探索iOS设备数据安全：高效加密策略解析

大家好，关于探索iOS设备数据安全：高效加密策略解析很多朋友都还不太明白，不过没关系，因为今天小编就来为大家分享关于的知识点，相信应该可以解决大家的一些困惑和问题，如果碰巧可以解决您的问题，还望关注下本站哦，希望对各位有所帮助！

*/- (void)initSecurity{

//----使用第三方SFHFKeychainUtils-- //获取应用程序的唯一标识符-- NSString* bundleld=[NSBundle mainBundle].bundleIdentifier;

//引入头文件//#import "SFHFKeychainUtils.h"////

//删除用户//[SFHFKeychainUtils deleteItemForUsername:userName andServiceName:ServiceName error:nil];////

//存储账户密码//[SFHFKeychainUtils storeUsername:userName andPassword:passwordNew forServiceName:ServiceName updateExisting:YES error:nil];////

//根据用户名获取密码//NSString *passWord=[SFHFKeychainUtils getPasswordForUsername:userName andServiceName:ServiceName error:nil]; }

#pragma mark----指纹识别

/*1.指纹识别功能是在iPhone5S之后推出的，SDK是iOS8.0推出的。 2.目的：简化移动支付流程--------使用步骤----1。倒入框架#import2。获取当前系统版本号

3、实例化指纹识别对象，判断当前设备是否支持指纹识别功能（是否有TouchID）

- (void)initLAthentication{

//获得当前系统版本号

浮动版本=[UIDevice currentDevice].systemVersion.floatValue;

如果（版本8.0）{

NSLog(@"系统版本过低，请升级系统");

返回；

}

//----实例化指纹识别对象，判断当前设备是否支持指纹识别功能（是否有TouchID）---

//1.实例化指纹识别对象

LAContext* laCon=[[LAContext 分配]init];

//判断当前设备是否支持指纹识别功能

if (![laCon canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:NULL]) {

//如果设备不支持指纹识别功能

NSLog(@"设备不支持指纹识别功能");

返回；

}

//指纹登录-默认为异步方式

[laCon评估策略：LAPolicyDeviceOwnerAuthenticationWithBiometrics localizedReason:@"指纹登录"回复： ^（BOOL成功，NSError * _Nullable错误）{

//如果成功则说明指纹输入正确

如果（成功）{

NSLog(@"指纹识别成功");

}别的{

NSLog(@"指纹识别错误");

}

}];

}

#pragma mark----base64加密

/**

base64编码是现代密码学的基础

Base64加密：Base64加密不是加密算法，因为它的算法和用作密钥的索引表是公开的。其本质是将‘二进制’数据转换为字符串，方便HTTP协议的使用，用于公共代码加密和URL加密，防止数据明文传输。

特点：编码后的结果只有64个字符

//Base64加密

- (NSString *)base64Encode:(NSString* )str{

//转换为二进制数据

NSData* 数据=[str dataUsingEncoding:NSUTF8StringEncoding];

//进行Base64加密

返回[数据库64EncodedStringWithOptions:0]；

}

//Base64解密

- (NSString *)base64Decode:(NSString *)str{

NSData* 数据=[[NSData alloc]initWithBase64EncodedString:str options:0];

返回[[NSString alloc]initWithData:数据编码：NSUTF8StringEncoding]；

}

- (void)initBase64{

//1.加密文件

NSString* path=[[NSBundle mainBundle]pathForResource:@"menu_default" ofType:@"png"];

//获取需要加密的文件的二进制数据

NSData* 数据=[NSData dataWithContentsOfFile:path];

--------加密和解密只能通过NSData来进行，所以需要加密的数据必须先转换为NSData类型。

UIImage *img=[UIImage imageNamed:@"menu_default.png"];

//图像到数据

NSData *data=UIImageJPEGRepresentation(img, 0.7);

字符串加密

//将字符串转换为数据

NSString *str=@"编码字符串";

//将字符串转换为数据

NSData *data=[str dataUsingEncoding:NSUTF8StringEncoding];//13字节

//加密数据

NSData *encodeData=[数据库64EncodedDataWithOptions:0];//20字节

//解密数据

NSData *decodeData=[[NSData alloc] initWithBase64EncodedData:encodeData options:0];//13 个字节

//数据转字符串

NSString *decodeStr=[[NSString alloc] initWithData:decodeData 编码：NSUTF8StringEncoding];

NSLog(@"%@",decodeStr);//编码字符串

//base64EncodedStringWithOptions--加密

NSData* base64Data=[data base64EncodedDataWithOptions:0];

//获取要存储的沙河目录路径

NSArray* pathsArr=NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);

NSString* docDir=[pathsArr objectAtIndex:0];

NSString* pathSave=[docDir stringByAppendingPathComponent:@"test.txt"];

//存储加密后的文件

[base64Data writeToFile:path原子保存：YES];

//获取加密的二进制数据

NSData* baseSave64Data=[NSData dataWithContentsOfFile:pathSave];

//解密

NSData* baseData=[[NSData alloc]initWithBase64EncodedData:baseSave64Data options:0];

