Encryption in iOS and iOS

Encryption in iOS and iOS

Encryption Method in iOS

1 encryption methods include Base64, MD5, RSA, DES, AES, key string storage, and Cookie

2 Comparison of encryption methods

2.1 Base64

2.1.1 basic principle: 64 basic ASCII values are used to re-encode the data.

2.1.2 implementation steps

> Split the data to be encoded into byte arrays.

> 3 bytes as a group

> Sort the 24-bit data in order and divide the 24-bit data into four groups.

> Add two zeros before the highest bit in each group, which is called a byte.

> Enter 0 at the end when the last byte is insufficient.

> Add one to two equal signs at the end of the last encoding.

Note: Base64 characters include uppercase/lowercase letters a-z, 0-9, and/

Base64 encryption can also be decrypted

2.2 MD5 (digital signature)

2.2.1 principle: convert any byte string to a long integer of a specific length.

Note: conversion is to convert byte strings instead of strings.

Remember: MD5 encryption cannot be decrypted. Therefore, when you use an MD5 encryption program for password verification, you only need to verify the encrypted string comparison without knowing your password.

2.2.2 usage

> The procedure is simple, but MD5 encryption is not secure.

> MD5 salt adding: the so-called salt value is a string, which is encrypted after the user's password and salt value are spliced.

> Timestamp/dynamic password: that is, encryption is performed after the time and password are combined during MD5 encryption. Therefore, the same encryption method can be implemented, the same password and other encrypted values are different.

Note: Timestamp/dynamic password encryption requires the same time on the client and server.

> Implementation steps of Timestamp/dynamic password encryption: first, use hmac MD5 encryption for the first time. second, splice the encrypted value with the string of the current time. finally, encrypt the spliced value with hmac MD5 again.

After the server receives the password, it must calculate the current time and compare the value of the previous minute with the password.

2.3 DES

2.3.1 principle: it is a grouping encryption algorithm that encrypts data in 64-bit groups. DES is also a symmetric encryption algorithm (the same algorithm is used for encryption and decryption ). its key length is 56 bits (each 8th bits are used for parity check). The key can be any 56 bits and can be changed at will.

Supplement:

DES performs operations on 64 (bit)-bit plaintext group M. M is replaced by an initial replacement IP address to m0, And the m0 plaintext is divided into the left half and right half by m0 = (L0, r0), each 32-bit long. Then perform 16 identical operations. These operations are called function f, which combines data with keys during the operation. After 16 rounds, the left and right parts are combined and replaced by a last replacement. In each round, the key is shifted, and then 48 digits are selected from the 56 digits of the key. By using an extended replacement, the right half of the data is extended to 48 bits, and a new 32-bit data is replaced by an exclusive or operation. These four operations constitute function f. Then, through another XOR operation, the output of function f is combined with the left half, and the result is the new right half. The original right half is the new left half. Repeat this operation 16 times to implement it.

Decryption process: After all replacement, replacement, exclusive or box loop, you may think that the decryption algorithm is completely different from the encryption algorithm. On the contrary, after a variety of carefully selected operations, a very useful nature is obtained: encryption and decryption use the same algorithm. The only difference between DES encryption and decryption is that keys are in the opposite order. If each round of encryption keys is K1, K2, K3 .... K16: the decryption key is K16, K15, K14... K1

2.4 Key string storage (SSKeychain third-party framework)

2.4.1 usage principle: the plaintext password can be directly written into the key string.

Note: The password to be written is a identifier to facilitate password removal.

Cookie 2.5

2.5.1 is a network information block used to store information

2.5.2 The Cookie will automatically log on and send user data to the server.

Note: The Cookie information is stored in NSHTTPCookieStorage.

2.6 AES

2.6.1 principle: it is a symmetric encryption algorithm. the length of DES encryption is extended. AES has three key lengths: 128,192,256 bits. the AES algorithm mainly includes three aspects: wheel change, number of circles, and key extension.

Specific principle: http://blog.sina.com.cn/s/blog_4b957026010006kf.html

2.6.2 first obtain the string to be encrypted

Second, encryption (in the AESCrypt class)

2.7 RSA

2.7.1 principle: it is an asymmetric encryption method that requires two public keys and private keys. the public key and the private key are a pair. If you use the public key for encryption, you can only use the private key for decryption. If you use the private key for encryption, you can only use the public key for decryption for a long time.

Workflow: the receiver obtains a pair of keys and sends one of them to the sender. The sender encrypts the key sent by the receiver and then sends the password to the receiver, since one key can only be decrypted by another key, and the other key is not sent in the recipient's hand over the network, it can be very secure.

2.7.2 to obtain the public key and private key:

> Find two large prime numbers: A and B.

> C = A * B

> D = (A-1) * (B-1)

> Finds the interconnectivity between integers E and D.

> Locate the integer F so that the remainder of E * F/D is 1.

> After calculation, E is the public key, and F is the private key.

> N is responsible for the relationship between the public key and the private key. The formula is as follows (encrypt X)

Encryption: (X ^ E) % N = Y

Decryption: (Y ^ E) % N = X