我将在此处列出我的代码,并希望您告诉我,我在两个应用程序之间传输机密用户数据的方法是否安全。我们非常重视公司的安全,所以请帮我弄清楚我是否做得对。
开始 - 我正在使用自定义URL方案来启动应用A以启动应用B并在两者之间传输一些数据。通过URL启动时,应用B将检查应用A的身份,并仅在应用A被授权发送此类数据时才使用传输的数据。
我拿了一个密码&应用程序A中的用户名,将它们编码为数据,加密数据,将NSData描述转换为字符串,然后在URL请求中发送。我创建了一个名为LaunchEkoApp的对象,它使用launchEkoAppWithUsername方法处理它。
// This is called by my main class in App A
- (void)banishUserToOtherApp
{
LaunchEkoApp *launcher = [[LaunchEkoApp alloc] init];
[launcher launchEkoAppWithUsername:@"?!+=WhateverUsernameYouWant=+!?" password:@"123456"];
@autoreleasepool {
launcher = nil;
}
}
LaunchEkoApp对象中的相关代码如下:
#import "LaunchEkoApp.h"
#import "NSData+AESCrypt.h"// Encrypt data for transfer between apps
#import <UIKit/UIKit.h> // Used to launch URL
@implementation LaunchEkoApp
#pragma mark - Encrypt Methods
- (void) launchEkoAppWithUsername: (NSString*) username password:(NSString*) password{
NSData *uData = [[NSData alloc] initWithData:[[username dataUsingEncoding:NSUTF8StringEncoding] AES256EncryptWithKey:@"superSecretPassword"]];
NSData *pData = [[NSData alloc] initWithData:[[password dataUsingEncoding:NSUTF8StringEncoding] AES256EncryptWithKey:@"superSecretPassword"]];
NSString* customURL = [NSString stringWithFormat:@"ekoeko://?U=%@&C=%@", [self formatURLArgumentString:[[[uData.description stringByReplacingOccurrencesOfString:@"<" withString:@""] stringByReplacingOccurrencesOfString:@">" withString:@""] stringByReplacingOccurrencesOfString:@" " withString:@"_"]], [self formatURLArgumentString:[[[pData.description stringByReplacingOccurrencesOfString:@"<" withString:@""] stringByReplacingOccurrencesOfString:@">" withString:@""] stringByReplacingOccurrencesOfString:@" " withString:@"_"]]];
@autoreleasepool { // Release encripted data. Important!
uData = nil;
pData = nil;
}
[[UIApplication sharedApplication] openURL:[NSURL URLWithString:customURL]];
}
#pragma mark - Decrypt Methods
-(NSString *) decryptStringFromDataDescription: (NSString *) description{
return [[NSString alloc] initWithData:[[[NSData data] getNSDataFromNSDataDescription:description] AES256DecryptWithKey:@"superSecretPassword"] encoding:NSUTF8StringEncoding];
}
-(NSString *) decryptStringFromData: (NSData *) data{
return [[NSString alloc] initWithData:[data AES256DecryptWithKey:@"superSecretPassword"] encoding:NSUTF8StringEncoding];
}
#pragma mark - Helper Methods
-(NSString*) formatURLArgumentString:(NSString*) theString{
NSMutableCharacterSet * URLQueryPartAllowedCharacterSet; // possibly defined in class extension ...