摘要： 1、对文件menu_default.png进行base64位操作，并将其存储为test.txt。如果是jpg也是同样的道理。

2、将test.txt转换为menu_default.png；（无论起点是menu_default.png还是menu_default.jpg）

3.//Base 64 对字符串"hello" 进行编码。结果是：aGVsbG8=cho "hello" | 64位基数

//将base64编码结果aGVsbG8=反转为字符串

回声aGVsbG8=| base64-D

UIImage* 图像=[UIImage imageWithData:baseData];

UIImageView* imageV=[[UIImageView 分配]init];

[self.view addSubview:imageV];

imageV.frame=CGRectMake(100, 100, 50, 50);

imageV.image=图像；

}

iOS开发-AES加解密算法在Objective-c中的实现

进口

@interface 地穴： NSObject

//+(NSData *)AES256EncryptWithKey:(NSString *)key Encrypttext:(NSData *)text; //加密

+(NSData *)AES256EncrypData:(NSData *)text WithKey:(NSString *)key; //加密

+(NSData *)AES256DecryptData:(NSData *)text WithKey:(NSString *)key; //解密

+(NSString *) AES256Encrypt:(NSString *)text WithKey:(NSString *)key;//加密

+(NSString *) AES256Decrypt:(NSString *)text WithKey:(NSString *)key;//解密

@结尾

#import "Crypt.h"

进口

@实现地穴

+(NSData *)AES256EncrypData:(NSData *)text WithKey:(NSString *)key //加密

{

char keyPtr[kCCKeySizeAES256+1];

bzero(keyPtr, sizeof(keyPtr));

[key getCString:keyPtr maxLength:sizeof(keyPtr) 编码：NSUTF8StringEncoding];

NSUInteger dataLength=[文本长度];

size_t bufferSize=dataLength + kCCBlockSizeAES128;

void *buffer=malloc(bufferSize);

size_t numBytesEncrypted=0;

CCCryptorStatus cryptStatus=CCCrypt(kCCEncrypt, kCCAlgorithmAES128,

kCCOptionPKCS7Padding | kCCOptionPKCS7Padding kCCOptionECB模式，

keyPtr，kCCBlockSizeAES128，

无效的，

[文本字节]，数据长度，

缓冲区，缓冲区大小，

已加密的字节数）；

if (cryptStatus==kCCSuccess) {

返回[NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted]；

}

自由（缓冲区）；

返回零；

}

+(NSData *)AES256DecryptData:(NSData *)text WithKey:(NSString *)key //解密

{

char keyPtr[kCCKeySizeAES256+1];

bzero(keyPtr, sizeof(keyPtr));

[key getCString:keyPtr maxLength:sizeof(keyPtr) 编码：NSUTF8StringEncoding];

NSUInteger dataLength=[文本长度];

size_t bufferSize=dataLength + kCCBlockSizeAES128;

void *buffer=malloc(bufferSize);

size_t numBytesDecrypted=0;

CCCryptorStatus cryptStatus=CCCrypt(kCCDecrypt, kCCAlgorithmAES128,

kCCOptionPKCS7Padding | kCCOptionPKCS7Padding kCCOptionECB模式，

keyPtr，kCCBlockSizeAES128，

无效的，

[文本字节]，数据长度，

缓冲区，缓冲区大小，

已解密的字节数）；

if (cryptStatus==kCCSuccess) {

返回[NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted]；

}

自由（缓冲区）；

返回零；

}

+(NSString *) AES256Encrypt:(NSString *)text WithKey:(NSString *)key

{

const char *cstr=[文本cStringUsingEncoding:NSUTF8StringEncoding];

NSData *data=[NSData dataWithBytes:cstr length:text.length];

//对数据进行加密

NSData *结果=[Crypt AES256EncrypData:data WithKey:key];

//转换为二进制字符串

if (结果结果.长度0) {

字节*数据=(字节*)[结果字节];

NSMutableString *输出=[NSMutableString stringWithCapacity:result.length * 2];

for(int i=0; i 结果.length; i++){

[输出appendFormat:@"%02x",datas[i]];

}

返回输出；

}

返回零；

}

+（NSString *）AES256Decrypt:（NSString *）文本WithKey:（NSString *）密钥{

//转换为二进制数据

NSMutableData *data=[NSMutableData dataWithCapacity:text.length/2];

无符号字符整个字节；

char byte_chars[3]={"","",""};

整数我；

for (i=0; i [文本长度]/2; i++) {

byte_chars[0]=[文本字符AtIndex:i*2];

byte_chars[1]=[文本字符AtIndex:i*2+1];

Whole_byte=strtol(byte_chars, NULL, 16);

[数据appendBytes:whole_byte长度：1];

}

//解密数据

NSData* 结果=[Crypt AES256DecryptData:data WithKey:key];

if (结果结果.长度0) {

返回[[NSString alloc] initWithData:结果编码：NSUTF8StringEncoding];

}

返回零；

}

@结尾

- - - - - - -用法- - - - - - - - - - - -

//NSString* GHD=[Crypt AES256Encrypt:@"value" WithKey:@"key"];

//NSString* sdf=[Crypt AES256Decrypt:GHD WithKey:@"key"];

//NSLog(@"sdf---%@",sdf);

