Using the SHA1WITHRSA algorithm to sign the source code under iOS

Last Update:2016-05-04 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

First of all, to understand a few related concepts to facilitate the resolution of the problems encountered Later: RSA Algorithm: 1977 by Ron rivest, Adi Shamirh and Lenadleman invented, RSA is taken from the names of their three people. The algorithm is based on a number theory: it is easy to multiply two large primes, but it is very difficult to factorization the results of this product, so the product can be exposed as a public key. This algorithm is capable of resisting all known password attacks. RSA algorithm is an asymmetric algorithm, the algorithm needs a pair of keys, using one of the encryption, you need to use another to Decrypt. When we are doing RSA encrypted communication, we put the public key on the client, the private key is left on the Server. PEM: since using RSA requires a pair of keys, of course we have to use tools to generate such a pair of keys First. Under linux, unix, the simplest and most convenient is to use the OpenSSL command line. Der and Pem are the two file formats that can be selected for the generated key. Der is the abbreviation of Distinguished Encoding rules, which is an information transmission grammar rule, defined in the ITU x.690. On the iOS side, our public key needs to be in such a format that we can get from certificate, key, and Trust Services Reference is seen in the description of the data parameter of the Seccertificatecreatewithdata function of this document. The PEM format is a format that encapsulates der, and he simply base64 the contents of Der and adds a Tail-to-kinsoku Description. The OpenSSL command line is output by default in Pem format, and to be able to be used under ios, we need to specify that der or Mr. to PEM and then convert der. And those keystore,pkcs,p7b,p12. introduction to iOS client encryption and decryption first we need to import security.framework, in ios, we focus on four functions <ul> <ul> <li> <ul> <li>seckeyencrypt: Encrypting data with a public key</li> <li>Seckeydecrypt: Decrypting data with the private key</li> <li>seckeyrawverify: Use the public key to validate digital signatures and data to verify the source legitimacy of the Data. What is the digital signature, can refer to Baidu encyclopedia this article?</li> <li>seckeyrawsign: Digest The data with the private key and generate a digital signature</li> </ul>RSA algorithm has 2 functions one is to encrypt one is to add a SIGN. From these functions, we can see that the first is to use the public key to encrypt the data on the client side, and to decrypt the server with the private key.The second is to use the private key to sign the client, and then use the public key to verify the public key on the server Side. The first is purely for encryption, the second is to deny, to prevent others from impersonating our client to attack our servers, resulting in paralysis.</li> </ul> </ul>1.RSA Encryption Decryption: (1) get the key, here is the generated key, the actual application can be read from the various storage media key (2) encryption (3) decryption 2.RSA Signing and verification (1) get the key, here is the generated key, the actual application can read the key from a variety of storage media (2) to be signed hash code (3) get the signed string (4) authentication3. Understanding of public and private keys: (1) The private key is used for decryption and Signature. (2) the public key is disclosed by me, used for encrypting and verifying the signature, which is for Others. (3) when the user sends a file, signed with a private key, someone else uses the public key he gave to verify the signature, can guarantee that the information is sent by Him. When the user accepts the file, someone else encrypts it with his public key, and he decrypts it with the private key, which guarantees that the information can only be received by Him.First Add header file#import <CommonCrypto/CommonDigest.h>#import <CommonCrypto/CommonCryptor.h>#import <Security/Security.h>#import "nsdata+base64.h"#define KCHOSENDIGESTLENGTH cc_sha1_digest_length//SHA-1 The data bits of the message digest 160 bits<pre>-(nsdata *) gethashbytes: (nsdata *) PlainText {cc_sha1_ctx CTX; uint8_t* Hashbytes =NULL; NSData* Hash =nil; //Malloc A buffer to hold Hash. Hashbytes = malloc (kchosendigestlength *sizeof(uint8_t)); Memset ((voidvoid*) hashbytes,0x0, kchosendigestlength); //Initialize the Context. Cc_sha1_init (&ctx); //Perform the Hash. Cc_sha1_update (&ctx, (voidvoid *) [plaintext