// ... and built in init or on first use
URLQueryPartAllowedCharacterSet = [[NSCharacterSet URLQueryAllowedCharacterSet] mutableCopy];
[URLQueryPartAllowedCharacterSet removeCharactersInString:@"&+=?"]; // %26, %3D, %3F
// then escape variables in the URL, such as values in the query and any fragment:
NSString * escapedValue = [theString stringByAddingPercentEncodingWithAllowedCharacters:URLQueryPartAllowedCharacterSet];
//[self.delegate logString: [NSString stringWithFormat:@"%@ --> %@", theString, escapedValue]];
return escapedValue;
}
@end
我可以在这里看到用于加密用户名/密码字符串NSData的代码(请参阅AES256EncryptWithKey,不要担心我将在生产中使用更好的加密密码):
// NSData+AESCrypt.m
#import "NSData+AESCrypt.h"
#import <CommonCrypto/CommonCryptor.h>
static char encodingTable[64] =
{
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P',
'Q','R','S','T','U','V','W','X','Y','Z','a','b','c','d','e','f',
'g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v',
'w','x','y','z','0','1','2','3','4','5','6','7','8','9','+','/'
};
@implementation NSData (AESCrypt)
- (NSData *)AES256EncryptWithKey:(NSString *)key{
// 'key' should be 32 bytes for AES256, will be null-padded otherwise
char keyPtr[kCCKeySizeAES256 + 1]; // room for terminator (unused)
bzero( keyPtr, sizeof( keyPtr ) ); // fill with zeroes (for padding)
// fetch key data
[key getCString:keyPtr maxLength:sizeof( keyPtr ) encoding:NSUTF8StringEncoding];
NSUInteger dataLength = [self length];
//See the doc: For block ciphers, the output size will always be less than or
//equal to the input size plus the size of one block.
//That's why we need to add the size of one block here
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc( bufferSize );
size_t numBytesEncrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt( kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
keyPtr, kCCKeySizeAES256,
NULL /* initialization vector (optional) */,
[self bytes], dataLength, /* input */
buffer, bufferSize, /* output */
&numBytesEncrypted );
@autoreleasepool {
key = nil;
}
if( cryptStatus == kCCSuccess )
{
//the returned NSData takes ownership of the buffer and will free it on deallocation
return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
}
free( buffer ); //free the buffer
return nil;
}
- (NSData *)AES256DecryptWithKey:(NSString *)key{
// 'key' should be 32 bytes for AES256, will be null-padded otherwise
char keyPtr[kCCKeySizeAES256+1]; // room for terminator (unused)
bzero( keyPtr, sizeof( keyPtr ) ); // fill with zeroes (for padding)
// fetch key data
[key getCString:keyPtr maxLength:sizeof( keyPtr ) encoding:NSUTF8StringEncoding];
NSUInteger dataLength = [self length];
//See the doc: For block ciphers, the output size will always be less than or
//equal to the input size plus the size of one block.
//That's why we need to add the size of one block here
size_t bufferSize = dataLength + kCCBlockSizeAES128;
void *buffer = malloc( bufferSize );
size_t numBytesDecrypted = 0;
CCCryptorStatus cryptStatus = CCCrypt( kCCDecrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding,
keyPtr, kCCKeySizeAES256,
NULL /* initialization vector (optional) */,
[self bytes], dataLength, /* input */
buffer, bufferSize, /* output */
&numBytesDecrypted );
@autoreleasepool {
key = nil;
}
if( cryptStatus == kCCSuccess )
{
//the returned NSData takes ownership of the buffer and will free it on deallocation
return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];
}
free( buffer ); //free the buffer
return nil;
}
# pragma mark -
-(NSData*) getNSDataFromNSDataDescription:(NSString*) dataDescription{
const char *ptr = [dataDescription cStringUsingEncoding:NSUTF8StringEncoding];
NSMutableData *encryptedData = [NSMutableData data];
while (*ptr) {
unsigned char c1 = *ptr;
ptr++;
if (isalpha(c1))
c1 = (10 + c1 - 'a')<<4;
else if (isnumber(c1))
c1 = (c1 - '0')<<4;
else
continue;
if (!*ptr)
break; // Shouldn't occure -- bad input
unsigned char c2 = *ptr;
ptr++;
if (isalpha(c2))
c2 = 10 + c2 - 'a';
else if (isnumber(c2))
c2 = c2 - '0';
c1 = c1 | c2;
[encryptedData appendBytes:&c1 length:1];
}
return encryptedData;
}
#pragma mark -
+ (NSData *)dataWithBase64EncodedString:(NSString *)string
{
return [[NSData allocWithZone:nil] initWithBase64EncodedString:string];
}
- (id)initWithBase64EncodedString:(NSString *)string
{
NSMutableData *mutableData = nil;
if( string )
{
unsigned long ixtext = 0;
unsigned long lentext = 0;
unsigned char ch = 0;
unsigned char inbuf[4], outbuf[3];
short i = 0, ixinbuf = 0;
BOOL flignore = NO;
BOOL flendtext = NO;
NSData *base64Data = nil;
const unsigned char *base64Bytes = nil;
// Convert the string to ASCII data.