//NSLog(@"%@",GHD);

NSData* DATA=[Crypt AES256EncrypData:[@"asd" dataUsingEncoding:NSUTF8StringEncoding] WithKey:@"KEY"];

NSData* XC=[加密AES256DecryptData:DATA WithKey:@"KEY"];

NSString* str=[[NSString alloc]initWithData:XC 编码：NSUTF8StringEncoding];

NSLog(@"%@",str);

iOS------MD5加密

/* MD5是消息摘要算法5（Message-Digest Algorithm 5），用于保证信息传输的完整一致。本质：就是将任意长度的字节串转换为一定长度的十六进制数字串。使用MD5 的好处：快速验证特性： 1. 输入两个不同的明文，不会得到相同的输出值2. 根据无法得到与原始明文相同的输出值，且过程不可逆（MD5 只能加密，不能解密）注意事项： 1、MD5加密位数是16位还是32位（大部分都是32位）一定要和后端开发者约定，16位可以通过32位转换得到。 MD5 加密区分大小写。使用时必须同意MD5解密网站后台：http://www.cmd5.com/需要先导入系统头文件#import */

--------------------------详细实现---------------------- - -

进口

@interface MD5Crypt : NSObject

/**

*MD5加密，32位小写

* @param str 传入需要加密的字符串

* @return 返回加密后的字符串

+(NSString *)MD5ForLower32Bate:(NSString *)str;

/**

*MD5加密，32位大写

* @param str 传入需要加密的字符串

* @return 返回加密后的字符串

+(NSString *)MD5ForUpper32Bate:(NSString *)str;

/**

* MD5加密，16位小写

* @param str 传入要加密的字符串

* @return 返回加密后的字符串

+(NSString *)MD5ForLower16Bate:(NSString *)str;

/**

* MD5加密，16位大写

* @param str 传入要加密的字符串

* @return 返回加密后的字符串

+(NSString *)MD5ForUpper16Bate:(NSString *)str;

@结尾

#import "MD5Crypt.h"

进口

@实现MD5Crypt

#pragma mark - 32 位小写

+(NSString *)MD5ForLower32Bate:(NSString *)str{

//转码UTF8

const char* 输入=[str UTF8String];

无符号字符结果[CC_MD5_DIGEST_LENGTH]；

CC_MD5(输入， (CC_LONG)strlen(输入), 结果);

NSMutableString *digest=[NSMutableString stringWithCapacity:CC_MD5_DIGEST_LENGTH * 2];

for (NSInteger i=0; i CC_MD5_DIGEST_LENGTH; i++) {

[摘要appendFormat:@"%02x",结果[i]];

}

返回摘要；

}

#pragma mark - 32 位大写

+(NSString *)MD5ForUpper32Bate:(NSString *)str{

//转码UTF8

const char* 输入=[str UTF8String];

无符号字符结果[CC_MD5_DIGEST_LENGTH]；

CC_MD5(输入， (CC_LONG)strlen(输入), 结果);

NSMutableString *digest=[NSMutableString stringWithCapacity:CC_MD5_DIGEST_LENGTH * 2];

for (NSInteger i=0; i CC_MD5_DIGEST_LENGTH; i++) {

[摘要appendFormat:@"%02X",结果[i]];

}

返回摘要；

}

#pragma mark - 16 位大写

+(NSString *)MD5ForUpper16Bate:(NSString *)str{

NSString *md5Str=[self MD5ForUpper32Bate:str];

NSString *字符串；

for (int i=0; i24; i++) {

字符串=[md5Str substringWithRange:NSMakeRange(8, 16)];

}

string; } #pragma mark - 16位小写 +(NSString *)MD5ForLower16Bate:(NSString *)str{ NSString *md5Str = [self MD5ForLower32Bate:str]; NSString *string; for (int i=0; i<24; i++) { string=[md5Str substringWithRange:NSMakeRange(8, 16)]; } return string; } @end -----------------用法------------------------- NSString *str1 = [MD5Crypt MD5ForLower16Bate:@"123456"]; NSLog(@"小写16位:%@", str1); NSString *str2 = [MD5Crypt MD5ForLower32Bate:@"123456"]; NSLog(@"小写32位:%@", str2); NSString *str3 = [MD5Crypt MD5ForUpper16Bate:@"123456"]; NSLog(@"大写16位:%@", str3); NSString *str4 = [MD5Crypt MD5ForUpper32Bate:@"123456"]; NSLog(@"大写32位:%@", str4); /* 因为MD5生成的简单字符串会被轻易的破解，所以要对她进行改进

1.加盐(Salt)：

在明文的固定位置插入随机串，然后在进行MD5 */ NSString* salt = @"salt"; NSString *str5 = [MD5Crypt MD5ForUpper32Bate:[@"123456" stringByAppendingString:salt]]; NSLog(@"大写32位:%@", str5);

