );

if(status !=0) {

NSLog(@"SecKeyEncrypt fail. Error Code: %d", status);       

     ret =nil;break;        }

else{

//the actual decrypted data is in the middle, locate it!

int idxFirstZero =-1;

int idxNextZero = (int)outlen;for(inti =0; i < outlen; i++ ) {

if( outbuf[i] ==0) {

if( idxFirstZero <0) {                   

     idxFirstZero = i;              

      }else{                      

  idxNextZero = i;

break;               

     }                }            }           

 [ret appendBytes:&outbuf[idxFirstZero+1] length:idxNextZero-idxFirstZero-1];     

   }    }    

free(outbid);

CFRelease(keyRef);

return ret;}

/* END: Decryption with RSA private key */@end

4. 测试加密、解密

首先先测试使用.der和.p12秘钥文件进行加密、解密, 在ViewController.m中进行测试, 代码如下:

#import"ViewController.h"

#import"RSAEncryptor.h"

@interfaceViewController()

@end

@implementationViewController

- (void)viewDidLoad {   

 [superviewDidLoad];

//原始数据

NSString*originalString =@"这是一段将要使用'.der'文件加密的字符串!";

//使用.der和.p12中的公钥私钥加密解密

NSString*public_key_path = [[NSBundlemainBundle] pathForResource:@"public_key.der"ofType:nil];

NSString*private_key_path = [[NSBundlemainBundle] pathForResource:@"private_key.p12"ofType:nil];

NSString*encryptStr = [RSAEncryptor encryptString:originalString publicKeyWithContentsOfFile:public_key_path];NSLog(@"加密前:%@", originalString);

NSLog(@"加密后:%@", encryptStr);

NSLog(@"解密后:%@", [RSAEncryptor decryptString:encryptStr privateKeyWithContentsOfFile:private_key_path password:@"123456"]);}

- (void)didReceiveMemoryWarning {   

 [superdidReceiveMemoryWarning];

// Dispose of any resources that can be recreated.

}

@end

相关文章

网友评论

    本文标题:ios加密方法

    本文链接:https://www.haomeiwen.com/subject/wmpoqxtx.html