使用安全框架加密和解密

时间:2012-12-12 11:54:19

标签: iphone ios security encryption aes

我正在使用以下代码进行文件加密和解密,

- (NSData *) AESEncrypt:(NSString *)key withData:(NSData *)fileData {

    // 'key' should be 32 bytes for AES256, will be null-padded otherwise
    char keyPtr[kCCKeySizeAES256+1]; // room for terminator (unused)
    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding)

    // fetch key data
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];

    NSUInteger dataLength = [fileData length];

    //See the doc: For block ciphers, the output size will always be less than or
    //equal to the input size plus the size of one block.
    //That's why we need to add the size of one block here
    size_t bufferSize = dataLength + kCCBlockSizeAES128;
    void *buffer = malloc(bufferSize);

    size_t numBytesEncrypted = 0;
    CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,keyPtr, kCCKeySizeAES256,
                                          NULL /* initialization vector (optional) */,
                                          [fileData bytes], dataLength, /* input */
                                          buffer, bufferSize, /* output */
                                          &numBytesEncrypted);
    if (cryptStatus == kCCSuccess) {
        //the returned NSData takes ownership of the buffer and will free it on deallocation
        return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
    }

    free(buffer); //free the buffer;
    return nil;
}

并使用

解密 
- (NSData *) AESDecrypt:(NSString *)key withData:(NSData *)fileData {

    // 'key' should be 32 bytes for AES256, will be null-padded otherwise
    char keyPtr[kCCKeySizeAES256+1]; // room for terminator (unused)
    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding)

    // fetch key data
    //[key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];

    NSUInteger dataLength = [fileData length];

    //See the doc: For block ciphers, the output size will always be less than or
    //equal to the input size plus the size of one block.
    //That's why we need to add the size of one block here
    size_t bufferSize = dataLength + kCCBlockSizeAES128;
    void *buffer = malloc(bufferSize);

    size_t numBytesDecrypted = 0;
    CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,keyPtr, kCCKeySizeAES256,                          NULL /* initialization vector (optional) */,
                                          [fileData bytes], dataLength, /* input */
                                          buffer, bufferSize, /* output */
                                          &numBytesDecrypted);

    if (cryptStatus == kCCSuccess) {
        //the returned NSData takes ownership of the buffer and will free it on deallocation
        return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];
    }

    free(buffer); //free the buffer;
    return nil;
}

哪个工作正常。但看起来它正在使用AES256,但我想将其更改为AES128,因此我将第一行从char keyPtr[kCCKeySizeAES256+1];更改为char keyPtr[kCCKeySizeAES128+1];

我改变了,只有加密才有效。解密工作不正常。谁能告诉我为什么?

1 个答案:

答案 0 :(得分:0)

一个问题是您将一个键与一串字符混淆。密钥不是字符串,而是二进制数据。你用零填充,但密钥也可以包含零,所以任何终结符都不合适。

如果要从密码创建密钥,请选择字符编码,将密码转换为该编码,并将结果与​​盐和迭代计数一起提供给PBKDF2等函数。

相关问题
最新问题