注：加的盐必须足够长，足够保密或者可以计入时间戳

iOS--DES加解密

#import @interface DESCrypt : NSObject /****************************************************************************** 函数名称 : + (NSData *)DESEncrypt:(NSData *)data WithKey:(NSString *)key 函数描述 : 文本数据进行DES加密输入参数 : (NSData *)data (NSString *)key 输出参数 : N/A 返回参数 : (NSData *) 备注信息 : 此函数不可用于过长文本 ******************************************************************************/ + (NSData *)DESEncrypt:(NSData *)data WithKey:(NSString *)key;//加密 /****************************************************************************** 函数名称 : + (NSData *)DESEncrypt:(NSData *)data WithKey:(NSString *)key 函数描述 : 文本数据进行DES解密输入参数 : (NSData *)data (NSString *)key 输出参数 : N/A 返回参数 : (NSData *) 备注信息 : 此函数不可用于过长文本 ******************************************************************************/ + (NSData *)DESDecrypt:(NSData *)data WithKey:(NSString *)key;//解密 /****************************************************************************** 函数名称 :+ (NSString *)DESEncrypt:(NSString *)str withKey:(NSString *)key 函数描述 : 文本数据进行DES加密输入参数 : NSString *)str (NSString *)key 输出参数 : N/A 返回参数 : NSString *) 备注信息 : 此函数不可用于过长文本 ******************************************************************************/ + (NSString *)DESEncrypt:(NSString *)str withKey:(NSString *)key;//加密 /****************************************************************************** 函数名称 :+ (NSString *)DESDecrypt:(NSString *)str withKey:(NSString *)key 函数描述 : 文本数据进行DES解密输入参数 : NSString *)str (NSString *)key 输出参数 : N/A 返回参数 : NSString *) 备注信息 : 此函数不可用于过长文本 ******************************************************************************/ + (NSString *)DESDecrypt:(NSString *)str withKey:(NSString *)key;//解密 @end #import "DESCrypt.h" #import @implementation DESCrypt #pragma mark------加密 + (NSData *)DESEncrypt:(NSData *)data WithKey:(NSString *)key { char keyPtr[kCCKeySizeAES256+1]; bzero(keyPtr, sizeof(keyPtr)); [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding]; NSUInteger dataLength = [data length]; size_t bufferSize = dataLength + kCCBlockSizeAES128; void *buffer = malloc(bufferSize); size_t numBytesEncrypted = 0; CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmDES, kCCOptionPKCS7Padding | kCCOptionECBMode, keyPtr, kCCBlockSizeDES, NULL, [data bytes], dataLength, buffer, bufferSize, &numBytesEncrypted); if (cryptStatus == kCCSuccess) { return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted]; } free(buffer); return nil; } #pragma mark---解密 + (NSData *)DESDecrypt:(NSData *)data WithKey:(NSString *)key { char keyPtr[kCCKeySizeAES256+1]; bzero(keyPtr, sizeof(keyPtr)); [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding]; NSUInteger dataLength = [data length]; size_t bufferSize = dataLength + kCCBlockSizeAES128; void *buffer = malloc(bufferSize); size_t numBytesDecrypted = 0; CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmDES, kCCOptionPKCS7Padding | kCCOptionECBMode, keyPtr, kCCBlockSizeDES, NULL, [data bytes], dataLength, buffer, bufferSize, &numBytesDecrypted); if (cryptStatus == kCCSuccess) { return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted]; } free(buffer); return nil; } #pragma mark----加密 + (NSString *)DESEncrypt:(NSString *)str withKey:(NSString *)key{ NSData* data = [DESCrypt DESEncrypt:[str dataUsingEncoding:NSUTF8StringEncoding] WithKey:key]; return [[NSString alloc]initWithData:data encoding:NSUTF8StringEncoding]; } #pragma mark---解密 + (NSString *)DESDecrypt:(NSString *)str withKey:(NSString *)key{ NSData* data = [DESCrypt DESDecrypt:[str dataUsingEncoding:NSUTF8StringEncoding] WithKey:key]; return [[NSString alloc]initWithData:data encoding:NSUTF8StringEncoding]; } @end ---------------------用法----- // NSData* data = [DESCrypt DESEncrypt:[@"123" dataUsingEncoding:NSUTF8StringEncoding] WithKey:@"123"]; // NSData* data1 = [DESCrypt DESDecrypt:data WithKey:@"123"]; // NSLog(@"%@",[[NSString alloc]initWithData:data1 encoding:NSUTF8StringEncoding]);

base64和DES的结合

//Base64加密 - (NSString *)base64Encode:(NSString* )str{ //取项目的bundleIdentifier作为KEY NSString *key = [[NSBundle mainBundle] bundleIdentifier]; //转化为二进制数据 NSData* data = [str dataUsingEncoding:NSUTF8StringEncoding]; data = [DESCrypt DESEncrypt:[@"123" dataUsingEncoding:NSUTF8StringEncoding] WithKey:key]; //进行Base64加密 return [data base64EncodedStringWithOptions:0]; } //Base64解密 - (NSString *)base64Decode:(NSString *)str{ NSString *key = [[NSBundle mainBundle] bundleIdentifier]; NSData* data = [[NSData alloc]initWithBase64EncodedString:str options:0]; data = [DESCrypt DESDecrypt:data WithKey:key]; return [[NSString alloc]initWithData:data encoding:NSUTF8StringEncoding]; } ------------------用法---------------- NSString* str = [self base64Encode:@"123"]; NSLog(@"%@",str); NSString* str1 = [self base64Decode:str]; NSLog(@"%@",str1);

iOS------RSA加密

在iOS中使用RSA加密解密，需要用到.der和.p12后缀格式的文件，其中.der格式的文件存放的是公钥（Public key）用于加密，.p12格式的文件存放的是私钥（Private key）用于解密对于比较敏感的数据，如用户信息（登陆、注册等），客户端发送使用RSA加密，服务器返回使用DES(AES)加密，使用RSA进行数字签名，可以起到防篡改的作用；客户端之所以使用RSA加密，是因为RSA解密需要知道服务器私钥，而服务器私钥一般盗取难度较大 RSA使用公钥加密、私钥解密

