With the following method i can successfully encrypt a NSData-Object which is not bigger than the 256Bit:
使用以下方法,我可以成功加密不大于256Bit的NSData-Object:
OSStatus SecCertificateCopyPublicKey (
SecCertificateRef certificate,
SecKeyRef *key
);
- (NSData *)encryptWithData:(NSData *)content {
OSStatus result = -1;
NSData *plainTextData = content;//[@"123456789" dataUsingEncoding:NSUTF8StringEncoding];
size_t plainTextLength = [plainTextData length];
SecTrustRef trustRef;
SecTrustResultType trustResult;
SecPolicyRef policy = SecPolicyCreateBasicX509();
NSData *certificateData = [self getPublicKey];
SecCertificateRef cert = NULL;
if( [certificateData length] ) {
cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certificateData);
if( cert != NULL ) {
CFStringRef certSummary = SecCertificateCopySubjectSummary(cert);
NSString* summaryString = [[NSString alloc] initWithString:(__bridge NSString*)certSummary];
NSLog(@"CERT SUMMARY: %@", summaryString);
CFRelease(certSummary);
} else {
NSLog(@" *** ERROR *** trying to create the SSL certificate from data located, but failed");
}
}
result = SecTrustCreateWithCertificates(cert, policy, &trustRef);
if (result != errSecSuccess) {
NSLog(@"Trust create failed with code: %d",(int)result);
return nil;
}
result = SecTrustEvaluate(trustRef, &trustResult);
if (result != errSecSuccess) {
NSLog(@"Trust eval failed with code: %d",(int)result);
CFRelease(trustRef);
return nil;
}
SecKeyRef publicKey = SecTrustCopyPublicKey(trustRef);
uint8_t *cipherTextBuf = NULL;
size_t keyBlockSize = SecKeyGetBlockSize(publicKey);
int maxInputSize = keyBlockSize - 11; //If using PKCS1 Padding, else keyBlockSize
size_t cipherTextLen = keyBlockSize;
if (plainTextLength > maxInputSize) {
//Fail
NSLog(@"Data size is larger than max permitted!");
CFRelease(trustRef);
CFRelease(publicKey);
CFRelease(policy);
return nil;
}
cipherTextBuf = malloc(sizeof(uint8_t)*keyBlockSize);
memset(cipherTextBuf,0,keyBlockSize);
//result = SecKeyEncrypt(publicKey, kSecPaddingPKCS1, plainTextBuf, plainTextLength, cipherTextBuf, &cipherTextLen);
result = SecKeyEncrypt(publicKey, kSecPaddingPKCS1, (const uint8_t *)[plainTextData bytes], plainTextLength, cipherTextBuf, &cipherTextLen);
NSData *cipherText = nil;
if (result == errSecSuccess) {
cipherText = [NSData dataWithBytes:cipherTextBuf length:cipherTextLen];
} else {
NSLog(@"Error detected: %d",(int)result);
}
free(cipherTextBuf);
cipherTextBuf = NULL;
CFRelease(trustRef);
CFRelease(publicKey);
CFRelease(policy);
return cipherText;
}
-(NSData *)getPublicKey
{
NSString *filePath = [[NSBundle mainBundle] pathForResource:@"public_key" ofType:@"cer"];
NSData *myData = [NSData dataWithContentsOfFile:filePath];
return myData;
}
But how would i encrypt a file which is larger than 256Bit?!
但是我如何加密大于256Bit的文件?!
1 个解决方案
#1
2
The general procedure is to asymmetrically (with RSA for example) transfer a symmetric key that can be used to encrypt/decrypt your payload with a symmetric cipher like AES (in combination with a block cipher mode like CBC). If possible you should avoid building such crypto yourself though. A rather user friendly library is NaCl for which the Sodium implementation purportedly can be used with iOS.
一般过程是非对称地(例如,使用RSA)传输对称密钥,该密钥可用于使用AES等对称密码加密/解密您的有效负载(结合CBC等分组密码模式)。如果可能的话,你应该避免自己建立这样的加密。一个相当用户友好的库是NaCl,其中Sodium实现据称可以与iOS一起使用。
#1
2
The general procedure is to asymmetrically (with RSA for example) transfer a symmetric key that can be used to encrypt/decrypt your payload with a symmetric cipher like AES (in combination with a block cipher mode like CBC). If possible you should avoid building such crypto yourself though. A rather user friendly library is NaCl for which the Sodium implementation purportedly can be used with iOS.
一般过程是非对称地(例如,使用RSA)传输对称密钥,该密钥可用于使用AES等对称密码加密/解密您的有效负载(结合CBC等分组密码模式)。如果可能的话,你应该避免自己建立这样的加密。一个相当用户友好的库是NaCl,其中Sodium实现据称可以与iOS一起使用。