本篇文章将涉及以下几个操作:
1、iOS端使用RSA公钥加密,iOS端使用RSA私钥解密。
2、iOS端使用RSA私钥加签,iOS端使用RSA公钥验签。
3、iOS端使用RSA公钥加密,Java端使用RSA私钥解密。
4、iOS端使用RSA私钥加签,Java端使用RSA公钥验签。
首先,RSA公钥私钥对,我是由Java端生成的。拿到测试的密钥之后,我在iOS端使用时,添加私钥失败,报错是-50。我后来查了一下资料,得知,Java的文件密钥格式是PKCS8,而iOS需要使用PKCS1格式。这就需要进行一次转换,操作步骤如下:
1、打开一个文本编辑器(我使用的是Sublime),将Java端给到的私钥拷贝进来,并在首行添加"-----BEGIN PRIVATE KEY-----",在末行添加"-----END PRIVATE KEY-----",完成后的效果是这样的:
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAIYKYkvsosqWTaweZPkY6UjD1wWoSHB+FNoaquoNGfWN8JEOH2ml76ZpuIK+y3qMfkxsJUxUZqpwvKu3MJMBYSyPsYsa9ifROektzGvbDgN//+QYsekafw6v3R+fhIr4+S7k9f3hfZa0DyiylqCZzP/5jRYygdCXm1GzbptZRdrVAgMBAAECgYARlts/S1Yxb3fR1ks5xOMYAVr+Cw82c9UYqdczz3RQnMeswUWt/3BrTgRAY/kfo8APF0HtukWeqByaC/f70nqFxbN4DnLiGsHQRKbFt2dPFV+333M7UIDYgb7Y5fmHmArFZ4ezY+WC24sSsu4+A836d0mfGjSIa03TUH8XI6X5IQJBAMfjcGC2l+TKQLQWODeJEAH2q8SoPsN6BzYUNlPMMJcVoyeqxzy/X/YcLqgdrZD+WrX8g6Y3+RkaRJ/CScDW+RMCQQCrqu0vkEZooNzpbX+o2NJAZL9gzgxXnDe9rH53OjYjbQdD7cacYZ1ZRxehL8/3itPIUy4tZpQbA5e5WL4bBQF3AkAyu914DqA658LIcqNOJTG07eDnBzT29HAEH9kyJ69liY5hsQzktEYs9zY4YV/+XzCy5Cad97L31hz4151UnruVAkBr0zSfh3NyDHg1dj2VBHsrTxyV5VYDQXARhuL4aGvQ3I6PsC3r07RNe0XwTGPIDD7xuK1sft3QCfWmyYK+3eoJAkEAnRxTqRFDbHLejtgLvgjIL52IAURRrliRbN9iyy4t1YqyfOHC7EF/Np11DoVGiBQZrbnPtI7OnNalfIf/l1cTKg==
-----END PRIVATE KEY-----
2、将这个文本存为pkcs8.pem,放在桌面。
3、打开终端,执行如下命令:
openssl rsa -in pkcs8.pem -out pkcs1.pem
完成后效果如下:
pkcs8转换
使用cat命令可以看到转换后的内容,我们需要把这个内容拷贝出来,这是我们需要的私钥。
接下来就是iOS端的加密与解密代码:
- (void)testEncryptAndDecrypt
{
NSString *string = [NSString stringWithFormat:@"name=wql&age=12&userId=10000&nickname=Kayle"];
//加密时密钥不需要转换
NSString *publicKey = @"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJ24IhJQ54nOYQjl49j9lmwUaJJs9RMoyOwfcEmyXrzKE50XyT3IUxYmfB65Zo4PTHb5OndJQnoJfabvHZVeNKj+9Tmi2BXMnQh3BEN2a6HRXBnkySUbLMf9stHrcoOvDsJrZ0PLA1oIZHEoLyKZD/NFqwA0Xng+Rjtf/o14FvIQIDAQAB";
NSString *privateKey = @"MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAInbgiElDnic5hCOXj2P2WbBRokmz1EyjI7B9wSbJevMoTnRfJPchTFiZ8Hrlmjg9Mdvk6d0lCegl9pu8dlV40qP71OaLYFcydCHcEQ3ZrodFcGeTJJRssx/2y0etyg68OwmtnQ8sDWghkcSgvIpkP80WrADReeD5GO1/+jXgW8hAgMBAAECgYBCkMCT+o2zRad9ZREyTqxeBoNlpFzEy1C9egEpszSrWEKdZX7u8rNJtkd9hqE5AS6QwlqcqBkFzXClo56aH/PAjIF/2dAhAhrdvNABrxB2h/PdUkTL5XCck1TNy04jzUgxULW/7BScQ0K68A7LNu7282ZzhIG0tYF0aCBObsLE8QJBANuC/iQIoT4aOrhMDwcHeRajgQrB7TekAw1BmOoXOGqzVOHl08b6Gv/NaYXM9QUwK84thpobjApl9+RTZ83jSm0CQQCgxdX9JVibTSRxKjj3XtxiqHnA6n+9zmiZAcgsV2Uo7bMnqsUPJ0CkgAZ4JA5DIDrni1wDM1O9NCRPH7SiKAcFAkBhaVkUbov3fjZOsNn+WY+fv0E1n+eASJVeHZ0ZTOKpXxmtAYuggj7XA7XvPYwCGGVoIoXX/59+wc9nEKhBErtlAkBbJk7gKuBFjELw9eM+PEXumV4OBeVOk0uyE9SNby8nOTytbKA0qyh3Gy6PxsFfRVKgG96a4erEBl/fjDY5CUCRAkEAkZh2Gl1QEnEO2SR/hNnKI60KpGWzt0JNva2EvUZV8eChK8LUqLktggM3M6BOV0jSxpP6YKM+X3eZeFpgvUO4iA==";
NSLog(@"加密前:%@",string);
//加密
NSString *encryptString = [RSAEncryptor encryptString:string publicKey:publicKey];