一、使用openssl生成所需秘钥文件

生成环境是在mac系统下，使用openssl进行生成，首先打开终端，按下面这些步骤依次来做：

1. 生成模长为1024bit的私钥文件private_key.pem

openssl genrsa -out private_key.pem 1024

2. 生成证书请求文件rsaCertReq.csr

openssl req -new -key private_key.pem -out rsaCerReq.csr 注意：这一步会提示输入国家、省份、mail等信息，可以根据实际情况填写，或者全部不用填写，直接全部敲回车.

3. 生成证书rsaCert.crt，并设置有效时间为1年

openssl x509 -req -days 3650 -in rsaCerReq.csr -signkey private_key.pem -out rsaCert.crt

4. 生成供iOS使用的公钥文件public_key.der

openssl x509 -outform der -in rsaCert.crt -out public_key.der

5. 生成供iOS使用的私钥文件private_key.p12

openssl pkcs12 -export -out private_key.p12 -inkey private_key.pem -in rsaCert.crt 注意：这一步会提示给私钥文件设置密码，直接输入想要设置密码即可，然后敲回车，然后再验证刚才设置的密码，再次输入密码，然后敲回车，完毕！在解密时，private_key.p12文件需要和这里设置的密码配合使用，因此需要牢记此密码.

6. 生成供Java使用的公钥rsa_public_key.pem

openssl rsa -in private_key.pem -out rsa_public_key.pem -pubout

7. 生成供Java使用的私钥pkcs8_private_key.pem

openssl pkcs8 -topk8 -in private_key.pem -out pkcs8_private_key.pem -nocrypt 全部执行成功后，会生成如下文件，其中public_key.der和private_key.p12就是iOS需要用到的文件，如下图：

二、将文件导入工程使用

1.新建工程, 并导入Security.framework框架, 如下图:

2.导入秘钥文件

导入.der和.p12格式的秘钥文件, 如下图:

3.新建用于加密、解密的类RSAEncryptor, 并实现相关方法

#import @interfaceRSAEncryptor:NSObject/**

* 加密方法 * @param str 需要加密的字符串 * @param path ".der"格式的公钥文件路径 */+ (NSString*)encryptString:(NSString*)str publicKeyWithContentsOfFile:(NSString*)path;/** * 解密方法 * @param str 需要解密的字符串 * @param path ".p12"格式的私钥文件路径 * @param password 私钥文件密码 */+ (NSString*)decryptString:(NSString*)str privateKeyWithContentsOfFile:(NSString*)path password:(NSString*)password;/** * 加密方法 * @param str 需要加密的字符串 * @param pubKey 公钥字符串 */+ (NSString*)encryptString:(NSString*)str publicKey:(NSString*)pubKey;/** * 解密方法 * @param str 需要解密的字符串 * @param privKey 私钥字符串 */+ (NSString*)decryptString:(NSString*)str privateKey:(NSString*)privacy; @end #import "RSAEncryptor.h" #import @implementation RSAEncryptor staticNSString*base64_encode_data(NSData*data){ data = [data base64EncodedDataWithOptions:0]; NSString*ret = [[NSStringalloc] initWithData:data encoding:NSUTF8StringEncoding];return ret; } staticNSData*base64_decode(NSString*str){ NSData*data = [[NSDataalloc] initWithBase64EncodedString:str options:NSDataBase64DecodingIgnoreUnknownCharacters]; return data; } #pragma mark - 使用".der"公钥文件加密 + (NSString *)encryptString:(NSString *)str publicKeyWithContentsOfFile:(NSString *)path{ if (!str || !path) return nil; return [self encryptString:str publicKeyRef:[self getPublicKeyRefWithContentsOfFile:path]]; } //获取公钥 + (SecKeyRef)getPublicKeyRefWithContentsOfFile:(NSString*)filePath{ NSData*certData = [NSDatadataWithContentsOfFile:filePath]; if(!certData) { return nil; } SecCertificateRef cert = SecCertificateCreateWithData(NULL, (CFDataRef)certData); SecKeyRef key =NULL; SecTrustRef trust =NULL; SecPolicyRef policy =NULL; if(cert !=NULL) { policy = SecPolicyCreateBasicX509(); if(policy) { if(SecTrustCreateWithCertificates((CFTypeRef)cert, policy, &trust) == noErr) { SecTrustResultType result; if(SecTrustEvaluate(trust, &result) == noErr) { key = SecTrustCopyPublicKey(trust); } } } } if(policy)CFRelease(policy); if(trust)CFRelease(trust); if(cert)CFRelease(cert); return key;} + (NSString*)encryptString:(NSString*)str publicKeyRef:(SecKeyRef)publicKeyRef{ if(![str dataUsingEncoding:NSUTF8StringEncoding]) {returnnil; } if(!publicKeyRef) {returnnil; } NSData*data = [selfencryptData:[str dataUsingEncoding:NSUTF8StringEncoding] withKeyRef:publicKeyRef]; NSString*ret = base64_encode_data(data); return ret;} #pragma mark - 使用".12"私钥文件解密//解密 + (NSString*)decryptString:(NSString*)str privateKeyWithContentsOfFile:(NSString*)path password:(NSString*)password{ if(!str || !path)returnnil;if(!password) password =@""; return[selfdecryptString:str privateKeyRef:[selfgetPrivateKeyRefWithContentsOfFile:path password:password]]; } //获取私钥 + (SecKeyRef)getPrivateKeyRefWithContentsOfFile:(NSString*)filePath password:(NSString*)password{ NSData*p12Data = [NSDatadataWithContentsOfFile:filePath]; if(!p12Data) { return nil; } SecKeyRef privateKeyRef =NULL; NSMutableDictionary* options = [[NSMutableDictionaryalloc] init]; [options setObject: password forKey:(__bridgeid)kSecImportExportPassphrase]; CFArrayRefitems =CFArrayCreate(NULL,0,0,NULL); OSStatus securityError = SecPKCS12Import((__bridgeCFDataRef) p12Data, (__bridgeCFDictionaryRef)options, &items); if(securityError == noErr &&CFArrayGetCount(items) >0) { CFDictionaryRefidentityDict =CFArrayGetValueAtIndex(items,0); SecIdentityRef identityApp = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity); securityError = SecIdentityCopyPrivateKey(identityApp, &privateKeyRef); if(securityError != noErr) { privateKeyRef =NULL; } } CFRelease(items); return privateKeyRef;} + (NSString*)decryptString:(NSString*)str privateKeyRef:(SecKeyRef)privKeyRef{ NSData*data = [[NSDataalloc] initWithBase64EncodedString:str options:NSDataBase64DecodingIgnoreUnknownCharacters]; if(!privKeyRef) { return nil; } data = [selfdecryptData:data withKeyRef:privKeyRef]; NSString*ret = [[NSStringalloc] initWithData:data encoding:NSUTF8StringEncoding];returner;} #pragma mark - 使用公钥字符串加密 /* START: Encryption with RSA public key *///使用公钥字符串加密 + (NSString*)encryptString:(NSString*)str publicKey:(NSString*)pubKey{ NSData*data = [selfencryptData:[str dataUsingEncoding:NSUTF8StringEncoding] publicKey:pubKey]; NSString*ret = base64_encode_data(data);returner;} + (NSData*)encryptData:(NSData*)data publicKey:(NSString*)pubKey{ if(!data || !pubKey){returning; } SecKeyRef keyRef = [selfaddPublicKey:pubKey];if(!keyRef){ return nil; } return[selfencryptData:data withKeyRef:keyRef];} + (SecKeyRef)addPublicKey:(NSString*)key{ NSRangespos = [key rangeOfString:@"-----BEGIN PUBLIC KEY-----"]; NSRangeepos = [key rangeOfString:@"-----END PUBLIC KEY-----"]; if(spos.location !=NSNotFound&& epos.location !