base64Data = [string dataUsingEncoding:NSASCIIStringEncoding];
base64Bytes = [base64Data bytes];
mutableData = [NSMutableData dataWithCapacity:base64Data.length];
lentext = base64Data.length;
while( YES )
{
if( ixtext >= lentext ) break;
ch = base64Bytes[ixtext++];
flignore = NO;
if( ( ch >= 'A' ) && ( ch <= 'Z' ) ) ch = ch - 'A';
else if( ( ch >= 'a' ) && ( ch <= 'z' ) ) ch = ch - 'a' + 26;
else if( ( ch >= '0' ) && ( ch <= '9' ) ) ch = ch - '0' + 52;
else if( ch == '+' ) ch = 62;
else if( ch == '=' ) flendtext = YES;
else if( ch == '/' ) ch = 63;
else flignore = YES;
if( ! flignore )
{
short ctcharsinbuf = 3;
BOOL flbreak = NO;
if( flendtext )
{
if( ! ixinbuf ) break;
if( ( ixinbuf == 1 ) || ( ixinbuf == 2 ) ) ctcharsinbuf = 1;
else ctcharsinbuf = 2;
ixinbuf = 3;
flbreak = YES;
}
inbuf [ixinbuf++] = ch;
if( ixinbuf == 4 )
{
ixinbuf = 0;
outbuf [0] = ( inbuf[0] << 2 ) | ( ( inbuf[1] & 0x30) >> 4 );
outbuf [1] = ( ( inbuf[1] & 0x0F ) << 4 ) | ( ( inbuf[2] & 0x3C ) >> 2 );
outbuf [2] = ( ( inbuf[2] & 0x03 ) << 6 ) | ( inbuf[3] & 0x3F );
for( i = 0; i < ctcharsinbuf; i++ )
[mutableData appendBytes:&outbuf[i] length:1];
}
if( flbreak ) break;
}
}
}
self = [self initWithData:mutableData];
return self;
}
#pragma mark -
- (NSString *)base64Encoding
{
return [self base64EncodingWithLineLength:0];
}
- (NSString *)base64EncodingWithLineLength:(NSUInteger)lineLength
{
const unsigned char *bytes = [self bytes];
NSMutableString *result = [NSMutableString stringWithCapacity:self.length];
unsigned long ixtext = 0;
unsigned long lentext = self.length;
long ctremaining = 0;
unsigned char inbuf[3], outbuf[4];
unsigned short i = 0;
unsigned short charsonline = 0, ctcopy = 0;
unsigned long ix = 0;
while( YES )
{
ctremaining = lentext - ixtext;
if( ctremaining <= 0 ) break;
for( i = 0; i < 3; i++ )
{
ix = ixtext + i;
if( ix < lentext ) inbuf[i] = bytes[ix];
else inbuf [i] = 0;
}
outbuf [0] = (inbuf [0] & 0xFC) >> 2;
outbuf [1] = ((inbuf [0] & 0x03) << 4) | ((inbuf [1] & 0xF0) >> 4);
outbuf [2] = ((inbuf [1] & 0x0F) << 2) | ((inbuf [2] & 0xC0) >> 6);
outbuf [3] = inbuf [2] & 0x3F;
ctcopy = 4;
switch( ctremaining )
{
case 1:
ctcopy = 2;
break;
case 2:
ctcopy = 3;
break;
}
for( i = 0; i < ctcopy; i++ )
[result appendFormat:@"%c", encodingTable[outbuf[i]]];
for( i = ctcopy; i < 4; i++ )
[result appendString:@"="];
ixtext += 3;
charsonline += 4;
if( lineLength > 0 )
{
if( charsonline >= lineLength )
{
charsonline = 0;
[result appendString:@"\n"];
}
}
}
return [NSString stringWithString:result];