NSLog(@"加密后:%@",encryptString);
//本地解密
NSString *decryptString = [RSAEncryptor decryptString:encryptString privateKey:privateKey];
NSLog(@"解密后:%@",decryptString);
NSMutableDictionary *param = [NSMutableDictionary dictionary];
[param setObject:encryptString forKey:@"data"];
//后端解密
[self requestWithParam:param withUrlString:@"[http://localhost:8080/api/v1.0/testAPI4](http://localhost:8080/api/v1.0/testAPI4)"];
}
iOS端的签名与验签:
- (void)testSignAndVerify{
NSString *origin = @"1234567890";
//签名时 私钥需要是pkcs1格式,转换一下才可以使用
NSString *privateKey = @"MIICXAIBAAKBgQCGCmJL7KLKlk2sHmT5GOlIw9cFqEhwfhTaGqrqDRn1jfCRDh9ppe+mabiCvst6jH5MbCVMVGaqcLyrtzCTAWEsj7GLGvYn0TnpLcxr2w4Df//kGLHpGn8Or90fn4SK+Pku5PX94X2WtA8ospagmcz/+Y0WMoHQl5tRs26bWUXa1QIDAQABAoGAEZbbP0tWMW930dZLOcTjGAFa/gsPNnPVGKnXM890UJzHrMFFrf9wa04EQGP5H6PADxdB7bpFnqgcmgv3+9J6hcWzeA5y4hrB0ESmxbdnTxVft99zO1CA2IG+2OX5h5gKxWeHs2PlgtuLErLuPgPN+ndJnxo0iGtN01B/FyOl+SECQQDH43BgtpfkykC0Fjg3iRAB9qvEqD7Degc2FDZTzDCXFaMnqsc8v1/2HC6oHa2Q/lq1/IOmN/kZGkSfwknA1vkTAkEAq6rtL5BGaKDc6W1/qNjSQGS/YM4MV5w3vax+dzo2I20HQ+3GnGGdWUcXoS/P94rTyFMuLWaUGwOXuVi+GwUBdwJAMrvdeA6gOufCyHKjTiUxtO3g5wc09vRwBB/ZMievZYmOYbEM5LRGLPc2OGFf/l8wsuQmnfey99Yc+NedVJ67lQJAa9M0n4dzcgx4NXY9lQR7K08cleVWA0FwEYbi+Ghr0NyOj7At69O0TXtF8ExjyAw+8bitbH7d0An1psmCvt3qCQJBAJ0cU6kRQ2xy3o7YC74IyC+diAFEUa5YkWzfYssuLdWKsnzhwuxBfzaddQ6FRogUGa25z7SOzpzWpXyH/5dXEyo=";
//对数据进行加密
NSString *sign = [RSAEncryptor sign:origin withPriKey:privateKey];
NSLog(@"签名:%@",sign);
//后台验签
[self requestWithParam:@{@"sign":sign==nil?@"":sign} withUrlString:@"[http://localhost:8080/api/v1.0/testAPI3](http://localhost:8080/api/v1.0/testAPI3)"];
//本地验签
NSString *publicKey = @"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCGCmJL7KLKlk2sHmT5GOlIw9cFqEhwfhTaGqrqDRn1jfCRDh9ppe+mabiCvst6jH5MbCVMVGaqcLyrtzCTAWEsj7GLGvYn0TnpLcxr2w4Df//kGLHpGn8Or90fn4SK+Pku5PX94X2WtA8ospagmcz/+Y0WMoHQl5tRs26bWUXa1QIDAQAB";
BOOL success = [RSAEncryptor verify:origin signature:sign withPublivKey:publicKey];
NSLog(@"是否验证成功:%@",success?@"YES":@"NO");
}
核心代码在RSAEncryptor文件中。
然后是Java端验签:
@RequestMapping(value = "api/v1.0/testAPI3", method = RequestMethod.GET)
public Object queryThree(@RequestParam(value = "sign",required = true)String signStr){
String string = "1234567890";
boolean success = RSAUtil.verifyIdentify(string,signStr);
System.out.println("验证成功?======="+(success?"YES":"NO"));
return success;
}
Java端解密:
@RequestMapping(value = "api/v1.0/testAPI4", method = RequestMethod.GET)
public Object queryFour(@RequestParam(value = "data",required = true)String dataString){
String decryptData = RSAUtil.decrypt(dataString);
System.out.println("解密结果:"+decryptData);
return decryptData;
}
核心代码在RSAUtil中。
接下来是iOS端本地效果:
iOS本地效果
Java端的验签与解密效果:
Java端效果
可以看到我们的签名与验签是通过了,解密的数据Java端也是成功拿到了。
代码在这里(含Java的核心代码)
加油~