我的应用和服务器之间存在通信问题。我正在使用RNCryptor来加密消息,然后我将其编码并传输到请求中的服务器。这在DATA头中完成,在http体内作为后期数据完成。我想我在转换和转换方面犯了一个错误。通过POST传输base64编码的消息。
如果我通过标题收到加密邮件,它每次都会完全解密。但是,如果我通过POST数据获取消息,我会得到不同的结果。大多数情况下,它失败了,否则它会部分解密(前几个字母),大约20个左右成功的解密。
objective-c代码是:
- (NSString *)sendEncryptedTestMessage:(NSString *)address{
NSString* messageContent = @"Hello my name is Bob.";
NSError * error = nil;
NSString* responseString2 = nil;
NSData* postData = [RNEncryptor encryptData:[messageContent dataUsingEncoding:NSUTF8StringEncoding]
withSettings:kRNCryptorAES256Settings
password:@"123456"
error:&error];
NSString* messageServer = [NSString base64forData:postData];
NSString* postMessage = [@"message=" stringByAppendingString:messageServer];
postData = [postMessage dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES]; // problem here I think
NSString* postLength = [NSString stringWithFormat:@"%ld",(unsigned long)[postData length]];
NSURL* URLToRequest = [NSURL URLWithString:address];
NSMutableURLRequest* semisystem = [[[NSMutableURLRequest alloc] initWithURL:URLToRequest] autorelease];
[semisystem setHTTPMethod:@"POST"];
[semisystem setHTTPBody:postData];
[semisystem setValue:postLength forHTTPHeaderField:@"Content-Length"];
[semisystem setValue:self.activationURL forHTTPHeaderField:@"EncryptionKey"];
[semisystem setValue:messageServer forHTTPHeaderField:@"data"];
NSURLResponse* response;
NSData* data = [NSURLConnection sendSynchronousRequest:semisystem
returningResponse:&response
error:&error];
responseString2 = [NSString stringWithFormat:@"%.*s", (int)[data length], [data bytes]];
return responseString2;
}
PHP代码:
function decrypt2($b64_data,$password)
{
// back to binary
//$bin_data = mb_convert_encoding($b64_data, "UTF-8", "BASE64");
$bin_data = base64_decode($b64_data);
// extract salt
$salt = substr($bin_data, 2, 8);
// extract HMAC salt
$hmac_salt = substr($bin_data, 10, 8);
// extract IV
$iv = substr($bin_data, 18, 16);
// extract data
$data = substr($bin_data, 34, strlen($bin_data) - 34 - 32);
$dataWithoutHMAC = chr(2).chr(1).$salt.$hmac_salt.$iv.$data;
// extract HMAC
$hmac = substr($bin_data, strlen($bin_data) - 32);
// make HMAC key
$hmac_key = pbkdf2('SHA1', $password, $hmac_salt, 10000, 32, true);
// make HMAC hash
$hmac_hash = hash_hmac('sha256', $dataWithoutHMAC , $hmac_key, true);
// check if HMAC hash matches HMAC
if($hmac_hash != $hmac) {
echo "HMAC mismatch".$nl.$nl.$nl;
// return false;
}
// make data key
$key = pbkdf2('SHA1', $password, $salt, 10000, 32, true);
// decrypt
$ret = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, $iv);
return $ret;
}
$passkey = "123456";
$messageBase64 = $_POST['message'];// THIS barely works
$messageBase64 = $_SERVER['HTTP_DATA'];// THIS WORKS
$message = decrypt2($messageBase64,$passkey);
非常感谢提前!
答案 0 :(得分:3)
我知道这是一个老问题,但很长一段时间我使用相同的解决方案,问题是我们在向服务器发出请求之前没有正确编码url。文档说:
According to RFC 3986, the reserved characters in a URL are:
reserved = gen-delims / sub-delims
gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"
sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
/ "*" / "+" / "," / ";" / "="
以下是如何编码字符串:/
CFStringRef encodedString =
CFURLCreateStringByAddingPercentEscapes(
kCFAllocatorDefault,
(__bridge CFStringRef)(originalString),
NULL,
CFSTR(":/?#[]@!$&'()*+,;="),kCFStringEncodingUTF8);
再次获得字符串:
NSString* stringEncoded = CFBridgingRelease
(CFURLCreateWithString(kCFAllocatorDefault, encodedString, NULL));
我认为这是我们能做的最好的事情,因为我们确保字符串将被正确编码,并且在请求期间,符号不会被替换为其他东西。 这里是参考:
答案 1 :(得分:2)
我刚刚找到了解决方案。在请求期间,服务器将'+'符号解释为空格,从而破坏了base64代码。以下行解决了这个问题:
postMessage = [postMessage stringByReplacingOccurrencesOfString:@"+" withString:@"%2B"];
答案 2 :(得分:-1)