}
#pragma mark -
- (BOOL)hasPrefixBytes:(const void *)prefix length:(NSUInteger)length
{
if( ! prefix || ! length || self.length < length ) return NO;
return ( memcmp( [self bytes], prefix, length ) == 0 );
}
- (BOOL)hasSuffixBytes:(const void *)suffix length:(NSUInteger)length
{
if( ! suffix || ! length || self.length < length ) return NO;
return ( memcmp( ((const char *)[self bytes] + (self.length - length)), suffix, length ) == 0 );
}
// This is the main class in App B
-(void) appLoadedThroughURLWithQuery: (NSString*) query{
// Populate sign in fields with that and try to login
if(_initialLoad || _activeViewController == theSignInVC){
LaunchEkoApp *launcher = [[LaunchEkoApp alloc] init];
[_signInVC autoLoginUserWithUsername:[launcher decryptStringFromDataDescription:[NSString stringWithFormat:@"<%@>", [[[query substringToIndex:[query rangeOfString:@"&"].location] stringByReplacingOccurrencesOfString:@"U=" withString:@""] stringByReplacingOccurrencesOfString:@"_" withString:@" "]]] password:[launcher decryptStringFromDataDescription:[NSString stringWithFormat:@"<%@>", [[[query substringFromIndex:[query rangeOfString:@"&"].location+1] stringByReplacingOccurrencesOfString:@"C=" withString:@""] stringByReplacingOccurrencesOfString:@"_" withString:@" "]]]];
@autoreleasepool {
launcher = nil;
}
}
// Get username/credential
//NSString *credential = [[NSString alloc] initWithData:[[self getNSDataFromNSDataDescription:[NSString stringWithFormat:@"<%@>", [[[query substringFromIndex:[query rangeOfString:@"&"].location+1] stringByReplacingOccurrencesOfString:@"C=" withString:@""] stringByReplacingOccurrencesOfString:@"_" withString:@" "]]] AES256DecryptWithKey:@"superSecretPassword"] encoding:NSUTF8StringEncoding];;
//NSString *username = [[NSString alloc] initWithData:[[self getNSDataFromNSDataDescription:[NSString stringWithFormat:@"<%@>", [[[query substringToIndex:[query rangeOfString:@"&"].location] stringByReplacingOccurrencesOfString:@"U=" withString:@""] stringByReplacingOccurrencesOfString:@"_" withString:@" "]]] AES256DecryptWithKey:@"superSecretPassword"] encoding:NSUTF8StringEncoding];
@autoreleasepool {
query = nil;
}
}
这总结了我的代码。您认为这是在应用程序之间传输信息的安全方式吗?
其他说明:
我打算将LaunchEkoApp和NSData + AESCrypt代码捆绑到一个库中,以避免篡改我的秘密加密密码。我认为加密的缓冲区正在释放,因为我杀死了autoreleasepools中的启动器对象。我没有在任何地方保存最终的用户名/密码字符串,只是暂时将它们分配给属于_signInVC的某些文本字段(它们不可公开访问,并且一旦用户使用它们或应用程序就将其文本设置为nil到背景)。
答案 0 :(得分:0)
如果没有彻底了解加密原语及其安全使用,几乎没有机会获得正确的安全性,您可以做的最好的事情就是使用RNCryptor,它可以正确地完成所需的一切。
安全很难弄清楚,至少让加密领域专家咨询并审核加密方法和代码。