IOS中遇到的一些加密算法如下:
5.1 通过简单的URLENCODE + BASE64编码防止数据明文传输
5.2 对普通请求、返回数据,生成MD5校验(MD5中加入动态密钥),进行数据完整性(简单防篡改,安全性较低,优点:快速)校验。5.3 对于重要数据,使用RSA进行数字签名,起到防篡改作用。
5.4 对于比较敏感的数据,如用户信息(登陆、注册等),客户端发送使用RSA加密,服务器返回使用DES(AES)加密。
原因:客户端发送之所以使用RSA加密,是因为RSA解密需要知道服务器私钥,而服务器私钥一般盗取难度较大;如果使用DES的话,可以通过破解客户端获取密钥,安全性较低。而服务器返回之所以使用DES,是因为不管使用DES还是RSA,密钥(或私钥)都存储在客户端,都存在被破解的风险,因此,需要采用动态密钥,而RSA的密钥生成比较复杂,不太适合动态密钥,并且RSA速度相对较慢,所以选用DES)
把相关算法的代码也贴一下吧 (其实使用一些成熟的第三方库或许会来得更加简单,不过自己写,自由点)。注,这里的大部分加密算法都是参考一些现有成熟的算法,或者直接拿来用的。
1、MD5
//因为是使用category,所以木有参数传入啦
-( NSString *) stringFromMD5 {
if( self == nil || [ self length] == 0) {
return nil;
}
const char *value = [ self UTF8String];
unsigned char outputBuffer[ CC_MD5_DIGEST_LENGTH];
CC_MD5(value, strlen(value), outputBuffer);
NSMutableString *outputString = [[ NSMutableString alloc] initWithCapacity: CC_MD5_DIGEST_LENGTH * 2];
for( NSInteger count = 0; count < CC_MD5_DIGEST_LENGTH; count++){
[outputString appendFormat: @"%02x",outputBuffer[count]];
}
return [outputString autorelease];
}
2、Base64
+ ( NSString *) base64EncodeData: ( NSData *) objData {
const unsigned char * objRawData = [objData bytes];
char * objPointer;
char * strResult;
// Get the Raw Data length and ensure we actually have data
int intLength = [objData length];
if (intLength == 0) return nil;
// Setup the String-based Result placeholder and pointer within that placeholder
strResult = ( char *) calloc(((intLength + 2) / 3) * 4, sizeof( char));
objPointer = strResult;
// Iterate through everything
while (intLength > 2 ) { // keep going until we have less than 24 bits
*objPointer++ = _base64EncodingTable[objRawData[ 0] >> 2];
*objPointer++ = _base64EncodingTable[((objRawData[ 0] & 0x03) << 4) + (objRawData[ 1] >> 4)];
*objPointer++ = _base64EncodingTable[((objRawData[ 1] & 0x0f) << 2) + (objRawData[ 2] >> 6)];
*objPointer++ = _base64EncodingTable[objRawData[ 2] & 0x3f];
// we just handled 3 octets (24 bits) of data
objRawData += 3;
intLength -= 3;
}
// now deal with the tail end of things
if (intLength != 0) {
*objPointer++ = _base64EncodingTable[objRawData[ 0] >> 2];
if (intLength > 1) {
*objPointer++ = _base64EncodingTable[((objRawData[ 0] & 0x03) << 4) + (objRawData[ 1] >> 4)];
*objPointer++ = _base64EncodingTable[(objRawData[ 1] & 0x0f) << 2];
*objPointer++ = '=';
} else {
*objPointer++ = _base64EncodingTable[(objRawData[ 0] & 0x03) << 4];
*objPointer++ = '=';
*objPointer++ = '=';
}
}
// Terminate the string-based result
*objPointer = '\0';
NSString *rstStr = [ NSString stringWithCString :strResult encoding :NSASCIIStringEncoding ];
free(objPointer);
return rstStr;
}
3、AES
-( NSData*) EncryptAES: ( NSString *) key {
char keyPtr[kCCKeySizeAES256 + 1 ];
bzero(keyPtr, sizeof(keyPtr));
[key getCString :keyPtr maxLength : sizeof (keyPtr) encoding :NSUTF8StringEncoding ];
NSUInteger dataLength = [ self length];
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc(bufferSize);
size_t numBytesEncrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt (kCCEncrypt , kCCAlgorithmAES128 ,
kCCOptionPKCS7Padding | kCCOptionECBMode,
keyPtr, kCCBlockSizeAES128,
NULL,
[ self bytes], dataLength,
buffer, bufferSize,
&numBytesEncrypted);
if (cryptStatus == kCCSuccess) {
return [ NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
}
free(buffer);
return nil ;
}
4、RSA
- ( NSData *) encryptWithData:( NSData *)content {
size_t plainLen = [content length];
if (plainLen > maxPlainLen) {
NSLog (@"content(%ld) is too long, must < %ld" , plainLen, maxPlainLen );
return nil;
}
void *plain = malloc(plainLen);
[content getBytes:plain
length:plainLen];
size_t cipherLen = 128 ; // currently RSA key length is set to 128 bytes
void *cipher = malloc(cipherLen);
OSStatus returnCode = SecKeyEncrypt( publicKey, kSecPaddingPKCS1, plain,
plainLen, cipher, &cipherLen);
NSData *result = nil;
if (returnCode != 0) {
NSLog (@"SecKeyEncrypt fail. Error Code: %ld" , returnCode);
}
else {
result = [ NSData dataWithBytes:cipher
length:cipherLen];
}
free(plain);
free(cipher);
return result;
}
771
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
