ios apple语音性别
Security can be a significant concern for companies and developers building applications, especially in the medical field, where data breaches are severely penalized. This is where end-to-end encryption comes into play.
对于构建应用程序的公司和开发人员来说,安全性可能是一个重大问题,尤其是在医疗领域,数据泄露受到严重惩罚。 这是端到端加密发挥作用的地方。
In this guide, you’ll learn how to implement a basic end-to-end encryption flow in your Swift application for iOS, macOS, other Apple things, and even Linux, using Apple’s CryptoKit framework.
在本指南中,您将学习如何使用Apple的CryptoKit框架在iOS,macOS,其他Apple产品甚至Linux的Swift应用程序中实现基本的端到端加密流程。
什么是CryptoKit? (What Is CryptoKit?)
“CryptoKit is a new Swift framework that makes it easier and safer than ever to perform cryptographic operations, whether you simply need to compute a hash or are implementing a more advanced authentication protocol.” — WWDC19: Cryptography and Your Apps
“ CryptoKit是一个新的Swift框架,无论您只是需要计算散列还是要实现更高级的身份验证协议,它都比以往任何时候都更轻松,更安全地执行加密操作。” — WWDC19:密码学和您的应用
什么是端到端加密? (What Is End-to-End Encryption?)
“End-to-end encryption is a system of communication where the only people who can read the messages are the people communicating. No eavesdropper can access the cryptographic keys needed to decrypt the conversation — not even a company that runs the messaging service.” — Hacker Lexicon: What Is End-to-End Encryption
“ 端到端加密是一种通信系统,其中唯一可以读取消息的人员就是通信人员。 没有任何窃听者可以访问解密对话所需的加密密钥-甚至没有一家运行消息服务的公司。” — 黑客词典:什么是端到端加密
你需要什么 (What You Need)
CryptoKit is available on the following platforms:
CryptoKit在以下平台上可用:
- iOS 13.0+ iOS 13.0以上
- macOS 10.15+ macOS 10.15以上
- Mac Catalyst 13.0+ Mac Catalyst 13.0以上
- tvOS 13.0+ tvOS 13.0以上
- watchOS 6.0+ watchOS 6.0+
Linux (as Swift Crypto)
Linux(作为Swift Crypto )
步骤1.生成密钥对 (Step 1. Generating Key Pairs)
Cryptographic key pairs are central to end-to-end encryption: A public key is what you use to encrypt data for someone, and a private key is what you use to decrypt data that was encrypted for you. Each user in your application should have a key pair, with their public key available in a trusted service for other users to fetch and their private keys stored securely on their device. The trusted service can be written in Swift using Vapor or another language and framework of your choice. It’s just a service where an authenticated user can store a public key tied to their ID and other users can fetch it by providing the same identifier.
加密密钥对是端到端加密的核心:公用密钥是用于为某人加密数据的密钥,私钥是用于解密为您加密的数据的密钥。 应用程序中的每个用户都应具有一个密钥对,其公用密钥可在受信任的服务中使用,以供其他用户获取,并将其私钥安全地存储在其设备上。 可以使用Vapor或您选择的其他语言和框架以Swift编写受信任的服务。 这只是一项服务,经过身份验证的用户可以存储绑定到其ID的公共密钥,其他用户可以通过提供相同的标识符来获取它。
We will first generate a private key and then extract the associated public key from it, which will be sent to the trusted service. In this guide, we’ll use the Curve25519 algorithms, but the others should work similarly.
我们将首先生成一个私钥,然后从中提取关联的公钥,并将其发送到受信任的服务。 在本指南中,我们将使用Curve25519算法,但其他算法也应类似地工作。
The public key has a var rawRepresentation: Data property, which can be used to serialize it into the payload for the trusted service.
公钥具有var rawRepresentation: Data属性,可用于将其序列化为受信任服务的有效负载。
步骤2.加密数据 (Step 2. Encrypting Data)
To encrypt data for a user (recipient) you need to first fetch their public key from the trusted service.
要为用户(收件人)加密数据,您需要首先从受信任的服务中获取其公钥。
The initializer Curve25519.KeyAgreement.PublicKey(rawRepresentation: Data) can be used to deserialize the public key coming from the trusted service.
初始化程序Curve25519.KeyAgreement.PublicKey(rawRepresentation: Data)可用于反序列化来自受信任服务的公共密钥。
步骤2.1导出对称密钥 (Step 2.1 Deriving a symmetric key)
Public keys can’t be used to encrypt data directly. They’re used by the two parties communicating to agree on a symmetric key for encryption, via a Diffie-Hellmann key agreement. To do this, we will use the sender’s private key and the recipient’s public key to generate a shared secret from which we can derive the symmetric key using the HKDF key derivation function.