bytes], [plaintext length]); //Finalize the Output. Cc_sha1_final (hashbytes, &ctx); //Build up the SHA1 blob. hash = [nsdata Datawithbytes: (ConstVoidvoid *) hashbytes length: (nsuinteger) kchosendigestlength]; if(hashbytes) Free (hashbytes); returnhash; }</pre><pre>-(nsstring *) Signthedatasha1withrsa: (nsstring *) PlainText {uint8_t* Signedbytes =NULL; size_t signedbytessize=0; Osstatus Sanitycheck=noErr; NSData* Signedhash =nil; NSString* Path = [[nsbundle mainbundle]pathforresource:@"KeyStore"OfType:@"P12"]; NSData* data =[nsdata datawithcontentsoffile:path]; Nsmutabledictionary* options = [[nsmutabledictionary alloc] init];//Set the private key to query Dictionary. [options setobject:@"the password for your p12 file"Forkey: (ID) ksecimportexportpassphrase]; Cfarrayref Items= Cfarraycreate (NULL,0,0, NULL); Osstatus Securityerror= Secpkcs12import (cfdataref) data, (cfdictionaryref) options, &items); if(securityerror!=NoErr) { returnnil; } cfdictionaryref identitydict= Cfarraygetvalueatindex (items,0); Secidentityref Identityapp=(secidentityref) Cfdictionarygetvalue (identitydict,ksecimportitemidentity); Seckeyref Privatekeyref=nil; Secidentitycopyprivatekey (identityapp,&privatekeyref); Signedbytessize=seckeygetblocksize (privatekeyref); NSData*plaintextbytes =[plaintext datausingencoding:nsutf8stringencoding]; Signedbytes= malloc (signedbytessize *sizeof(uint8_t));//Malloc A buffer to hold Signature. memset (voidvoid *) signedbytes,0x0, signedbytessize); Sanitycheck=seckeyrawsign (privatekeyref, ksecpaddingpkcs1sha1, (Constuint8_t *) [[self gethashbytes:plaintextbytes] bytes], kchosendigestlength, (uint8_t*) signedbytes,&signedbytessize); if(sanitycheck = =NoErr) {signedhash= [nsdata Datawithbytes: (ConstVoidvoid *) signedbytes length: (nsuinteger) signedbytessize]; } Else { returnnil; } if(signedbytes) {free (signedbytes); } nsstring*signatureresult=[nsstring stringwithformat:@"%@", [signedhash base64encodedstring]]; returnsignatureresult; } </pre><pre>-(seckeyref) getpublickey{nsstring*certpath = [[nsbundle mainbundle] pathforresource:@"KeyStore"OfType:@"p7b"]; Seccertificateref mycertificate=nil; NSData*certificatedata =[[nsdata alloc] initwithcontentsoffile:certpath]; Mycertificate=seccertificatecreatewithdata (kcfallocatordefault, (cfdataref) certificatedata); Secpolicyref MyPolicy=SecPolicyCreateBasicX509 (); Sectrustref mytrust; Osstatus Status= Sectrustcreatewithcertificates (mycertificate,mypolicy,&mytrust); Sectrustresulttype trustresult; if(status = =NoErr) {status= Sectrustevaluate (mytrust, &trustresult); } returnSectrustcopypublickey (mytrust); } -(nsstring *) Rsaencrypotothedata: (nsstring *) plaintext {seckeyref publickey=nil; PublicKey=[self getpublickey]; size_t cipherbuffersize=seckeygetblocksize (publickey); uint8_t*cipherbuffer =NULL; Cipherbuffer= malloc (cipherbuffersize *sizeof(uint8_t)); Memset ((voidvoid*) cipherbuffer,0*0, cipherbuffersize); NSData*plaintextbytes =[plaintext datausingencoding:nsutf8stringencoding]; intBlockSize = cipherbuffersize- one;//This place is more important is the encryption asked the team leader degree intNumblock = (int) Ceil ([plaintextbytes length]/(Double) blockSize); Nsmutabledata*encrypteddata =[[nsmutabledata alloc] init]; for(intI=0; i<numblock; i++) { intbuffersize = MIN (blocksize,[plaintextbytes length]-i*blockSize); NSData*buffer = [plaintextbytes Subdatawithrange:nsmakerange (i *blockSize, buffersize)]; Osstatus Status=Seckeyencrypt (publickey, kSecPaddingPKCS1, (Constuint8_t *) [buffer bytes], [buffer length], C ipherbuffer,&cipherbuffersize); if(status = =NoErr) {nsdata*encryptedbytes =[[[ nsdata alloc] initwithbytes: (ConstVoidvoid *) Cipherbuffer length:cipherbuffersize] autorelease]; [encrypteddata appenddata:encryptedbytes]; } Else { returnnil; } } if(cipherbuffer) {free (cipherbuffer); } nsstring*encrypotoresult=[nsstring stringwithformat:@"%@", [encrypteddata base64encodedstring]]; returnencrypotoresult; } </pre>Related Links:Using the SHA1WITHRSA algorithm to sign the source code under iOSEncrypt and decrypt data using RSA in iOSUsing RSA algorithm encryption with Java background decryption with demo under iOSandroid, iOS and Server-side PHP use RSA encryption to decrypt communicationsusing the SHA1WITHRSA algorithm to sign the source code under iOSRSA implementations in Objective CUsing the SHA1WITHRSA algorithm to sign the source code under iOS

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

Using the SHA1WITHRSA algorithm to sign the source code under iOS

Contact Us

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support