我想使用RSA加密字符串密码。 但是我正在使用的函数正在生成SecKey数据类型的公钥,这不是我所需要的,因为我从服务器响应中获取的String为String。 我使用了许多库,但也使用了相同的库,生成了公共密钥SecKey。 课堂上的风箱表明我的意思 我想更改功能 func cryptoBase64(文本:字符串,secKey:SecKey)->字符串{使其类似于 func cryptoBase64(文本:字符串,publicKey:字符串)->字符串{
类RSAWrapper { private var publicKey:SecKey? 私人var privateKey:SecKey吗?
func generateKeyPair(keySize: UInt, privateTag: String, publicTag: String) -> Bool {
self.publicKey = nil
self.privateKey = nil
if (keySize != 512 && keySize != 1024 && keySize != 2048) {
// Failed
print("Key size is wrong")
return false
}
let publicKeyParameters: [NSString: AnyObject] = [
kSecAttrIsPermanent: true as AnyObject,
kSecAttrApplicationTag: publicTag as AnyObject
]
let privateKeyParameters: [NSString: AnyObject] = [
kSecAttrIsPermanent: true as AnyObject,
kSecAttrApplicationTag: publicTag as AnyObject
]
let parameters: [String: AnyObject] = [
kSecAttrKeyType as String: kSecAttrKeyTypeRSA,
kSecAttrKeySizeInBits as String: keySize as AnyObject,
kSecPrivateKeyAttrs as String: privateKeyParameters as AnyObject,
kSecPublicKeyAttrs as String: publicKeyParameters as AnyObject
];
let status : OSStatus = SecKeyGeneratePair(parameters as CFDictionary, &(self.publicKey), &(self.privateKey))
return (status == errSecSuccess && self.publicKey != nil && self.privateKey != nil)
}
func encrypt(text: String) -> [UInt8] {
let plainBuffer = [UInt8](text.utf8)
var cipherBufferSize : Int = Int(SecKeyGetBlockSize((self.publicKey!)))
var cipherBuffer = [UInt8](repeating:0, count:Int(cipherBufferSize))
// Encrypto should less than key length
let status = SecKeyEncrypt((self.publicKey)!, SecPadding.PKCS1, plainBuffer, plainBuffer.count, &cipherBuffer, &cipherBufferSize)
if (status != errSecSuccess) {
print("Failed Encryption")
}
return cipherBuffer
}
func decprypt(encrpted: [UInt8]) -> String? {
var plaintextBufferSize = Int(SecKeyGetBlockSize((self.privateKey)!))
var plaintextBuffer = [UInt8](repeating:0, count:Int(plaintextBufferSize))
let status = SecKeyDecrypt((self.privateKey)!, SecPadding.PKCS1, encrpted, plaintextBufferSize, &plaintextBuffer, &plaintextBufferSize)
if (status != errSecSuccess) {
print("Failed Decrypt")
return nil
}
return NSString(bytes: &plaintextBuffer, length: plaintextBufferSize, encoding: String.Encoding.utf8.rawValue)! as String
}
func encryptBase64(text: String, secKey: SecKey) -> String {
let plainBuffer = [UInt8](text.utf8)
var cipherBufferSize : Int = Int(SecKeyGetBlockSize((secKey)))
var cipherBuffer = [UInt8](repeating:0, count:Int(cipherBufferSize))
// Encrypto should less than key length
let status = SecKeyEncrypt((self.publicKey)!, SecPadding.PKCS1, plainBuffer, plainBuffer.count, &cipherBuffer, &cipherBufferSize)
if (status != errSecSuccess) {
print("Failed Encryption")
}
let mudata = NSData(bytes: &cipherBuffer, length: cipherBufferSize)
return mudata.base64EncodedString(options: NSData.Base64EncodingOptions.lineLength64Characters)
}
func decpryptBase64(encrpted: String) -> String? {
let data : NSData = NSData(base64Encoded: encrpted, options: .ignoreUnknownCharacters)!
let count = data.length / MemoryLayout<UInt8>.size
var array = [UInt8](repeating: 0, count: count)
data.getBytes(&array, length:count * MemoryLayout<UInt8>.size)
var plaintextBufferSize = Int(SecKeyGetBlockSize((self.privateKey)!))
var plaintextBuffer = [UInt8](repeating:0, count:Int(plaintextBufferSize))
let status = SecKeyDecrypt((self.privateKey)!, SecPadding.PKCS1, array, plaintextBufferSize, &plaintextBuffer, &plaintextBufferSize)
if (status != errSecSuccess) {
print("Failed Decrypt")
return nil
}
return NSString(bytes: &plaintextBuffer, length: plaintextBufferSize, encoding: String.Encoding.utf8.rawValue)! as String
}
func getPublicKey() -> SecKey? {
return self.publicKey
}
func getPrivateKey() -> SecKey? {
return self.privateKey
}
}
答案 0 :(得分:0)
关键概念是:
服务器作为密钥对
该应用程序也作为密钥对
因此服务器应该知道应用程序的公共密钥,而应用程序应该知道服务器的公共密钥。
当服务器要对应用程序的某些有效载荷进行加密时,服务器会使用应用程序公共进行加密并将其发送给应用程序。应用程序使用应用程序私钥解密有效载荷。
当应用程序想要对服务器的某些有效载荷进行加密时,该应用程序将使用服务器公钥进行加密并将其发送到服务器。服务器使用服务器私钥解密有效负载。
这就是与密钥对进行通信的方式。
在您的情况下,您只需要知道服务器公钥,因为您只需要将内容发送到服务器,而无需生成应用程序密钥对。
Check this link,以便使用服务器公钥进行加密。