转自 --响铃 IOS rsa加密与解密
ras加密需要两组秘钥,一组公共秘钥,一组私有秘钥。
生成命令:
openssl req -x509 -out public_key.der -outform der -new -newkey rsa:2048 -keyout private_key.pem
public_key.der为公共秘钥文件,private_key.pem为私有秘钥文件。
生成ios可引用的私有秘钥文件.pfx:
1. OpenSSL rsa -in private_key.pem -out private_key.key
2. OpenSSL req -new -key private_key.key -out private_key.crt
3. OpenSSL x509 -req -days 3650 -in private_key.crt -signkey private_key.key -out rsaCert.crt
4. OpenSSL x509 -outform der -in rsaCert.crt -out rsaCert.der
5. OpenSSL pkcs12 -export -out private_key.pfx -inkey private_key.key -in rsaCert.crt
private_key.pfx即为生成的文件
公共秘钥的引用:
- (SecKeyRef)getPublicKey
{
SecCertificateRef myCertificate = nil;
NSString *path = [[NSBundle mainBundle] pathForResource:@"public_key" ofType:@"der"];
NSData *certificateData = [NSData dataWithContentsOfFile:path];
myCertificate = SecCertificateCreateWithData(kCFAllocatorDefault, (__bridgeCFDataRef)certificateData);
SecPolicyRef myPolicy = SecPolicyCreateBasicX509();
SecTrustRef myTrust;
OSStatus status = SecTrustCreateWithCertificates(myCertificate,myPolicy,&myTrust);
SecTrustResultType trustResult;
if (status == noErr) {
status = SecTrustEvaluate(myTrust, &trustResult);
}
return SecTrustCopyPublicKey(myTrust);
}
私有秘钥的引用
- (SecKeyRef)getPrivateKey
{
NSString *publicKeyPath = [[NSBundle mainBundle] pathForResource:@"private_key"ofType:@"pfx"];
NSData *pfxkeyData = [[NSData alloc]initWithContentsOfFile:publicKeyPath];
NSMutableDictionary * options = [[NSMutableDictionary alloc] init];
[options setObject:@"password" forKey:(__bridge id)kSecImportExportPassphrase];
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
OSStatus securityError = SecPKCS12Import((__bridge CFDataRef) pfxkeyData,
(__bridge CFDictionaryRef)options, &items);
CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
SecIdentityRef identityApp =
(SecIdentityRef)CFDictionaryGetValue(identityDict,
kSecImportItemIdentity);
assert(securityError == noErr);
SecKeyRef privateKeyRef;
SecIdentityCopyPrivateKey(identityApp, &privateKeyRef);
return privateKeyRef;
}
公钥加密:
- (NSData*)rsaEncryptWithData:(NSData*)data usingKey:(SecKeyRef)key{
size_t cipherBufferSize = SecKeyGetBlockSize(key);
uint8_t *cipherBuffer = malloc(cipherBufferSize * sizeof(uint8_t));
memset((void *)cipherBuffer, 0*0, cipherBufferSize);
NSData *plainTextBytes = data;
size_t blockSize = cipherBufferSize - 11;
size_t blockCount = (size_t)ceil([plainTextBytes length] / (double)blockSize);
NSMutableData *encryptedData = [NSMutableData dataWithCapacity:0];
for (int i=0; i<blockCount; i++) {
int bufferSize = MIN(blockSize,[plainTextBytes length] - i * blockSize);
NSData *buffer = [plainTextBytes subdataWithRange:NSMakeRange(i * blockSize, bufferSize)];
OSStatus status = SecKeyEncrypt(key,
kSecPaddingPKCS1,
(const uint8_t *)[buffer bytes],
[buffer length],
cipherBuffer,
&cipherBufferSize);
if (status == noErr){
NSData *encryptedBytes = [NSData dataWithBytes:(const void *)cipherBuffer length:cipherBufferSize];
[encryptedData appendData:encryptedBytes];
}else{
if (cipherBuffer) {
free(cipherBuffer);
}
return nil;
}
}
if (cipherBuffer) free(cipherBuffer);
return encryptedData;
}
私钥解密:
- (NSData*)rsaDecryptWithData:(NSData*)data usingKey:(SecKeyRef)key{
NSData *wrappedSymmetricKey = data;
size_t cipherBufferSize = SecKeyGetBlockSize(key);
size_t keyBufferSize = [wrappedSymmetricKey length];
NSMutableData *bits = [NSMutableData dataWithLength:keyBufferSize];
OSStatus sanityCheck = SecKeyDecrypt(key,
kSecPaddingPKCS1,
(const uint8_t *) [wrappedSymmetricKey bytes],
cipherBufferSize,
[bits mutableBytes],
&keyBufferSize);
NSAssert(sanityCheck == noErr, @"Error decrypting, OSStatus == %ld.", sanityCheck);
[bits setLength:keyBufferSize];
return bits;
}
加密解密网上有写好的ras.m,可以参考:
http://code4app.com/ios/RSA-Encrypt-and-Decrypt/5061d6476803faf86c000001