=NSNotFound){NSUIntegers = spos.location + spos.length; NSUIntegere = epos.location;NSRangerange =NSMakeRange(s, e-s); key = [key substringWithRange:range]; } key = [key stringByReplacingOccurrencesOfString:@"r"withString:@""]; key = [key stringByReplacingOccurrencesOfString:@"n"withString:@""]; key = [key stringByReplacingOccurrencesOfString:@"t"withString:@""]; key = [key stringByReplacingOccurrencesOfString:@" "withString:@""];// This will be base64 encoded, decode it.NSData*data = base64_decode(key); data = [selfstripPublicKeyHeader:data];if(!data){return nil; } //a tag to read/write keychain storage NSString*tag =@"RSAUtil_PubKey"; NSData*d_tag = [NSDatadataWithBytes:[tag UTF8String] length:[tag length]]; // Delete any old lingering key with the same tag NSMutableDictionary*publicKey = [[NSMutableDictionaryalloc] init]; [publicKey setObject:(__bridgeid) kSecClassKey forKey:(__bridgeid)kSecClass]; [publicKey setObject:(__bridgeid) kSecAttrKeyTypeRSA forKey:(__bridgeid)kSecAttrKeyType]; [publicKey setObject:d_tag forKey:(__bridgeid)kSecAttrApplicationTag]; SecItemDelete((__bridgeCFDictionaryRef)publicKey); // Add persistent version of the key to system keychain [publicKey setObject:data forKey:(__bridgeid)kSecValueData]; [publicKey setObject:(__bridgeid) kSecAttrKeyClassPublic forKey:(__bridgeid) kSecAttrKeyClass]; [publicKey setObject:[NSNumbernumberWithBool:YES] forKey:(__bridgeid) kSecReturnPersistentRef]; CFTypeRefpersistKey =nil; OSStatus status = SecItemAdd((__bridgeCFDictionaryRef)publicKey, &persistKey);if(persistKey !=nil){CFRelease(persistKey); } if((status != noErr) && (status != errSecDuplicateItem)) {returnnil; } [publicKey removeObjectForKey:(__bridgeid)kSecValueData]; [publicKey removeObjectForKey:(__bridgeid)kSecReturnPersistentRef]; [publicKey setObject:[NSNumbernumberWithBool:YES] forKey:(__bridgeid)kSecReturnRef]; [publicKey setObject:(__bridgeid) kSecAttrKeyTypeRSA forKey:(__bridgeid)kSecAttrKeyType]; // Now fetch the SecKeyRef version of the keySecKeyRef keyRef =nil; status = SecItemCopyMatching((__bridgeCFDictionaryRef)publicKey, (CFTypeRef*)&keyRef);if(status != noErr){returnnil; }returnkeyRef;} + (NSData*)stripPublicKeyHeader:(NSData*)d_key{ // Skip ASN.1 public key header if(d_key ==nil)return(nil); unsignedlonglen = [d_key length];if(!len)return(nil); unsignedchar*c_key = (unsignedchar*)[d_key bytes];unsignedintidx =0; if(c_key[idx++] !=0x30)return(nil); if(c_key[idx] >0x80) idx += c_key[idx] -0x80+1;elseidx++; // PKCS #1 rsaEncryption szOID_RSA_RSA staticunsignedcharseqiod[] = {0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00}; if(memcmp(&c_key[idx], seqiod,15))return(nil); idx +=15; if(c_key[idx++] !=0x03)return(nil); if(c_key[idx] >0x80) idx += c_key[idx] -0x80+1;elseidx++; if(c_key[idx++] !="")return(nil); // Now make a new NSData from this buffer return([NSDatadataWithBytes:&c_key[idx] length:len - idx]);} + (NSData*)encryptData:(NSData*)data withKeyRef:(SecKeyRef) keyRef{ constuint8_t *srcbuf = (constuint8_t *)[data bytes]; size_t srclen = (size_t)data.length; size_t block_size = SecKeyGetBlockSize(keyRef) *sizeof(uint8_t); void*outbuf = malloc(block_size); size_t src_block_size = block_size -11; NSMutableData*ret = [[NSMutableDataalloc] init];for(intidx=0; idx src_block_size){ data_len = src_block_size; } size_t outlen = block_size; OSStatus status = noErr; status = SecKeyEncrypt(keyRef, kSecPaddingPKCS1, srcbuf + idx, data_len, outbuf, &outlen );if(status !=0) { NSLog(@"SecKeyEncrypt fail. Error Code: %d", status); ret =nil;break; }else{ [ret appendBytes:outbuf length:outlen]; } } free(outbuf);CFRelease(keyRef);returner;} /* END: Encryption with RSA public key */ #pragma mark - 使用私钥字符串解密 /* START: Decryption with RSA private key *///使用私钥字符串解密 + (NSString*)decryptString:(NSString*)str privateKey:(NSString*)privacy{ if(!str)return nil; NSData*data = [[NSDataalloc] initWithBase64EncodedString:str options:NSDataBase64DecodingIgnoreUnknownCharacters]; data = [selfdecryptData:data privateKey:privKey]; NSString*ret = [[NSStringalloc] initWithData:data encoding:NSUTF8StringEncoding];returner;} + (NSData*)decryptData:(NSData*)data privateKey:(NSString*)privacy{ if(!data || !privKey){returnnil; } SecKeyRef keyRef = [selfaddPrivateKey:privKey]; if(!keyRef){return nil; } return[selfdecryptData:data withKeyRef:keyRef];} + (SecKeyRef)addPrivateKey:(NSString*)key{ NSRangespos = [key rangeOfString:@"-----BEGIN RSA PRIVATE KEY-----"]; NSRangeepos = [key rangeOfString:@"-----END RSA PRIVATE KEY-----"]; if(spos.location !=NSNotFound&& epos.location !