公钥不能用于直接加密数据。 双方通过Diffie-Hellmann密钥协议使用它们进行通信,以商定用于加密的对称密钥。 为此,我们将使用发件人的私钥和收件人的公钥来生成共享密钥,然后可以使用HKDF密钥派生函数从该秘密中派生对称密钥。
The protocol salt is a value that alters the outcome of the symmetric key derivation. Choose one that will remain constant for your use case, for example: "My Key Agreement Salt".data(using: .utf8)!. If you wish, you can store this symmetric key for later using the same strategy Apple recommends for the private key; however, it should be discarded if any of the communicating users' key pairs change.
协议盐是一个更改对称密钥派生结果的值。 选择一个对您的用例保持不变的示例,例如: "My Key Agreement Salt".data(using: .utf8)! 。 如果愿意,可以存储此对称密钥,以供以后使用Apple建议的相同策略使用。 但是,如果任何通信用户的密钥对发生更改,则应将其丢弃。
步骤2.2用对称密钥加密数据 (Step 2.2 Encrypting the data with the symmetric key)
Now we can finally use that symmetric key to perform the encryption. This job can be done by one of the ciphers CryptoKit supports. In this guide, we’ll use ChaChaPoly, which can be three times faster than AES in mobile devices, according to Adam Langley and other researchers.
现在,我们终于可以使用该对称密钥执行加密了。 可以通过CryptoKit支持的一种密码来完成此工作。 亚当·兰利 ( Adam Langley)和其他研究人员称 ,在本指南中,我们将使用ChaChaPoly ,它可以比移动设备中的AES快三倍。
The encryptedData can now be safely sent to our recipient.
现在可以将encryptedData安全地发送给我们的收件人。
步骤3.解密数据 (Step 3. Decrypting Data)
To decrypt the data received, the recipient will need to derive the same symmetric key used to encrypt the data. But before we can calculate it, we need the sender’s public key.
为了解密接收到的数据,接收者将需要导出用于加密数据的相同对称密钥。 但是在计算之前,我们需要发送者的公钥。
步骤3.1导出对称密钥 (Step 3.1 Deriving the symmetric key)
To derive the symmetric key, we will perform the same process we performed in step 2.1, except now, we will use the recipient’s private key and the sender’s public key. This will allows us to regenerate the shared secret, which we’ll use for the derivation of the same symmetric key.
要导出对称密钥,我们将执行与步骤2.1中相同的过程,除了现在,我们将使用接收者的私钥和发送者的公钥。 这将使我们能够重新生成共享密钥,并将其用于派生相同的对称密钥。
We just shared a symmetric key between users without it ever existing outside their devices.
我们只是在用户之间共享了对称密钥,而对称密钥却不在他们的设备外部。
步骤3.2使用对称密钥解密数据 (Step 3.2 Decrypting the data with the symmetric key)
Now we can use the symmetric key to decrypt the data.
现在我们可以使用对称密钥解密数据。
End-to-end encryption achieved.
实现了端到端加密。
结语 (Wrapping Up)
The process described in this guide guarantees one thing: encryption. This means the data encrypted for a user can only be decrypted by that user.
本指南中描述的过程保证了一件事情:加密。 这意味着为用户加密的数据只能由该用户解密。
Authentication and integrity are not guaranteed, which means that you cannot know for sure that the encrypted data came from someone in particular and that it was not modified in transit. As such, you are vulnerable to some forms of man-in-the-middle attacks.
不能保证身份验证和完整性 ,这意味着您无法确定加密数据是否特别来自某人,并且在传输过程中未对其进行修改。 因此,您容易受到某些形式的中间人攻击。
Forward secrecy is also not guaranteed, which means if a private key is compromised, all data encrypted for the key’s owner can be decrypted until they start using a new key. Schemes that provide forward secrecy have single-use keys, which, if stolen or cracked, will only compromise a subset of the data.
也不能保证前向保密性 ,这意味着,如果私钥遭到破坏,则可以解密为密钥所有者加密的所有数据,直到它们开始使用新密钥为止。 提供前向保密性的方案具有一次性密钥,如果密钥被盗或被破解,只会破坏一部分数据。
To guarantee these features, we’ll look into CryptoKit’s other capabilities in future articles. Thanks for reading, and stay tuned.
为了保证这些功能,我们将在以后的文章中研究CryptoKit的其他功能。 感谢您的阅读,敬请期待。
ios apple语音性别
540
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
