IOS常用加密算法
1 通過簡單的URLENCODE + BASE64編碼防止數據明文傳輸
2 對普通請求、返回數據,生成MD5校驗(MD5中加入動態密鑰),進行數據完整性(簡單防篡改,安全性較低,優點:快速)校驗。
3 對于重要數據,使用RSA進行數字簽名,起到防篡改作用。
4 對于比較敏感的數據,如用戶信息(登陸、注冊等),客戶端發送使用RSA加密,服務器返回使用DES(AES)加密。
原因:客戶端發送之所以使用RSA加密,是因為RSA解密需要知道服務器私鑰,而服務器私鑰一般盜取難度較大;如果使用DES的話,可以通過破解客戶端獲 取密鑰,安全性較低。而服務器返回之所以使用DES,是因為不管使用DES還是RSA,密鑰(或私鑰)都存儲在客戶端,都存在被破解的風險,因此,需要采 用動態密鑰,而RSA的密鑰生成比較復雜,不太適合動態密鑰,并且RSA速度相對較慢,所以選用DES)
把相關算法的代碼也貼一下吧 (其實使用一些成熟的第三方庫或許會來得更加簡單,不過自己寫,自由點)。注,這里的大部分加密算法都是參考一些現有成熟的算法,或者直接拿來用的。
1、MD5
//因為是使用category,所以木有參數傳入啦
-(NSString ) stringFromMD5 {
if(self == nil || [self length] == ) {
return nil;
}
const char value = [self UTF8String];
unsigned char outputBuffer[CC_MD5_DIGEST_LENGTH];
CC_MD5(value, strlen(value), outputBuffer);
NSMutableString outputString = [[NSMutableString alloc] initWithCapacity:CC_MD5_DIGEST_LENGTH 2];
for(NSInteger count = ; count < CC_MD5_DIGEST_LENGTH; count++){
[outputString appendFormat:@"%02x",outputBuffer[count]];
}
return [outputString autorelease];
}
2、Base64
+ (NSString ) base64EncodeData: (NSData ) objData {
const unsigned char objRawData = [objData bytes];
char objPointer;
char strResult;
// Get the Raw Data length and ensure we actually have data
int intLength = [objData length];
if (intLength == ) return nil;
// Setup the String-based Result placeholder and pointer within that placeholder
strResult = (char )calloc(((intLength + 2) / 3) 4, sizeof(char));
objPointer = strResult;
// Iterate through everything
while (intLength > 2) { // keep going until we have less than 24 bits
objPointer++ = _base64EncodingTable[objRawData[] >> 2];
objPointer++ = _base64EncodingTable[((objRawData[] & 0x03) << 4) + (objRawData[1] >> 4)];
objPointer++ = _base64EncodingTable[((objRawData[1] & 0x0f) << 2) + (objRawData[2] >> 6)];
objPointer++ = _base64EncodingTable[objRawData[2] & 0x3f];
// we just handled 3 octets (24 bits) of data
objRawData += 3;
intLength -= 3;
}
// now deal with the tail end of things
if (intLength != ) {
objPointer++ = _base64EncodingTable[objRawData[] >> 2];
if (intLength > 1) {
objPointer++ = _base64EncodingTable[((objRawData[] & 0x03) << 4) + (objRawData[1] >> 4)];
objPointer++ = _base64EncodingTable[(objRawData[1] & 0x0f) << 2];
objPointer++ = '=';
} else {
objPointer++ = _base64EncodingTable[(objRawData[] & 0x03) << 4];
objPointer++ = '=';
objPointer++ = '=';
}
}
// Terminate the string-based result
objPointer = '\0';
NSString rstStr = [NSString stringWithCString:strResult encoding:NSASCIIStringEncoding];
free(objPointer);
return rstStr;
}
3、AES
-(NSData) EncryptAES: (NSString ) key {
char keyPtr[kCCKeySizeAES256+1];
bzero(keyPtr, sizeof(keyPtr));
[key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];
NSUInteger dataLength = [self length];
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void buffer = malloc(bufferSize);
size_t numBytesEncrypted = ;
CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128,
kCCOptionPKCS7Padding | kCCOptionECBMode,
keyPtr, kCCBlockSizeAES128,
NULL,
[self bytes], dataLength,
buffer, bufferSize,
&numBytesEncrypted);
if (cryptStatus == kCCSuccess) {
return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
}
free(buffer);
return nil;
}
4、RSA
- (NSData ) encryptWithData:(NSData )content {
size_t plainLen = [content length];
if (plainLen > maxPlainLen) {
NSLog(@"content(%ld) is too long, must < %ld", plainLen, maxPlainLen);
return nil;
}
void plain = malloc(plainLen);
[content getBytes:plain
length:plainLen];
size_t cipherLen = 128; // currently RSA key length is set to 128 bytes
void cipher = malloc(cipherLen);
OSStatus returnCode = SecKeyEncrypt(publicKey, kSecPaddingPKCS1, plain,
plainLen, cipher, &cipherLen);
NSData result = nil;
if (returnCode != ) {
NSLog(@"SecKeyEncrypt fail. Error Code: %ld", returnCode);
}
else {
result = [NSData dataWithBytes:cipher
length:cipherLen];
}
free(plain);
free(cipher);
return result;
}