Asymmetric encryption algorithm

Source: Internet
Author: User
Tags decrypt openssl rsa openssl x509 asymmetric encryption


    • Asymmetric encryption algorithm requires two keys: public key (PublicKey) and private key (Privatekey)
    • Public key and private key is a pair, if the data encrypted with public key, only with the corresponding private key to decrypt, if the private key to encrypt the data, then only with the corresponding public key to decrypt


    • The algorithm strength is complex, the security relies on the algorithm and the key
    • Slow encryption and decryption speed

Comparison with symmetric encryption algorithms

    • Symmetric encryption has only one key and is private, and if you want to decrypt it, you have to let the other person know the key.
    • Asymmetric key schemes have two keys, one of which is public

principles of RSA algorithm

    1. find two "very large" prime numbers: P & Q
      • n = P * Q
      • m = (p–1) * (q–1)
    2. find integer e,e with M coprime, that is, except 1, there are no more conventions
    3. Find the integer d so that E D divided by M + 1, i.e. (E D)% m = 1
    4. after this preparation, you can get:
      • e is a public key, responsible for encrypting
      • d is the private key, Responsible for decrypting
      • n responsible for connection between public and private keys
    5. encryption algorithm, assuming X is encrypted
      • (X ^ E)% N = Y
    6. decryption algorithm, according to Fermat small definition, you can use the following formula to complete the decryption
      • (Y ^ D)% N = X

Code Walkthrough

Cryptortools *tools = [[Cryptortools alloc] init];

1. Load Public key

NSString *pubpath = [[nsbundle Mainbundle] Pathforresource:@ "Rsacert.der" ofType:Nil] ;

[Tools Loadpublickeywithfilepath:pubpath];

2. Encrypt content with public key encryption, maximum length 117

NSString *result = [Tools rsaencryptstring:@ " Abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghi "];

NSLog(@ "RSA encryption%@", result);

3. Load the private key and specify the password to be set when exporting P12

NSString *privatepath = [[nsbundle Mainbundle] Pathforresource:@ "P.P12" OfType:Nil ];

[Tools Loadprivatekey:privatepath Password:@ "123"];

4. Decrypting with a private key

NSLog(@ "decryption result%@", [Tools Rsadecryptstring:result]);

IOS related functions




Encrypting data with a public key


Decrypting data with the private key


Verifying a digital signature with a public key


Generating a digital signature using the private key

Application Scenarios

Because the RSA algorithm's encryption and decryption speed is much slower than the symmetric algorithm, in the actual application, usually takes:

    • Encrypted decryption of the data itself using symmetric encryption Algorithm (AES)
    • encrypting and transmitting the key required by the symmetric algorithm using the RSA algorithm

OpenSSL Terminal Test Commands

Program Development Certificate Generation

# Generate private key

$ OpenSSL genrsa-out Private.pem 1024x768

# Create a certificate request

$ OpenSSL req-new-key private.pem-out RSACERT.CSR

# Generate certificate and sign, valid for 10 years

$ OpenSSL x509-req-days 3650 -in rsacert.csr-signkey private.pem-out rsacert.crt

# conversion format-Convert PEM format files to DER format

$ OpenSSL x509-outform der-in rsacert.crt-out Rsacert.der

# Export P12 File

$ OpenSSL pkcs12-export-out p.p12-inkey private.pem-in rsacert.crt

In Apple development, you cannot directly use a certificate in PEM format

    • DER files are binary data files before the BASE of the CRT files are decoded
    • The default generated by OpenSSL is a PEM -formatted certificate (BASE64 encoded text file)

Digital signatures

    • Sending party
      • Message HASH to be reported digest to
      • Public key encryption (digital signature) + message
      • Sent to the receiving party
    • Receiving party
      • Message HASH to be reported digest to
      • the decryption of digital signature with private key is the same as the paper Digest

OpenSSL Generate key Walkthrough

Private Key & Public key

# The build strength is 512 RSA private key

$ OpenSSL genrsa-out Private.pem

# Output private key contents in clear text

$ OpenSSL rsa-in private.pem-text-out private.txt

# Verify the private key file

$ OpenSSL rsa-in Private.pem-check

# Extract the public key from the private key

$ OpenSSL rsa-in private.pem-out public.pem-outform pem-pubout

# Output Public key content in clear text

$ OpenSSL rsa-in public.pem-out Public.txt-pubin-pubout-text

Encryption & Decryption

# Encrypt small files with public keys

$ OpenSSL rsautl-encrypt-pubin-inkey public.pem-in msg.txt-out msg.bin

# Decrypt small files with private key

$ OpenSSL rsautl-decrypt-inkey private.pem-in msg.bin-out a.txt

Format conversion

# Convert private key to DER format

$ OpenSSL rsa-in private.pem-out Private.der-outform der

# Convert the public key into DER format

$ OpenSSL rsa-in public.pem-out Public.der-pubin-outform der


    • Public-key Cryptography Standards (PKCS) is a set of public key cryptography standards developed by RSA Data Security Inc. and its partners, including certificate requests, certificate updates, certificate deprecation table publishing, extended certificate content, and digital signatures, A series of related protocols on the format of digital envelopes

PKCS protocol




define RSA public key algorithm encryption and signing mechanism, mainly used for organization Pkcs#7 Digital signatures and digital envelopes described in (specifically used for encryption/decryption)


describes the private key information format, This information includes the private key of the public key algorithm and an optional set of attributes (Java use)


describes the grammar standard for personal information exchange. Describes the syntax for packaging user public keys, private keys, certificates, and other related information (Apple uses)

Asymmetric Encryption algorithm

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.