=NSNotFound){NSUIntegers = spos.location + spos.length; NSUIntegere = epos.location;NSRangerange =NSMakeRange(s, e-s); key = [key substringWithRange:range]; } key = [key stringByReplacingOccurrencesOfString:@"r"withString:@""]; key = [key stringByReplacingOccurrencesOfString:@"n"withString:@""]; key = [key stringByReplacingOccurrencesOfString:@"t"withString:@""]; key = [key stringByReplacingOccurrencesOfString:@" "withString:@""]; // This will be base64 encoded, decode it.NSData*data = base64_decode(key); data = [selfstripPrivateKeyHeader:data];if(!data){return nil; } //a tag to read/write keychain storage NSString*tag =@"RSAUtil_PrivKey"; NSData*d_tag = [NSDatadataWithBytes:[tag UTF8String] length:[tag length]]; // Delete any old lingering key with the same tag NSMutableDictionary*privateKey = [[NSMutableDictionaryalloc] init]; [privateKey setObject:(__bridgeid) kSecClassKey forKey:(__bridgeid)kSecClass]; [privateKey setObject:(__bridgeid) kSecAttrKeyTypeRSA forKey:(__bridgeid)kSecAttrKeyType]; [privateKey setObject:d_tag forKey:(__bridgeid)kSecAttrApplicationTag]; SecItemDelete((__bridgeCFDictionaryRef)privateKey); // Add persistent version of the key to system keychain [privateKey setObject:data forKey:(__bridgeid)kSecValueData]; [privateKey setObject:(__bridgeid) kSecAttrKeyClassPrivate forKey:(__bridgeid) kSecAttrKeyClass]; [privateKey setObject:[NSNumbernumberWithBool:YES] forKey:(__bridgeid) kSecReturnPersistentRef]; CFTypeRefpersistKey =nil; OSStatus status = SecItemAdd((__bridgeCFDictionaryRef)privateKey, &persistKey); if(persistKey !=nil){CFRelease(persistKey); } if((status != noErr) && (status != errSecDuplicateItem)) {return nil; } [privateKey removeObjectForKey:(__bridgeid)kSecValueData]; [privateKey removeObjectForKey:(__bridgeid)kSecReturnPersistentRef]; [privateKey setObject:[NSNumbernumberWithBool:YES] forKey:(__bridgeid)kSecReturnRef]; [privateKey setObject:(__bridgeid) kSecAttrKeyTypeRSA forKey:(__bridgeid)kSecAttrKeyType]; // Now fetch the SecKeyRef version of the keySecKeyRef keyRef =nil; status = SecItemCopyMatching((__bridgeCFDictionaryRef)privateKey, (CFTypeRef*)&keyRef);if(status != noErr){return nil; } return keyRef;} + (NSData*)stripPrivateKeyHeader:(NSData*)d_key{ // Skip ASN.1 private key header if(d_key ==nil)return(nil); unsignedlonglen = [d_key length];if(!len)return(nil); unsignedchar*c_key = (unsignedchar*)[d_key bytes];unsignedintidx =22; //magic byte at offset 22 if(0x04!= c_key[idx++])return nil; //calculate length of the key unsignedintc_len = c_key[idx++]; intdet = c_len &0x80; if(!det) { c_len = c_len &0x7f; } else{ intbyteCount = c_len &0x7f; if(byteCount + idx >len) { //rsa length field longer than buffer return nil; } unsignedintaccum =0; unsignedchar*ptr = &c_key[idx]; idx += byteCount; while(byteCount) { accum = (accum<<8) + *ptr; ptr++; byteCount--; } c_len = accum; } // Now make a new NSData from this buffer return [d_key subdataWithRange:NSMakeRange(idx, c_len)];} + (NSData*)decryptData:(NSData*)data withKeyRef:(SecKeyRef) keyRef{ constuint8_t *srcbuf = (constuint8_t *)[data bytes]; size_t srclen = (size_t)data.length; size_t block_size = SecKeyGetBlockSize(keyRef) *sizeof(uint8_t); UInt8*outbuf = malloc(block_size); size_t src_block_size = block_size; NSMutableData*ret = [[NSMutableDataalloc] init];for(intidx=0; idx src_block_size){ data_len = src_block_size; } size_t outlen = block_size; OSStatus status = noErr; status = SecKeyDecrypt(keyRef, kSecPaddingNone, srcbuf + idx, data_len, outbuf, &outlen ); if(status !=0) { NSLog(@"SecKeyEncrypt fail. Error Code: %d", status); ret =nil;break; } else{ //the actual decrypted data is in the middle, locate it! int idxFirstZero =-1; int idxNextZero = (int)outlen;for(inti =0; i< outlen; i++ ) { if( outbuf[i] ==0) { if( idxFirstZero<0) { idxFirstZero = i; }else{ idxNextZero = i; break; } } } [ret appendBytes:&outbuf[idxFirstZero+1] length:idxNextZero-idxFirstZero-1]; } } free(outbid); CFRelease(keyRef); return ret;} /* END: Decryption with RSA private key */@end

4. 测试加密、解密

首先先测试使用.der和.p12秘钥文件进行加密、解密, 在ViewController.m中进行测试, 代码如下: #import"ViewController.h" #import"RSAEncryptor.h" @interfaceViewController() @end @implementationViewController - (void)viewDidLoad { [superviewDidLoad]; //原始数据 NSString*originalString =@"这是一段将要使用".der"文件加密的字符串!"; //使用.der和.p12中的公钥私钥加密解密 NSString*public_key_path = [[NSBundlemainBundle] pathForResource:@"public_key.der"ofType:nil]; NSString*private_key_path = [[NSBundlemainBundle] pathForResource:@"private_key.p12"ofType:nil]; NSString*encryptStr = [RSAEncryptor encryptString:originalString publicKeyWithContentsOfFile:public_key_path];NSLog(@"加密前:%@", originalString); NSLog(@"加密后:%@", encryptStr); NSLog(@"解密后:%@", [RSAEncryptor decryptString:encryptStr privateKeyWithContentsOfFile:private_key_path password:@"123456"]);} - (void)didReceiveMemoryWarning { [superdidReceiveMemoryWarning]; // Dispose of any resources that can be recreated.