Cookies-take you up those years crawl the RSA Pit IOS RAS encryption and communication issues with. NET

Background

First of all, we've been working on an app lately, but our data interactions are clear text =-= This is what Le, the idiot also know to encrypt a bit. But encryption also has the problem of symmetric encryption, you can understand the application to crack. Therefore, asymmetric encryption is used and each app generates a different RSA key pair.

Preliminary implementation

Implementing RSA encryption on top of iOS is not difficult because iOS has the security.framework of OpenSSL and the system comes with it. I chose OpenSSL here because I am more lazy =-= found that someone else has written a direct use of Bai. Security.framework actually also good, is I do not know how to use.

Preliminary interview with OpenSSL RSA

Demo Address
This one was written by a person on GitHub and implemented the RSA encryption of OpenSSL.

Problem

1. The public key code generated using OpenSSL on iOS is X509, and our server is using the. NET's (. NET encoding is pkcs#8) PS: (←. ←) I do not know right, these days Baidu's results are Jiangzi,
. NET and Java (Android) RSA communication can refer to this address, I personally summarize that Java support centralized different encoding format, so the Java communication problem is not very
2. How to convert different certificates

Process

1. First find out how to make two generated ciphertext, but found that there is paddingPKCS1 this kind of thing must not (declared failure)
2. Find a way to generate a pkcs#8 key pair (I tried some OpenSSL command line, but the final key pair to the app generated, so did not continue, also declared failed)
3..NET server uses OpenSSL to solve the problem (but if so, Android needs to be modified, so announced to give up)
4. Convert the key pair encoding (in fact, I also found iOS and Java communication, and so on, I do not elaborate)

This detour is actually very long, I summed up a few points, but the history of a day time ...

I'll talk about the last point. There must be a friend who asked me how I found the difference between the two key pairs.
Don't worry, we'll continue after the ad.

Solve the problem

First of all, I suggest you download the GitHub code, which is easy to understand.
Once you run the program, you will find Publickey.pem and PRIVATEKEY.PEM under your iphone emulator directory.
We need to give publickey to the server, so he encrypted things, only I this privatekey can solve, these principles I do not do more explanation.

And then we open the PublicKey.

     /*     This return value based on the key that generated by openssl.     -----BEGIN RSA PUBLIC KEY-----     MIGHAoGBAOp5TLclpWCaNDzHYPfB26SLmS8vlSXH4PyKopz5OS5Vx994FBQQLwv9     2pIJQsBk09egrL0gbASK1VCwDt0MmaiyrNFl/xaEzB/VOvjoojBUzMMIca9fKmx5     GAzSbSP7we64dhvrziuuNVTuM/e2XSa2skKFHMI0bCq4+pNYhvRhAgED     -----END RSA PUBLIC KEY-----     */

Then let's look at the source code

-(nsstring*) publickeybase64{nsfilemanager *fm = [Nsfilemanager Defaultmanager]; If ([FM fileexistsatpath:opensslrsapublickeyfile]) {    NSString *str = [NSString stringwithcontentsoffile:o　　Pensslrsapublickeyfile encoding:nsutf8stringencoding Error:nil];　　    NSData *data = [self publickeybitswithstring:[[str componentsseparatedbystring:@ "-----"] [objectatindex:2]];　　    return [data base64encodedstring]; } return nil;}      

Here we see OpenSSL Base64 the entire certificate file, yes, it's true.

I was detours here at first, and I thought it was a key mistake. In fact, OpenSSL correct publickey turn nsdata after the size must be 162, if you are only one of those (no----* * * * * * * * * * * * * * *) is 140.
My colleague found a conversion process while looking at the source code of Openssl.net, and then I looked at the. Net-side code as follows
Can read. NET or do not understand. NET should be able to see the very simple code.

So I spared such a big bend, you should see the next is to deal with, so let PublicKey into 128-"pkcs#8 standard code, according to. Net of OpenSSL code translation next

if ((unsigned long) [NSData datawithbase64encodedstring:wrapper.publickeybase64].length<162) {    NSLog (@ " The public key is not properly formatted! ");    return;} else{    //Remove. NET can be used by PubKey    nsdata *keydata=[NSData dataWithBase64EncodedString:wrapper.publicKeyBase64];    NSData * Newkeydata =[keydata subdatawithrange:nsmakerange (+)]; NSLog (@ "newpubkey:%@", [Newkeydata base64encodedstring]);}      

Summary

This is my processing process =-= This is the pit of this RSA is the real pit ah, I do not see the server code must not come out, because the local encryption and decryption are OK, alas, so this thing tells us, look at the problem must be seen from many aspects, And you can't just look at what you have on hand to find information from multiple sources. But this time, too, because I would. NET so I'd want to go and have a look.
This pit is a record of hope that we can help.
This is a period of time before the pit of a thing, found on the Internet can not find information ancient left this article ...

I also have a hole in AES can see my personal blog, of course, I will also update here ~

Cookies-take you up those years crawl the RSA Pit IOS RAS encryption and communication issues with. NET